Move all admin controller into a dedicated group

Also handle authentication check in a new middleware for the admin group.

3 files changed, 14 insertions, 21 deletions

diff --git a/application/front/controller/admin/SessionFilterController.php b/application/front/controller/admin/SessionFilterController.php
index 081c0ba0..d9a7a2e0 100644
--- a/application/front/controller/admin/SessionFilterController.php
+++ b/application/front/controller/admin/SessionFilterController.php
@@ -17,7 +17,7 @@ use Slim\Http\Response;
 class SessionFilterController extends ShaarliAdminController
 {
     /**
-     * GET /visibility: allows to display only public or only private bookmarks in linklist
+     * GET /admin/visibility: allows to display only public or only private bookmarks in linklist
      */
     public function visibility(Request $request, Response $response, array $args): Response
     {
@@ -46,16 +46,5 @@ class SessionFilterController extends ShaarliAdminController
         return $this->redirectFromReferer($request, $response, ['visibility']);
     }
 
-    /**
-     * GET /untagged-only: allows to display only bookmarks without any tag
-     */
-    public function untaggedOnly(Request $request, Response $response): Response
-    {
-        $this->container->sessionManager->setSessionParameter(
-            SessionManager::KEY_UNTAGGED_ONLY,
-            empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY))
-        );
 
-        return $this->redirectFromReferer($request, $response, ['untaggedonly', 'untagged-only']);
-    }
 }
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php
index 3bc5bb6b..3b5939bb 100644
--- a/application/front/controller/admin/ShaarliAdminController.php
+++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -22,15 +22,6 @@ use Slim\Http\Request;
  */
 abstract class ShaarliAdminController extends ShaarliVisitorController
 {
-    public function __construct(ShaarliContainer $container)
-    {
-        parent::__construct($container);
-
-        if (true !== $this->container->loginManager->isLoggedIn()) {
-            throw new UnauthorizedException();
-        }
-    }
-
     /**
      * Any persistent action to the config or data store must check the XSRF token validity.
      */
diff --git a/application/front/controller/visitor/PublicSessionFilterController.php b/application/front/controller/visitor/PublicSessionFilterController.php
index 35da0c5f..1a66362d 100644
--- a/application/front/controller/visitor/PublicSessionFilterController.php
+++ b/application/front/controller/visitor/PublicSessionFilterController.php
@@ -30,4 +30,17 @@ class PublicSessionFilterController extends ShaarliVisitorController
 
         return $this->redirectFromReferer($request, $response, ['linksperpage'], ['nb']);
     }
+
+    /**
+     * GET /untagged-only: allows to display only bookmarks without any tag
+     */
+    public function untaggedOnly(Request $request, Response $response): Response
+    {
+        $this->container->sessionManager->setSessionParameter(
+            SessionManager::KEY_UNTAGGED_ONLY,
+            empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY))
+        );
+
+        return $this->redirectFromReferer($request, $response, ['untaggedonly', 'untagged-only']);
+    }
 }