ci->authorizer; $currentUser = $this->ci->currentUser; if (!$authorizer->checkAccess($currentUser, 'view_image')) { throw new ForbiddenException(); } $postID = $args['PostID']; } public function postImage(Request $request, Response $response) { function moveUploadedFile($directory, UploadedFile $uploadedFile) { $extension = pathinfo($uploadedFile->getClientFilename(), PATHINFO_EXTENSION); $basename = bin2hex(random_bytes(8)); // see http://php.net/manual/en/function.random-bytes.php $filename = sprintf('%s.%0.8s', $basename, $extension); $uploadedFile->moveTo($directory . DIRECTORY_SEPARATOR . $filename); return $filename; } $authorizer = $this->ci->authorizer; $currentUser = $this->ci->currentUser; if (!$authorizer->checkAccess($currentUser, 'post_image')) { throw new ForbiddenException(); } $directory = __DIR__ . '/../../../../../uploads'; // It's ugly but it is flexible.. $uploadedFiles = $request->getUploadedFiles(); $uploadedFile = $uploadedFiles['image']; if (!strpos($uploadedFile->getClientMediaType(), "mage")) { return $response->withStatus(415); } else if ($uploadedFile->getError() === 1) { return $response->withStatus(406); } else if ($uploadedFile->getSize() > 10485760) { return $response->withStatus(413); } else { $filename = moveUploadedFile($directory, $uploadedFile); $response->write('uploaded ' . $filename . '
'); } } protected function getUserFromParams($params) { // Load the request schema $schema = new RequestSchema('schema://requests/user/get-by-username.yaml'); // Whitelist and set parameter defaults $transformer = new RequestDataTransformer($schema); $data = $transformer->transform($params); // Validate, and throw exception on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException(); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { $e->addUserMessage($error); } } throw $e; } /** @var UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */ $classMapper = $this->ci->classMapper; // Get the user to delete $user = $classMapper->staticMethod('user', 'where', 'user_name', $data['user_name']) ->first(); return $user; } }