From c49462db27ca5abecf189c5f66a97dda6f29682b Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Wed, 31 Jan 2018 17:28:31 +0100
Subject: [PATCH] FEAT #54 Check clause for group administration
---
core/Controllers/GroupController.php | 43 +++++++++++++++++++++-------
core/Models/GroupModelAbstract.php | 12 ++------
rest/index.php | 1 +
3 files changed, 36 insertions(+), 20 deletions(-)
diff --git a/core/Controllers/GroupController.php b/core/Controllers/GroupController.php
index 14e2391aee2..237426b543d 100644
--- a/core/Controllers/GroupController.php
+++ b/core/Controllers/GroupController.php
@@ -9,12 +9,13 @@ use Psr\Http\Message\ResponseInterface;
use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
+use SrcCore\controllers\PreparedClauseController;
class GroupController
{
- public function get(RequestInterface $request, ResponseInterface $response)
+ public function get(Request $request, Response $response)
{
- if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $_SESSION['user']['UserId'], 'location' => 'apps', 'type' => 'admin'])) {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
@@ -26,31 +27,53 @@ class GroupController
return $response->withJson(['groups' => $groups]);
}
- public function create(RequestInterface $request, ResponseInterface $response)
+ public function getById(Request $request, Response $response, array $aArgs)
{
- if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $_SESSION['user']['UserId'], 'location' => 'apps', 'type' => 'admin'])) {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+ }
+
+ $group = GroupModel::getById(['id' => $aArgs['id']]);
+ if (empty($group)) {
+ return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
+ }
+
+ return $response->withJson(['group' => $group]);
+ }
+
+ public function create(Request $request, Response $response)
+ {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
$data = $request->getParams();
- $check = Validator::stringType()->notEmpty()->validate($data['group_desc']);
- $check = $check && Validator::stringType()->notEmpty()->validate($data['group_id']);
+ $check = Validator::stringType()->notEmpty()->validate($data['group_id']) && preg_match("/^[\w-]*$/", $data['group_id']) && (strlen($data['group_id']) < 32);
+ $check = $check && Validator::stringType()->notEmpty()->validate($data['group_desc']);
$check = $check && Validator::stringType()->notEmpty()->validate($data['security']['where_clause']);
$check = $check && Validator::stringType()->notEmpty()->validate($data['security']['maarch_comment']);
-
if (!$check) {
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
}
+ $existingGroup = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['1']]);
+ if (!empty($existingGroup)) {
+ return $response->withStatus(400)->withJson(['errors' => 'Group already exists']);
+ }
+
+ if (!PreparedClauseController::isClauseValid(['clause' => $data['security']['where_clause'], 'userId' => $GLOBALS['userId']])) {
+ return $response->withStatus(400)->withJson(['errors' => _INVALID_CLAUSE]);
+ }
+
GroupModel::create(['groupId' => $data['group_id'], 'description' => $data['group_desc'], 'clause' => $data['security']['where_clause'], 'comment' => $data['security']['maarch_comment']]);
- $group = GroupModel::getByGroupId(['groupId' => $data['group_id']]);
- if (!Validator::intType()->notEmpty()->validate($group['id'])) {
+ $group = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['id']]);
+ if (empty($group)) {
return $response->withStatus(500)->withJson(['errors' => 'Group Creation Error']);
}
- return $response->withJson(['group' => $group]);
+ return $response->withJson(['group' => $group['id']]);
}
public function update(RequestInterface $request, ResponseInterface $response, $aArgs)
diff --git a/core/Models/GroupModelAbstract.php b/core/Models/GroupModelAbstract.php
index 9c0dac02623..aea37bf0ed1 100755
--- a/core/Models/GroupModelAbstract.php
+++ b/core/Models/GroupModelAbstract.php
@@ -30,7 +30,7 @@ class GroupModelAbstract
return $aGroups;
}
- public static function getById(array $aArgs = [])
+ public static function getById(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['id']);
ValidatorModel::stringType($aArgs, ['id']);
@@ -42,14 +42,10 @@ class GroupModelAbstract
'data' => [$aArgs['id']]
]);
- if (empty($aGroups[0])) {
- return [];
- }
-
return $aGroups[0];
}
- public static function getByGroupId(array $aArgs = [])
+ public static function getByGroupId(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['groupId']);
ValidatorModel::stringType($aArgs, ['groupId']);
@@ -61,10 +57,6 @@ class GroupModelAbstract
'data' => [$aArgs['groupId']]
]);
- if (empty($aGroups[0])) {
- return [];
- }
-
return $aGroups[0];
}
diff --git a/rest/index.php b/rest/index.php
index 5eda195d35c..48a4508d433 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -142,6 +142,7 @@ $app->get('/administration/statuses/new', \Status\controllers\StatusController::
//groups
$app->get('/groups', \Core\Controllers\GroupController::class . ':get');
$app->post('/groups', \Core\Controllers\GroupController::class . ':create');
+$app->get('/groups/{id}', \Core\Controllers\GroupController::class . ':getById');
$app->put('/groups/{id}', \Core\Controllers\GroupController::class . ':update');
$app->delete('/groups/{id}', \Core\Controllers\GroupController::class . ':delete');
$app->get('/groups/{id}/details', \Core\Controllers\GroupController::class . ':getDetailledById');
--
GitLab