diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-08-13 11:08:13 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2020-08-13 11:08:13 +0200 |
commit | bedbb845eec20363b928b424143787dbe988eefe (patch) | |
tree | 6b835ca247e39157b333323a539dde3c410c08f5 /application/front | |
parent | 1a68ae5a29bc33ab80c9cfbe043cb1213551533c (diff) | |
download | Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.gz Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.zst Shaarli-bedbb845eec20363b928b424143787dbe988eefe.zip |
Move all admin controller into a dedicated group
Also handle authentication check in a new middleware for the admin group.
Diffstat (limited to 'application/front')
5 files changed, 52 insertions, 22 deletions
diff --git a/application/front/ShaarliAdminMiddleware.php b/application/front/ShaarliAdminMiddleware.php new file mode 100644 index 00000000..35ce4a3b --- /dev/null +++ b/application/front/ShaarliAdminMiddleware.php | |||
@@ -0,0 +1,27 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Shaarli\Front; | ||
4 | |||
5 | use Slim\Http\Request; | ||
6 | use Slim\Http\Response; | ||
7 | |||
8 | /** | ||
9 | * Middleware used for controller requiring to be authenticated. | ||
10 | * It extends ShaarliMiddleware, and just make sure that the user is authenticated. | ||
11 | * Otherwise, it redirects to the login page. | ||
12 | */ | ||
13 | class ShaarliAdminMiddleware extends ShaarliMiddleware | ||
14 | { | ||
15 | public function __invoke(Request $request, Response $response, callable $next): Response | ||
16 | { | ||
17 | $this->initBasePath($request); | ||
18 | |||
19 | if (true !== $this->container->loginManager->isLoggedIn()) { | ||
20 | $returnUrl = urlencode($this->container->environment['REQUEST_URI']); | ||
21 | |||
22 | return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl); | ||
23 | } | ||
24 | |||
25 | return parent::__invoke($request, $response, $next); | ||
26 | } | ||
27 | } | ||
diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php index 707489d0..a2a3837b 100644 --- a/application/front/ShaarliMiddleware.php +++ b/application/front/ShaarliMiddleware.php | |||
@@ -40,7 +40,7 @@ class ShaarliMiddleware | |||
40 | */ | 40 | */ |
41 | public function __invoke(Request $request, Response $response, callable $next): Response | 41 | public function __invoke(Request $request, Response $response, callable $next): Response |
42 | { | 42 | { |
43 | $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/'); | 43 | $this->initBasePath($request); |
44 | 44 | ||
45 | try { | 45 | try { |
46 | if (!is_file($this->container->conf->getConfigFileExt()) | 46 | if (!is_file($this->container->conf->getConfigFileExt()) |
@@ -125,4 +125,14 @@ class ShaarliMiddleware | |||
125 | 125 | ||
126 | return true; | 126 | return true; |
127 | } | 127 | } |
128 | |||
129 | /** | ||
130 | * Initialize the URL base path if it hasn't been defined yet. | ||
131 | */ | ||
132 | protected function initBasePath(Request $request): void | ||
133 | { | ||
134 | if (null === $this->container->basePath) { | ||
135 | $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/'); | ||
136 | } | ||
137 | } | ||
128 | } | 138 | } |
diff --git a/application/front/controller/admin/SessionFilterController.php b/application/front/controller/admin/SessionFilterController.php index 081c0ba0..d9a7a2e0 100644 --- a/application/front/controller/admin/SessionFilterController.php +++ b/application/front/controller/admin/SessionFilterController.php | |||
@@ -17,7 +17,7 @@ use Slim\Http\Response; | |||
17 | class SessionFilterController extends ShaarliAdminController | 17 | class SessionFilterController extends ShaarliAdminController |
18 | { | 18 | { |
19 | /** | 19 | /** |
20 | * GET /visibility: allows to display only public or only private bookmarks in linklist | 20 | * GET /admin/visibility: allows to display only public or only private bookmarks in linklist |
21 | */ | 21 | */ |
22 | public function visibility(Request $request, Response $response, array $args): Response | 22 | public function visibility(Request $request, Response $response, array $args): Response |
23 | { | 23 | { |
@@ -46,16 +46,5 @@ class SessionFilterController extends ShaarliAdminController | |||
46 | return $this->redirectFromReferer($request, $response, ['visibility']); | 46 | return $this->redirectFromReferer($request, $response, ['visibility']); |
47 | } | 47 | } |
48 | 48 | ||
49 | /** | ||
50 | * GET /untagged-only: allows to display only bookmarks without any tag | ||
51 | */ | ||
52 | public function untaggedOnly(Request $request, Response $response): Response | ||
53 | { | ||
54 | $this->container->sessionManager->setSessionParameter( | ||
55 | SessionManager::KEY_UNTAGGED_ONLY, | ||
56 | empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY)) | ||
57 | ); | ||
58 | 49 | ||
59 | return $this->redirectFromReferer($request, $response, ['untaggedonly', 'untagged-only']); | ||
60 | } | ||
61 | } | 50 | } |
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php index 3bc5bb6b..3b5939bb 100644 --- a/application/front/controller/admin/ShaarliAdminController.php +++ b/application/front/controller/admin/ShaarliAdminController.php | |||
@@ -22,15 +22,6 @@ use Slim\Http\Request; | |||
22 | */ | 22 | */ |
23 | abstract class ShaarliAdminController extends ShaarliVisitorController | 23 | abstract class ShaarliAdminController extends ShaarliVisitorController |
24 | { | 24 | { |
25 | public function __construct(ShaarliContainer $container) | ||
26 | { | ||
27 | parent::__construct($container); | ||
28 | |||
29 | if (true !== $this->container->loginManager->isLoggedIn()) { | ||
30 | throw new UnauthorizedException(); | ||
31 | } | ||
32 | } | ||
33 | |||
34 | /** | 25 | /** |
35 | * Any persistent action to the config or data store must check the XSRF token validity. | 26 | * Any persistent action to the config or data store must check the XSRF token validity. |
36 | */ | 27 | */ |
diff --git a/application/front/controller/visitor/PublicSessionFilterController.php b/application/front/controller/visitor/PublicSessionFilterController.php index 35da0c5f..1a66362d 100644 --- a/application/front/controller/visitor/PublicSessionFilterController.php +++ b/application/front/controller/visitor/PublicSessionFilterController.php | |||
@@ -30,4 +30,17 @@ class PublicSessionFilterController extends ShaarliVisitorController | |||
30 | 30 | ||
31 | return $this->redirectFromReferer($request, $response, ['linksperpage'], ['nb']); | 31 | return $this->redirectFromReferer($request, $response, ['linksperpage'], ['nb']); |
32 | } | 32 | } |
33 | |||
34 | /** | ||
35 | * GET /untagged-only: allows to display only bookmarks without any tag | ||
36 | */ | ||
37 | public function untaggedOnly(Request $request, Response $response): Response | ||
38 | { | ||
39 | $this->container->sessionManager->setSessionParameter( | ||
40 | SessionManager::KEY_UNTAGGED_ONLY, | ||
41 | empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY)) | ||
42 | ); | ||
43 | |||
44 | return $this->redirectFromReferer($request, $response, ['untaggedonly', 'untagged-only']); | ||
45 | } | ||
33 | } | 46 | } |