1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
<?php
/**
* UserFrosting (http://www.userfrosting.com)
*
* @link https://github.com/userfrosting/UserFrosting
* @license https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
*/
namespace UserFrosting\Sprinkle\Admin\Controller;
use function GuzzleHttp\Psr7\str;
use UserFrosting\Fortress\RequestDataTransformer;
use UserFrosting\Fortress\RequestSchema;
use UserFrosting\Fortress\ServerSideValidator;
use UserFrosting\Support\Exception\ForbiddenException;
use UserFrosting\Sprinkle\Core\Controller\SimpleController;
use UserFrosting\Support\Exception\BadRequestException;
use Slim\Http\Request;
use Slim\Http\Response;
use Slim\Http\UploadedFile;
/**
* Controller class for user-related requests, including listing users, CRUD for users, etc.
*
* @author Alex Weissman (https://alexanderweissman.com)
*/
class PostController extends SimpleController
{
public function showImage($request, $response, $args) {
$authorizer = $this->ci->authorizer;
$currentUser = $this->ci->currentUser;
if (!$authorizer->checkAccess($currentUser, 'view_image')) {
throw new ForbiddenException();
}
$postID = $args['PostID'];
}
public function postImage(Request $request, Response $response) {
function moveUploadedFile($directory, UploadedFile $uploadedFile) {
$extension = pathinfo($uploadedFile->getClientFilename(), PATHINFO_EXTENSION);
$basename = bin2hex(random_bytes(8)); // see http://php.net/manual/en/function.random-bytes.php
$filename = sprintf('%s.%0.8s', $basename, $extension);
$uploadedFile->moveTo($directory . DIRECTORY_SEPARATOR . $filename);
return $filename;
}
$authorizer = $this->ci->authorizer;
$currentUser = $this->ci->currentUser;
if (!$authorizer->checkAccess($currentUser, 'post_image')) {
throw new ForbiddenException();
}
$directory = __DIR__ . '/../../../../../uploads'; // It's ugly but it is flexible..
$uploadedFiles = $request->getUploadedFiles();
$uploadedFile = $uploadedFiles['image'];
if (!strpos($uploadedFile->getClientMediaType(), "mage")) {
return $response->withStatus(415);
} else if ($uploadedFile->getError() === 1) {
return $response->withStatus(406);
} else if ($uploadedFile->getSize() > 10485760) {
return $response->withStatus(413);
} else {
$filename = moveUploadedFile($directory, $uploadedFile);
$response->write('uploaded ' . $filename . '<br/>');
}
}
protected function getUserFromParams($params) {
// Load the request schema
$schema = new RequestSchema('schema://requests/user/get-by-username.yaml');
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
$data = $transformer->transform($params);
// Validate, and throw exception on validation errors.
$validator = new ServerSideValidator($schema, $this->ci->translator);
if (!$validator->validate($data)) {
// TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException
$e = new BadRequestException();
foreach ($validator->errors() as $idx => $field) {
foreach ($field as $eidx => $error) {
$e->addUserMessage($error);
}
}
throw $e;
}
/** @var UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
// Get the user to delete
$user = $classMapper->staticMethod('user', 'where', 'user_name', $data['user_name'])
->first();
return $user;
}
}
|
