]>
Commit | Line | Data |
---|---|---|
2899ebb5 A |
1 | <?php |
2 | ||
3 | declare(strict_types=1); | |
4 | ||
5 | namespace Shaarli\Front\Controller\Admin; | |
6 | ||
7 | use Shaarli\Container\ShaarliContainer; | |
8 | use Shaarli\Front\Controller\Visitor\ShaarliVisitorController; | |
9 | use Shaarli\Front\Exception\UnauthorizedException; | |
ef00f9d2 A |
10 | use Shaarli\Front\Exception\WrongTokenException; |
11 | use Shaarli\Security\SessionManager; | |
12 | use Slim\Http\Request; | |
2899ebb5 | 13 | |
ef00f9d2 A |
14 | /** |
15 | * Class ShaarliAdminController | |
16 | * | |
17 | * All admin controllers (for logged in users) MUST extend this abstract class. | |
18 | * It makes sure that the user is properly logged in, and otherwise throw an exception | |
19 | * which will redirect to the login page. | |
20 | * | |
21 | * @package Shaarli\Front\Controller\Admin | |
22 | */ | |
2899ebb5 A |
23 | abstract class ShaarliAdminController extends ShaarliVisitorController |
24 | { | |
25 | public function __construct(ShaarliContainer $container) | |
26 | { | |
27 | parent::__construct($container); | |
28 | ||
29 | if (true !== $this->container->loginManager->isLoggedIn()) { | |
30 | throw new UnauthorizedException(); | |
31 | } | |
32 | } | |
ef00f9d2 A |
33 | |
34 | /** | |
35 | * Any persistent action to the config or data store must check the XSRF token validity. | |
36 | */ | |
fdedbfd4 | 37 | protected function checkToken(Request $request): bool |
ef00f9d2 A |
38 | { |
39 | if (!$this->container->sessionManager->checkToken($request->getParam('token'))) { | |
40 | throw new WrongTokenException(); | |
41 | } | |
fdedbfd4 A |
42 | |
43 | return true; | |
ef00f9d2 A |
44 | } |
45 | ||
46 | /** | |
47 | * Save a SUCCESS message in user session, which will be displayed on any template page. | |
48 | */ | |
49 | protected function saveSuccessMessage(string $message): void | |
50 | { | |
51 | $this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message); | |
52 | } | |
53 | ||
54 | /** | |
55 | * Save a WARNING message in user session, which will be displayed on any template page. | |
56 | */ | |
57 | protected function saveWarningMessage(string $message): void | |
58 | { | |
59 | $this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message); | |
60 | } | |
61 | ||
62 | /** | |
63 | * Save an ERROR message in user session, which will be displayed on any template page. | |
64 | */ | |
65 | protected function saveErrorMessage(string $message): void | |
66 | { | |
67 | $this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message); | |
68 | } | |
69 | ||
70 | /** | |
71 | * Use the sessionManager to save the provided message using the proper type. | |
72 | * | |
73 | * @param string $type successed/warnings/errors | |
74 | */ | |
75 | protected function saveMessage(string $type, string $message): void | |
76 | { | |
77 | $messages = $this->container->sessionManager->getSessionParameter($type) ?? []; | |
78 | $messages[] = $message; | |
79 | ||
80 | $this->container->sessionManager->setSessionParameter($type, $messages); | |
81 | } | |
2899ebb5 | 82 | } |