1 files changed, 59 insertions, 0 deletions
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php
index ea703f62..3385006c 100644
--- a/application/front/controller/admin/ShaarliAdminController.php
+++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -7,7 +7,19 @@ namespace Shaarli\Front\Controller\Admin;
 use Shaarli\Container\ShaarliContainer;
 use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
 use Shaarli\Front\Exception\UnauthorizedException;
+use Shaarli\Front\Exception\WrongTokenException;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+/**
+ * Class ShaarliAdminController
+ *
+ * All admin controllers (for logged in users) MUST extend this abstract class.
+ * It makes sure that the user is properly logged in, and otherwise throw an exception
+ * which will redirect to the login page.
+ *
+ * @package Shaarli\Front\Controller\Admin
+ */
 abstract class ShaarliAdminController extends ShaarliVisitorController
 {
    public function __construct(ShaarliContainer $container)
@@ -18,4 +30,51 @@ abstract class ShaarliAdminController extends ShaarliVisitorController
            throw new UnauthorizedException();
        }
    }
+    /**
+     * Any persistent action to the config or data store must check the XSRF token validity.
+     */
+    protected function checkToken(Request $request): void
+    {
+        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
+            throw new WrongTokenException();
+        }
+    }
+    /**
+     * Save a SUCCESS message in user session, which will be displayed on any template page.
+     */
+    protected function saveSuccessMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
+    }
+    /**
+     * Save a WARNING message in user session, which will be displayed on any template page.
+     */
+    protected function saveWarningMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
+    }
+    /**
+     * Save an ERROR message in user session, which will be displayed on any template page.
+     */
+    protected function saveErrorMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
+    }
+    /**
+     * Use the sessionManager to save the provided message using the proper type.
+     *
+     * @param string $type successed/warnings/errors
+     */
+    protected function saveMessage(string $type, string $message): void
+    {
+        $messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
+        $messages[] = $message;
+        $this->container->sessionManager->setSessionParameter($type, $messages);
+    }
 }

diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php index ea703f62..3385006c 100644 --- a/application/front/controller/admin/ShaarliAdminController.php +++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -7,7 +7,19 @@ namespace Shaarli\Front\Controller\Admin;
7	use Shaarli\Container\ShaarliContainer;	7	use Shaarli\Container\ShaarliContainer;
8	use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;	8	use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
9	use Shaarli\Front\Exception\UnauthorizedException;	9	use Shaarli\Front\Exception\UnauthorizedException;
		10	use Shaarli\Front\Exception\WrongTokenException;
		11	use Shaarli\Security\SessionManager;
		12	use Slim\Http\Request;
10		13
		14	/**
		15	* Class ShaarliAdminController
		16	*
		17	* All admin controllers (for logged in users) MUST extend this abstract class.
		18	* It makes sure that the user is properly logged in, and otherwise throw an exception
		19	* which will redirect to the login page.
		20	*
		21	* @package Shaarli\Front\Controller\Admin
		22	*/
11	abstract class ShaarliAdminController extends ShaarliVisitorController	23	abstract class ShaarliAdminController extends ShaarliVisitorController
12	{	24	{
13	public function __construct(ShaarliContainer $container)	25	public function __construct(ShaarliContainer $container)
@@ -18,4 +30,51 @@ abstract class ShaarliAdminController extends ShaarliVisitorController
18	throw new UnauthorizedException();	30	throw new UnauthorizedException();
19	}	31	}
20	}	32	}
		33
		34	/**
		35	* Any persistent action to the config or data store must check the XSRF token validity.
		36	*/
		37	protected function checkToken(Request $request): void
		38	{
		39	if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
		40	throw new WrongTokenException();
		41	}
		42	}
		43
		44	/**
		45	* Save a SUCCESS message in user session, which will be displayed on any template page.
		46	*/
		47	protected function saveSuccessMessage(string $message): void
		48	{
		49	$this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
		50	}
		51
		52	/**
		53	* Save a WARNING message in user session, which will be displayed on any template page.
		54	*/
		55	protected function saveWarningMessage(string $message): void
		56	{
		57	$this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
		58	}
		59
		60	/**
		61	* Save an ERROR message in user session, which will be displayed on any template page.
		62	*/
		63	protected function saveErrorMessage(string $message): void
		64	{
		65	$this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
		66	}
		67
		68	/**
		69	* Use the sessionManager to save the provided message using the proper type.
		70	*
		71	* @param string $type successed/warnings/errors
		72	*/
		73	protected function saveMessage(string $type, string $message): void
		74	{
		75	$messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
		76	$messages[] = $message;
		77
		78	$this->container->sessionManager->setSessionParameter($type, $messages);
		79	}
21	}	80	}