aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/bookmark
diff options
context:
space:
mode:
Diffstat (limited to 'application/bookmark')
-rw-r--r--application/bookmark/BookmarkFileService.php26
-rw-r--r--application/bookmark/BookmarkInitializer.php12
-rw-r--r--application/bookmark/BookmarkServiceInterface.php13
3 files changed, 42 insertions, 9 deletions
diff --git a/application/bookmark/BookmarkFileService.php b/application/bookmark/BookmarkFileService.php
index 3d15d4c9..6e04f3b7 100644
--- a/application/bookmark/BookmarkFileService.php
+++ b/application/bookmark/BookmarkFileService.php
@@ -46,6 +46,9 @@ class BookmarkFileService implements BookmarkServiceInterface
46 /** @var bool true for logged in users. Default value to retrieve private bookmarks. */ 46 /** @var bool true for logged in users. Default value to retrieve private bookmarks. */
47 protected $isLoggedIn; 47 protected $isLoggedIn;
48 48
49 /** @var bool Allow datastore alteration from not logged in users. */
50 protected $anonymousPermission = false;
51
49 /** 52 /**
50 * @inheritDoc 53 * @inheritDoc
51 */ 54 */
@@ -64,7 +67,7 @@ class BookmarkFileService implements BookmarkServiceInterface
64 $this->bookmarks = $this->bookmarksIO->read(); 67 $this->bookmarks = $this->bookmarksIO->read();
65 } catch (EmptyDataStoreException $e) { 68 } catch (EmptyDataStoreException $e) {
66 $this->bookmarks = new BookmarkArray(); 69 $this->bookmarks = new BookmarkArray();
67 if ($isLoggedIn) { 70 if ($this->isLoggedIn) {
68 $this->save(); 71 $this->save();
69 } 72 }
70 } 73 }
@@ -154,7 +157,7 @@ class BookmarkFileService implements BookmarkServiceInterface
154 */ 157 */
155 public function set($bookmark, $save = true) 158 public function set($bookmark, $save = true)
156 { 159 {
157 if ($this->isLoggedIn !== true) { 160 if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) {
158 throw new Exception(t('You\'re not authorized to alter the datastore')); 161 throw new Exception(t('You\'re not authorized to alter the datastore'));
159 } 162 }
160 if (! $bookmark instanceof Bookmark) { 163 if (! $bookmark instanceof Bookmark) {
@@ -179,7 +182,7 @@ class BookmarkFileService implements BookmarkServiceInterface
179 */ 182 */
180 public function add($bookmark, $save = true) 183 public function add($bookmark, $save = true)
181 { 184 {
182 if ($this->isLoggedIn !== true) { 185 if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) {
183 throw new Exception(t('You\'re not authorized to alter the datastore')); 186 throw new Exception(t('You\'re not authorized to alter the datastore'));
184 } 187 }
185 if (! $bookmark instanceof Bookmark) { 188 if (! $bookmark instanceof Bookmark) {
@@ -204,7 +207,7 @@ class BookmarkFileService implements BookmarkServiceInterface
204 */ 207 */
205 public function addOrSet($bookmark, $save = true) 208 public function addOrSet($bookmark, $save = true)
206 { 209 {
207 if ($this->isLoggedIn !== true) { 210 if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) {
208 throw new Exception(t('You\'re not authorized to alter the datastore')); 211 throw new Exception(t('You\'re not authorized to alter the datastore'));
209 } 212 }
210 if (! $bookmark instanceof Bookmark) { 213 if (! $bookmark instanceof Bookmark) {
@@ -221,7 +224,7 @@ class BookmarkFileService implements BookmarkServiceInterface
221 */ 224 */
222 public function remove($bookmark, $save = true) 225 public function remove($bookmark, $save = true)
223 { 226 {
224 if ($this->isLoggedIn !== true) { 227 if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) {
225 throw new Exception(t('You\'re not authorized to alter the datastore')); 228 throw new Exception(t('You\'re not authorized to alter the datastore'));
226 } 229 }
227 if (! $bookmark instanceof Bookmark) { 230 if (! $bookmark instanceof Bookmark) {
@@ -274,10 +277,11 @@ class BookmarkFileService implements BookmarkServiceInterface
274 */ 277 */
275 public function save() 278 public function save()
276 { 279 {
277 if (!$this->isLoggedIn) { 280 if (true !== $this->isLoggedIn && true !== $this->anonymousPermission) {
278 // TODO: raise an Exception instead 281 // TODO: raise an Exception instead
279 die('You are not authorized to change the database.'); 282 die('You are not authorized to change the database.');
280 } 283 }
284
281 $this->bookmarks->reorder(); 285 $this->bookmarks->reorder();
282 $this->bookmarksIO->write($this->bookmarks); 286 $this->bookmarksIO->write($this->bookmarks);
283 $this->pageCacheManager->invalidateCaches(); 287 $this->pageCacheManager->invalidateCaches();
@@ -357,6 +361,16 @@ class BookmarkFileService implements BookmarkServiceInterface
357 $initializer->initialize(); 361 $initializer->initialize();
358 } 362 }
359 363
364 public function enableAnonymousPermission(): void
365 {
366 $this->anonymousPermission = true;
367 }
368
369 public function disableAnonymousPermission(): void
370 {
371 $this->anonymousPermission = false;
372 }
373
360 /** 374 /**
361 * Handles migration to the new database format (BookmarksArray). 375 * Handles migration to the new database format (BookmarksArray).
362 */ 376 */
diff --git a/application/bookmark/BookmarkInitializer.php b/application/bookmark/BookmarkInitializer.php
index 9eee9a35..479ee9a9 100644
--- a/application/bookmark/BookmarkInitializer.php
+++ b/application/bookmark/BookmarkInitializer.php
@@ -34,13 +34,15 @@ class BookmarkInitializer
34 */ 34 */
35 public function initialize() 35 public function initialize()
36 { 36 {
37 $this->bookmarkService->enableAnonymousPermission();
38
37 $bookmark = new Bookmark(); 39 $bookmark = new Bookmark();
38 $bookmark->setTitle(t('My secret stuff... - Pastebin.com')); 40 $bookmark->setTitle(t('My secret stuff... - Pastebin.com'));
39 $bookmark->setUrl('http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=', []); 41 $bookmark->setUrl('http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=');
40 $bookmark->setDescription(t('Shhhh! I\'m a private link only YOU can see. You can delete me too.')); 42 $bookmark->setDescription(t('Shhhh! I\'m a private link only YOU can see. You can delete me too.'));
41 $bookmark->setTagsString('secretstuff'); 43 $bookmark->setTagsString('secretstuff');
42 $bookmark->setPrivate(true); 44 $bookmark->setPrivate(true);
43 $this->bookmarkService->add($bookmark); 45 $this->bookmarkService->add($bookmark, false);
44 46
45 $bookmark = new Bookmark(); 47 $bookmark = new Bookmark();
46 $bookmark->setTitle(t('The personal, minimalist, super-fast, database free, bookmarking service')); 48 $bookmark->setTitle(t('The personal, minimalist, super-fast, database free, bookmarking service'));
@@ -54,6 +56,10 @@ To learn how to use Shaarli, consult the link "Documentation" at the bottom of t
54You use the community supported version of the original Shaarli project, by Sebastien Sauvage.' 56You use the community supported version of the original Shaarli project, by Sebastien Sauvage.'
55 )); 57 ));
56 $bookmark->setTagsString('opensource software'); 58 $bookmark->setTagsString('opensource software');
57 $this->bookmarkService->add($bookmark); 59 $this->bookmarkService->add($bookmark, false);
60
61 $this->bookmarkService->save();
62
63 $this->bookmarkService->disableAnonymousPermission();
58 } 64 }
59} 65}
diff --git a/application/bookmark/BookmarkServiceInterface.php b/application/bookmark/BookmarkServiceInterface.php
index 7b7a4f09..37fbda89 100644
--- a/application/bookmark/BookmarkServiceInterface.php
+++ b/application/bookmark/BookmarkServiceInterface.php
@@ -177,4 +177,17 @@ interface BookmarkServiceInterface
177 * Creates the default database after a fresh install. 177 * Creates the default database after a fresh install.
178 */ 178 */
179 public function initialize(); 179 public function initialize();
180
181 /**
182 * Allow to write the datastore from anonymous session (not logged in).
183 *
184 * This covers a few specific use cases, such as datastore initialization,
185 * but it should be used carefully as it can lead to security issues.
186 */
187 public function enableAnonymousPermission();
188
189 /**
190 * Disable anonymous permission.
191 */
192 public function disableAnonymousPermission();
180} 193}