diff options
Diffstat (limited to 'main/app/sprinkles/admin/src')
4 files changed, 135 insertions, 15 deletions
diff --git a/main/app/sprinkles/admin/src/Controller/GroupController.php b/main/app/sprinkles/admin/src/Controller/GroupController.php index 2077363..720f12d 100644 --- a/main/app/sprinkles/admin/src/Controller/GroupController.php +++ b/main/app/sprinkles/admin/src/Controller/GroupController.php @@ -692,7 +692,6 @@ class GroupController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { diff --git a/main/app/sprinkles/admin/src/Controller/PostController.php b/main/app/sprinkles/admin/src/Controller/PostController.php index 98bee5a..18efff9 100644 --- a/main/app/sprinkles/admin/src/Controller/PostController.php +++ b/main/app/sprinkles/admin/src/Controller/PostController.php @@ -29,6 +29,48 @@ use Illuminate\Database\Capsule\Manager as DB; class PostController extends SimpleController { + /** + * Gets the feed of the requested user (for non-administrators only own feed allowed) + * + * @param Request $request + * @param Response $response + * @param $args + * @throws BadRequestException + * @throws NotFoundException + */ + public function getFeed(Request $request, Response $response, $args) { + $user = $this->getUserFromParams($args); + + // If the user doesn't exist, return 404 + if (!$user) { + throw new NotFoundException($request, $response); + } + + // Get friends first + $UsersFriends = DB::select("SELECT id FROM (SELECT user_id AS id FROM user_follow WHERE followed_by_id = $user->id UNION ALL SELECT followed_by_id FROM user_follow WHERE user_id = $user->id) t GROUP BY id HAVING COUNT(id) > 1"); + /** @var UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */ + $classMapper = $this->ci->classMapper; + foreach ($UsersFriends as $Key => $UsersFriendId) { // NOT THAT EFFICIENT... + $UsersFriendInformation = $classMapper->createInstance('user')// raw select doesnt work with instance + ->where('id', $UsersFriendId->id) + ->get(); + + $ImagesFromFriends[] = DB::table('image_posts') + ->where('UserID', '=', $UsersFriendInformation[0]->id) + ->value('File'); + } + } + + /** + * Shows the requested image + * + * @param Request $request + * @param Response $response + * @param $args + * @return Response + * @throws ForbiddenException + * @throws NotFoundException + */ public function showImage(Request $request, Response $response, $args) { // check if user is authorized $authorizer = $this->ci->authorizer; @@ -36,7 +78,7 @@ class PostController extends SimpleController if (!$authorizer->checkAccess($currentUser, 'view_image')) { throw new ForbiddenException(); } - $postID = $args['PostID']; + $postID = $args['post_id']; // get filename from database $FileRequestedImage = DB::table('image_posts') @@ -54,6 +96,14 @@ class PostController extends SimpleController } } + /** + * posts a image + * + * @param Request $request + * @param Response $response + * @return Response + * @throws ForbiddenException + */ public function postImage(Request $request, Response $response) { // check if user is authorized $authorizer = $this->ci->authorizer; @@ -82,10 +132,15 @@ class PostController extends SimpleController DB::table('image_posts') ->insert(['UserID' => $currentUser->id, 'File' => $filename]); - $response->write('Uploaded successfully! <br/>'); + return $response->write('Uploaded successfully! <br/>'); } } + /** + * @param $params + * @return mixed + * @throws BadRequestException + */ protected function getUserFromParams($params) { // Load the request schema $schema = new RequestSchema('schema://requests/user/get-by-username.yaml'); @@ -97,7 +152,6 @@ class PostController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { diff --git a/main/app/sprinkles/admin/src/Controller/RoleController.php b/main/app/sprinkles/admin/src/Controller/RoleController.php index e4ebd98..80ac6a0 100644 --- a/main/app/sprinkles/admin/src/Controller/RoleController.php +++ b/main/app/sprinkles/admin/src/Controller/RoleController.php @@ -836,7 +836,6 @@ class RoleController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { @@ -894,7 +893,7 @@ class RoleController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException + // encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php index 3621fbc..52e4d1a 100644 --- a/main/app/sprinkles/admin/src/Controller/UserController.php +++ b/main/app/sprinkles/admin/src/Controller/UserController.php @@ -46,6 +46,9 @@ class UserController extends SimpleController * This route requires authentication. * Request type: POST * @see getModalCreate + * @throws ForbiddenException + * @throws BadRequestException + * @throws ForbiddenException */ public function create($request, $response, $args) { // Get POST parameters: user_name, first_name, last_name, email, locale, (group) @@ -176,6 +179,9 @@ class UserController extends SimpleController * 4. The submitted data is valid. * This route requires authentication. * Request type: POST + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function createPasswordReset($request, $response, $args) { // Get the username from the URL @@ -235,6 +241,9 @@ class UserController extends SimpleController /** * Sets the users public key * Request type: POST + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function setPublicKey($request, $response, $args) { $requestedUser = $this->getUserFromParams($args); @@ -270,6 +279,10 @@ class UserController extends SimpleController * 2. You have permission to delete the target user's account. * This route requires authentication (and should generally be limited to admins or the root user). * Request type: DELETE + * @throws BadRequestException + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function delete($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -332,6 +345,9 @@ class UserController extends SimpleController * * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getActivities($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -377,6 +393,9 @@ class UserController extends SimpleController * * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getInfo($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -423,6 +442,7 @@ class UserController extends SimpleController * Generates a list of users, optionally paginated, sorted and/or filtered. * This page requires authentication. * Request type: GET + * @throws ForbiddenException */ public function getList($request, $response, $args) { // GET parameters @@ -455,6 +475,10 @@ class UserController extends SimpleController * This does NOT render a complete page. Instead, it renders the HTML for the modal, which can be embedded in other pages. * This page requires authentication. * Request type: GET + * @throws BadRequestException + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getModalConfirmDelete($request, $response, $args) { // GET parameters @@ -507,6 +531,7 @@ class UserController extends SimpleController * Otherwise, the user will be added to the default group and receive the default roles automatically. * This page requires authentication. * Request type: GET + * @throws ForbiddenException */ public function getModalCreate($request, $response, $args) { // GET parameters @@ -533,7 +558,6 @@ class UserController extends SimpleController $config = $this->ci->config; // Determine form fields to hide/disable - // TODO: come back to this when we finish implementing theming $fields = [ 'hidden' => ['theme'], 'disabled' => [] @@ -590,6 +614,9 @@ class UserController extends SimpleController * This does NOT render a complete page. Instead, it renders the HTML for the modal, which can be embedded in other pages. * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getModalEdit($request, $response, $args) { // GET parameters @@ -676,6 +703,9 @@ class UserController extends SimpleController * This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages. * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getModalEditPassword($request, $response, $args) { // GET parameters @@ -720,6 +750,9 @@ class UserController extends SimpleController * This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages. * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getModalEditRoles($request, $response, $args) { // GET parameters @@ -757,6 +790,9 @@ class UserController extends SimpleController * Generates a list of permissions, optionally paginated, sorted and/or filtered. * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getPermissions($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -801,6 +837,9 @@ class UserController extends SimpleController * * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getRoles($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -848,6 +887,8 @@ class UserController extends SimpleController * This will also try to show buttons for activating, disabling/enabling, deleting, and editing the user. * This page requires authentication. * Request type: GET + * @throws ForbiddenException + * @throws BadRequestException */ public function pageInfo($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -977,6 +1018,7 @@ class UserController extends SimpleController * Actions typically include: edit user details, activate user, enable/disable user, delete user. * This page requires authentication. * Request type: GET + * @throws ForbiddenException */ public function pageList($request, $response, $args) { /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ @@ -996,6 +1038,8 @@ class UserController extends SimpleController /** * Gets the users public key * Request type: GET + * @throws NotFoundException + * @throws BadRequestException */ public function getPublicKey($request, $response, $args) { $requestedUser = $this->getUserFromParams($args); @@ -1026,13 +1070,16 @@ class UserController extends SimpleController } return $response->withStatus(200); } else { - throw new NotFoundException(); + throw new NotFoundException($request, $response); } } /** * Gets the users which are following the requested user * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getFollowers($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -1069,6 +1116,9 @@ class UserController extends SimpleController /** * Get users which the user follows * Request type: GET + * @throws ForbiddenException + * @throws NotFoundException + * @throws BadRequestException */ public function getFollows($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -1085,9 +1135,9 @@ class UserController extends SimpleController $currentUser = $this->ci->currentUser; // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'uri_user', [ - 'user' => $user - ])) { + if (($user->id == $currentUser->id) || (!$authorizer->checkAccess($currentUser, 'uri_user', [ + 'user' => $user + ]))) { throw new ForbiddenException(); } @@ -1105,6 +1155,9 @@ class UserController extends SimpleController /** * Get users which the user follows and which are following the user * Request type: GET + * @throws NotFoundException + * @throws ForbiddenException + * @throws BadRequestException */ public function getFriends($request, $response, $args) { $user = $this->getUserFromParams($args); @@ -1133,7 +1186,7 @@ class UserController extends SimpleController $classMapper = $this->ci->classMapper; foreach ($UsersFriends as $Key => $UsersFriendId) { // NOT THAT EFFICIENT... - $UsersFriendInformation = $classMapper->createInstance('user')// select doesnt work with instance + $UsersFriendInformation = $classMapper->createInstance('user')// raw select doesnt work with instance ->where('id', $UsersFriendId->id) ->get(); @@ -1145,7 +1198,11 @@ class UserController extends SimpleController $result = $UsersFriends; - return $response->withJson($result, 200, JSON_PRETTY_PRINT); + if (sizeof($result) > 0) { // USER HAS FRIENDS + return $response->withJson($result, 200, JSON_PRETTY_PRINT); + } else { + throw new NotFoundException($request, $response); + } } @@ -1158,6 +1215,10 @@ class UserController extends SimpleController * 3. The submitted data is valid. * This route requires authentication. * Request type: PUT + * @throws NotFoundException + * @throws ForbiddenException + * @throws BadRequestException + * @throws BadRequestException */ public function updateInfo($request, $response, $args) { // Get the username from the URL @@ -1277,6 +1338,14 @@ class UserController extends SimpleController * 3. The submitted data is valid. * This route requires authentication. * Request type: PUT + * @throws ForbiddenException + * @throws BadRequestException + * @throws BadRequestException + * @throws BadRequestException + * @throws BadRequestException + * @throws BadRequestException + * @throws NotFoundException + * @throws BadRequestException */ public function updateField($request, $response, $args) { // Get the username from the URL @@ -1336,7 +1405,7 @@ class UserController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException + // encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { @@ -1426,7 +1495,6 @@ class UserController extends SimpleController // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { |