diff options
Diffstat (limited to 'application/bookmark')
-rw-r--r-- | application/bookmark/BookmarkFileService.php | 26 | ||||
-rw-r--r-- | application/bookmark/BookmarkInitializer.php | 12 | ||||
-rw-r--r-- | application/bookmark/BookmarkServiceInterface.php | 13 |
3 files changed, 42 insertions, 9 deletions
diff --git a/application/bookmark/BookmarkFileService.php b/application/bookmark/BookmarkFileService.php index 3d15d4c9..6e04f3b7 100644 --- a/application/bookmark/BookmarkFileService.php +++ b/application/bookmark/BookmarkFileService.php | |||
@@ -46,6 +46,9 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
46 | /** @var bool true for logged in users. Default value to retrieve private bookmarks. */ | 46 | /** @var bool true for logged in users. Default value to retrieve private bookmarks. */ |
47 | protected $isLoggedIn; | 47 | protected $isLoggedIn; |
48 | 48 | ||
49 | /** @var bool Allow datastore alteration from not logged in users. */ | ||
50 | protected $anonymousPermission = false; | ||
51 | |||
49 | /** | 52 | /** |
50 | * @inheritDoc | 53 | * @inheritDoc |
51 | */ | 54 | */ |
@@ -64,7 +67,7 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
64 | $this->bookmarks = $this->bookmarksIO->read(); | 67 | $this->bookmarks = $this->bookmarksIO->read(); |
65 | } catch (EmptyDataStoreException $e) { | 68 | } catch (EmptyDataStoreException $e) { |
66 | $this->bookmarks = new BookmarkArray(); | 69 | $this->bookmarks = new BookmarkArray(); |
67 | if ($isLoggedIn) { | 70 | if ($this->isLoggedIn) { |
68 | $this->save(); | 71 | $this->save(); |
69 | } | 72 | } |
70 | } | 73 | } |
@@ -154,7 +157,7 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
154 | */ | 157 | */ |
155 | public function set($bookmark, $save = true) | 158 | public function set($bookmark, $save = true) |
156 | { | 159 | { |
157 | if ($this->isLoggedIn !== true) { | 160 | if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) { |
158 | throw new Exception(t('You\'re not authorized to alter the datastore')); | 161 | throw new Exception(t('You\'re not authorized to alter the datastore')); |
159 | } | 162 | } |
160 | if (! $bookmark instanceof Bookmark) { | 163 | if (! $bookmark instanceof Bookmark) { |
@@ -179,7 +182,7 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
179 | */ | 182 | */ |
180 | public function add($bookmark, $save = true) | 183 | public function add($bookmark, $save = true) |
181 | { | 184 | { |
182 | if ($this->isLoggedIn !== true) { | 185 | if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) { |
183 | throw new Exception(t('You\'re not authorized to alter the datastore')); | 186 | throw new Exception(t('You\'re not authorized to alter the datastore')); |
184 | } | 187 | } |
185 | if (! $bookmark instanceof Bookmark) { | 188 | if (! $bookmark instanceof Bookmark) { |
@@ -204,7 +207,7 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
204 | */ | 207 | */ |
205 | public function addOrSet($bookmark, $save = true) | 208 | public function addOrSet($bookmark, $save = true) |
206 | { | 209 | { |
207 | if ($this->isLoggedIn !== true) { | 210 | if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) { |
208 | throw new Exception(t('You\'re not authorized to alter the datastore')); | 211 | throw new Exception(t('You\'re not authorized to alter the datastore')); |
209 | } | 212 | } |
210 | if (! $bookmark instanceof Bookmark) { | 213 | if (! $bookmark instanceof Bookmark) { |
@@ -221,7 +224,7 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
221 | */ | 224 | */ |
222 | public function remove($bookmark, $save = true) | 225 | public function remove($bookmark, $save = true) |
223 | { | 226 | { |
224 | if ($this->isLoggedIn !== true) { | 227 | if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) { |
225 | throw new Exception(t('You\'re not authorized to alter the datastore')); | 228 | throw new Exception(t('You\'re not authorized to alter the datastore')); |
226 | } | 229 | } |
227 | if (! $bookmark instanceof Bookmark) { | 230 | if (! $bookmark instanceof Bookmark) { |
@@ -274,10 +277,11 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
274 | */ | 277 | */ |
275 | public function save() | 278 | public function save() |
276 | { | 279 | { |
277 | if (!$this->isLoggedIn) { | 280 | if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) { |
278 | // TODO: raise an Exception instead | 281 | // TODO: raise an Exception instead |
279 | die('You are not authorized to change the database.'); | 282 | die('You are not authorized to change the database.'); |
280 | } | 283 | } |
284 | |||
281 | $this->bookmarks->reorder(); | 285 | $this->bookmarks->reorder(); |
282 | $this->bookmarksIO->write($this->bookmarks); | 286 | $this->bookmarksIO->write($this->bookmarks); |
283 | $this->pageCacheManager->invalidateCaches(); | 287 | $this->pageCacheManager->invalidateCaches(); |
@@ -357,6 +361,16 @@ class BookmarkFileService implements BookmarkServiceInterface | |||
357 | $initializer->initialize(); | 361 | $initializer->initialize(); |
358 | } | 362 | } |
359 | 363 | ||
364 | public function enableAnonymousPermission(): void | ||
365 | { | ||
366 | $this->anonymousPermission = true; | ||
367 | } | ||
368 | |||
369 | public function disableAnonymousPermission(): void | ||
370 | { | ||
371 | $this->anonymousPermission = false; | ||
372 | } | ||
373 | |||
360 | /** | 374 | /** |
361 | * Handles migration to the new database format (BookmarksArray). | 375 | * Handles migration to the new database format (BookmarksArray). |
362 | */ | 376 | */ |
diff --git a/application/bookmark/BookmarkInitializer.php b/application/bookmark/BookmarkInitializer.php index 9eee9a35..479ee9a9 100644 --- a/application/bookmark/BookmarkInitializer.php +++ b/application/bookmark/BookmarkInitializer.php | |||
@@ -34,13 +34,15 @@ class BookmarkInitializer | |||
34 | */ | 34 | */ |
35 | public function initialize() | 35 | public function initialize() |
36 | { | 36 | { |
37 | $this->bookmarkService->enableAnonymousPermission(); | ||
38 | |||
37 | $bookmark = new Bookmark(); | 39 | $bookmark = new Bookmark(); |
38 | $bookmark->setTitle(t('My secret stuff... - Pastebin.com')); | 40 | $bookmark->setTitle(t('My secret stuff... - Pastebin.com')); |
39 | $bookmark->setUrl('http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=', []); | 41 | $bookmark->setUrl('http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8='); |
40 | $bookmark->setDescription(t('Shhhh! I\'m a private link only YOU can see. You can delete me too.')); | 42 | $bookmark->setDescription(t('Shhhh! I\'m a private link only YOU can see. You can delete me too.')); |
41 | $bookmark->setTagsString('secretstuff'); | 43 | $bookmark->setTagsString('secretstuff'); |
42 | $bookmark->setPrivate(true); | 44 | $bookmark->setPrivate(true); |
43 | $this->bookmarkService->add($bookmark); | 45 | $this->bookmarkService->add($bookmark, false); |
44 | 46 | ||
45 | $bookmark = new Bookmark(); | 47 | $bookmark = new Bookmark(); |
46 | $bookmark->setTitle(t('The personal, minimalist, super-fast, database free, bookmarking service')); | 48 | $bookmark->setTitle(t('The personal, minimalist, super-fast, database free, bookmarking service')); |
@@ -54,6 +56,10 @@ To learn how to use Shaarli, consult the link "Documentation" at the bottom of t | |||
54 | You use the community supported version of the original Shaarli project, by Sebastien Sauvage.' | 56 | You use the community supported version of the original Shaarli project, by Sebastien Sauvage.' |
55 | )); | 57 | )); |
56 | $bookmark->setTagsString('opensource software'); | 58 | $bookmark->setTagsString('opensource software'); |
57 | $this->bookmarkService->add($bookmark); | 59 | $this->bookmarkService->add($bookmark, false); |
60 | |||
61 | $this->bookmarkService->save(); | ||
62 | |||
63 | $this->bookmarkService->disableAnonymousPermission(); | ||
58 | } | 64 | } |
59 | } | 65 | } |
diff --git a/application/bookmark/BookmarkServiceInterface.php b/application/bookmark/BookmarkServiceInterface.php index 7b7a4f09..37fbda89 100644 --- a/application/bookmark/BookmarkServiceInterface.php +++ b/application/bookmark/BookmarkServiceInterface.php | |||
@@ -177,4 +177,17 @@ interface BookmarkServiceInterface | |||
177 | * Creates the default database after a fresh install. | 177 | * Creates the default database after a fresh install. |
178 | */ | 178 | */ |
179 | public function initialize(); | 179 | public function initialize(); |
180 | |||
181 | /** | ||
182 | * Allow to write the datastore from anonymous session (not logged in). | ||
183 | * | ||
184 | * This covers a few specific use cases, such as datastore initialization, | ||
185 | * but it should be used carefully as it can lead to security issues. | ||
186 | */ | ||
187 | public function enableAnonymousPermission(); | ||
188 | |||
189 | /** | ||
190 | * Disable anonymous permission. | ||
191 | */ | ||
192 | public function disableAnonymousPermission(); | ||
180 | } | 193 | } |