1 files changed, 73 insertions, 0 deletions
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php
new file mode 100644
index 00000000..3b5939bb
--- /dev/null
+++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -0,0 +1,73 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
+use Shaarli\Front\Exception\UnauthorizedException;
+use Shaarli\Front\Exception\WrongTokenException;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+/**
+ * Class ShaarliAdminController
+ *
+ * All admin controllers (for logged in users) MUST extend this abstract class.
+ * It makes sure that the user is properly logged in, and otherwise throw an exception
+ * which will redirect to the login page.
+ *
+ * @package Shaarli\Front\Controller\Admin
+ */
+abstract class ShaarliAdminController extends ShaarliVisitorController
+{
+    /**
+     * Any persistent action to the config or data store must check the XSRF token validity.
+     */
+    protected function checkToken(Request $request): bool
+    {
+        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
+            throw new WrongTokenException();
+        }
+        return true;
+    }
+    /**
+     * Save a SUCCESS message in user session, which will be displayed on any template page.
+     */
+    protected function saveSuccessMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
+    }
+    /**
+     * Save a WARNING message in user session, which will be displayed on any template page.
+     */
+    protected function saveWarningMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
+    }
+    /**
+     * Save an ERROR message in user session, which will be displayed on any template page.
+     */
+    protected function saveErrorMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
+    }
+    /**
+     * Use the sessionManager to save the provided message using the proper type.
+     *
+     * @param string $type successed/warnings/errors
+     */
+    protected function saveMessage(string $type, string $message): void
+    {
+        $messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
+        $messages[] = $message;
+        $this->container->sessionManager->setSessionParameter($type, $messages);
+    }
+}

diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php new file mode 100644 index 00000000..3b5939bb --- /dev/null +++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -0,0 +1,73 @@
	1	<?php
	2
	3	declare(strict_types=1);
	4
	5	namespace Shaarli\Front\Controller\Admin;
	6
	7	use Shaarli\Container\ShaarliContainer;
	8	use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
	9	use Shaarli\Front\Exception\UnauthorizedException;
	10	use Shaarli\Front\Exception\WrongTokenException;
	11	use Shaarli\Security\SessionManager;
	12	use Slim\Http\Request;
	13
	14	/**
	15	* Class ShaarliAdminController
	16	*
	17	* All admin controllers (for logged in users) MUST extend this abstract class.
	18	* It makes sure that the user is properly logged in, and otherwise throw an exception
	19	* which will redirect to the login page.
	20	*
	21	* @package Shaarli\Front\Controller\Admin
	22	*/
	23	abstract class ShaarliAdminController extends ShaarliVisitorController
	24	{
	25	/**
	26	* Any persistent action to the config or data store must check the XSRF token validity.
	27	*/
	28	protected function checkToken(Request $request): bool
	29	{
	30	if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
	31	throw new WrongTokenException();
	32	}
	33
	34	return true;
	35	}
	36
	37	/**
	38	* Save a SUCCESS message in user session, which will be displayed on any template page.
	39	*/
	40	protected function saveSuccessMessage(string $message): void
	41	{
	42	$this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
	43	}
	44
	45	/**
	46	* Save a WARNING message in user session, which will be displayed on any template page.
	47	*/
	48	protected function saveWarningMessage(string $message): void
	49	{
	50	$this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
	51	}
	52
	53	/**
	54	* Save an ERROR message in user session, which will be displayed on any template page.
	55	*/
	56	protected function saveErrorMessage(string $message): void
	57	{
	58	$this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
	59	}
	60
	61	/**
	62	* Use the sessionManager to save the provided message using the proper type.
	63	*
	64	* @param string $type successed/warnings/errors
	65	*/
	66	protected function saveMessage(string $type, string $message): void
	67	{
	68	$messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
	69	$messages[] = $message;
	70
	71	$this->container->sessionManager->setSessionParameter($type, $messages);
	72	}
	73	}