Skip to content

Commit

Permalink
implement forbidden message instead of redirection
Browse files Browse the repository at this point in the history 
When user is connected but is not allowed to access part of app
  • Loading branch information
@vincent-peugnet
vincent-peugnet committed Nov 9, 2023
1 parent afbf766 commit 556f28c
Show file tree
Hide file tree
Showing 7 changed files with 161 additions and 132 deletions.
45 changes: 26 additions & 19 deletions app/class/Controlleradmin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,32 +16,39 @@ public function __construct($router)
parent::__construct($router);

$this->adminmanager = new Modeladmin();

if ($this->user->isvisitor()) {
http_response_code(401);
$this->showtemplate('connect', ['route' => 'admin']);
exit;
}
if (!$this->user->isadmin()) {
http_response_code(403);
$this->showtemplate('forbidden', []);
exit;
}
}

public function desktop()
{
if ($this->user->isadmin()) {
$datas['pagelist'] = $this->pagemanager->list();
$this->mediamanager = new Modelmedia();
$datas['faviconlist'] = $this->mediamanager->listfavicon();
$datas['thumbnaillist'] = $this->mediamanager->listthumbnail();
$datas['themes'] = $this->mediamanager->listthemes();
$datas['pagelist'] = $this->pagemanager->list();
$this->mediamanager = new Modelmedia();
$datas['faviconlist'] = $this->mediamanager->listfavicon();
$datas['thumbnaillist'] = $this->mediamanager->listthumbnail();
$datas['themes'] = $this->mediamanager->listthemes();

$globalcssfile = Model::GLOBAL_CSS_FILE;

if (is_file($globalcssfile)) {
$datas['globalcss'] = file_get_contents($globalcssfile);
} else {
$datas['globalcss'] = "";
}
$globalcssfile = Model::GLOBAL_CSS_FILE;

$datas['pagesdblist'] = $this->adminmanager->pagesdblist();
$datas['pagesdbtree'] = $this->mediamanager->listdir(Model::PAGES_DIR);

$this->showtemplate('admin', $datas);
if (is_file($globalcssfile)) {
$datas['globalcss'] = file_get_contents($globalcssfile);
} else {
$this->routedirect('home');
$datas['globalcss'] = "";
}

$datas['pagesdblist'] = $this->adminmanager->pagesdblist();
$datas['pagesdbtree'] = $this->mediamanager->listdir(Model::PAGES_DIR);

$this->showtemplate('admin', $datas);
}

public function update()
Expand All @@ -52,10 +59,10 @@ public function update()
Config::hydrate($_POST);
Config::savejson();
Model::sendflashmessage("Configuration succesfully updated", Model::FLASH_SUCCESS);
$this->routedirect('admin');
} catch (Filesystemexception $e) {
Model::sendflashmessage("Can't write config file or global css file", Model::FLASH_ERROR);
}
$this->routedirect('admin');
}

public function database()
Expand Down
89 changes: 48 additions & 41 deletions app/class/Controllermedia.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,62 +21,69 @@ public function __construct(AltoRouter $router)
$this->mediamanager = new Modelmedia();

$this->mediaopt = new Mediaopt($_GET);

if ($this->user->isvisitor()) {
http_response_code(401);
$this->showtemplate('connect', ['route' => 'media']);
exit;
}
}



public function desktop()
{
if ($this->user->iseditor()) {
try {
Fs::dircheck(Model::FONT_DIR, true, 0775);
Fs::dircheck(Model::THUMBNAIL_DIR, true, 0775);
Fs::dircheck(Model::FAVICON_DIR, true, 0775);
Fs::dircheck(Model::CSS_DIR, true, 0775);
} catch (RuntimeException $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
}
if (isset($_POST['query'])) {
$datas = array_merge($_GET, $_POST);
} else {
$datas = $_GET;
}
if (!$this->user->iseditor()) {
http_response_code(403);
$this->showtemplate('forbidden', []);
exit;
}
try {
Fs::dircheck(Model::FONT_DIR, true, 0775);
Fs::dircheck(Model::THUMBNAIL_DIR, true, 0775);
Fs::dircheck(Model::FAVICON_DIR, true, 0775);
Fs::dircheck(Model::CSS_DIR, true, 0775);
} catch (RuntimeException $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
}
if (isset($_POST['query'])) {
$datas = array_merge($_GET, $_POST);
} else {
$datas = $_GET;
}

$mediaopt = new Mediaoptlist($datas);
$mediaopt = new Mediaoptlist($datas);

try {
$this->mediamanager->checkdir($this->mediaopt->dir());
} catch (Folderexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_WARNING);
$this->mediaopt->setpath(Model::MEDIA_DIR);
$this->redirect($this->generate("media", [], $this->mediaopt->getpathadress()));
}
try {
$this->mediamanager->checkdir($this->mediaopt->dir());
} catch (Folderexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_WARNING);
$this->mediaopt->setpath(Model::MEDIA_DIR);
$this->redirect($this->generate("media", [], $this->mediaopt->getpathadress()));
}

$medialist = $this->mediamanager->medialistopt($mediaopt);
$medialist = $this->mediamanager->medialistopt($mediaopt);

$dirlist = $this->mediamanager->listdir(Model::MEDIA_DIR);
$dirlist = $this->mediamanager->listdir(Model::MEDIA_DIR);

$pathlist = [];
$this->mediamanager->listpath($dirlist, '', $pathlist);
$pathlist = [];
$this->mediamanager->listpath($dirlist, '', $pathlist);

$vars['maxuploadsize'] = readablesize(file_upload_max_size()) . 'o';
$vars['cssfont'] = Model::dirtopath(Model::FONTS_CSS_FILE);
$vars['maxuploadsize'] = readablesize(file_upload_max_size()) . 'o';
$vars['cssfont'] = Model::dirtopath(Model::FONTS_CSS_FILE);

if (isset($_GET['display'])) {
$this->workspace->setmediadisplay($_GET['display']);
$this->workspace2session();
}
if (isset($_GET['display'])) {
$this->workspace->setmediadisplay($_GET['display']);
$this->workspace2session();
}

$vars['filtercode'] = !empty($_POST); // indicate that filter code has been generated
$vars['medialist'] = $medialist;
$vars['dirlist'] = $dirlist;
$vars['pathlist'] = $pathlist;
$vars['mediaopt'] = $mediaopt;
$vars['filtercode'] = !empty($_POST); // indicate that filter code has been generated
$vars['medialist'] = $medialist;
$vars['dirlist'] = $dirlist;
$vars['pathlist'] = $pathlist;
$vars['mediaopt'] = $mediaopt;

$this->showtemplate('media', $vars);
} else {
$this->routedirect('home');
}
$this->showtemplate('media', $vars);
}

public function upload()
Expand Down
7 changes: 4 additions & 3 deletions app/class/Controllerpage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,9 +235,9 @@ public function edit($page)
$this->pageconnect('pageedit');

if ($this->importpage()) {

if (!$this->canedit($this->page)) {
$this->showtemplate('unauthorized', ['route' => 'pageedit', 'id' => $this->page->id()]);
http_response_code(403);
$this->showtemplate('forbidden', ['route' => 'pageedit', 'id' => $this->page->id()]);
exit;
}

Expand Down Expand Up @@ -300,7 +300,8 @@ public function add($page)
$this->pagemanager->add($this->page);
$this->routedirect('pageedit', ['page' => $this->page->id()]);
} else {
$this->routedirect('pageread', ['page' => $this->page->id()]);
http_response_code(403);
$this->showtemplate('forbidden', ['route' => 'pageedit', 'id' => $this->page->id()]);
}
}

Expand Down
95 changes: 47 additions & 48 deletions app/class/Controllerprofile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,73 +7,72 @@

class Controllerprofile extends Controller
{
public function __construct($router)
{
parent::__construct($router);

if ($this->user->isvisitor()) {
http_response_code(401);
$this->showtemplate('connect', ['route' => 'profile']);
exit;
}
}

public function desktop()
{
if ($this->user->isinvite()) {
try {
$datas['user'] = $this->usermanager->get($this->user);
$this->showtemplate('profile', $datas);
} catch (Notfoundexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
$this->routedirect('home');
}
} else {
try {
$datas['user'] = $this->usermanager->get($this->user);
$this->showtemplate('profile', $datas);
} catch (Notfoundexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
$this->routedirect('home');
}
}

public function update()
{
if ($this->user->isinvite()) {
try {
$user = $this->usermanager->get($this->user);
$user->hydrateexception($_POST);
$this->usermanager->add($user);
} catch (Notfoundexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
} catch (RuntimeException $e) {
Model::sendflashmessage(
'There was a problem when updating preference : ' . $e->getMessage(),
Model::FLASH_ERROR
);
}
$this->routedirect('profile');
} else {
$this->routedirect('home');
try {
$user = $this->usermanager->get($this->user);
$user->hydrateexception($_POST);
$this->usermanager->add($user);
} catch (Notfoundexception $e) {
Model::sendflashmessage($e->getMessage(), Model::FLASH_ERROR);
} catch (RuntimeException $e) {
Model::sendflashmessage(
'There was a problem when updating preference : ' . $e->getMessage(),
Model::FLASH_ERROR
);
}
$this->routedirect('profile');
}

public function password()
{
if ($this->user->isinvite()) {
if (
!isset($_POST['currentpassword']) ||
!$this->usermanager->passwordcheck($this->user->id(), $_POST['currentpassword'])
) {
Model::sendflashmessage("wrong current password", 'error');
$this->routedirect('profile');
}
if (
!isset($_POST['currentpassword']) ||
!$this->usermanager->passwordcheck($this->user->id(), $_POST['currentpassword'])
) {
Model::sendflashmessage("wrong current password", 'error');
$this->routedirect('profile');
}

if (
!empty($_POST['password1']) &&
!empty($_POST['password2']) &&
$_POST['password1'] === $_POST['password2']
) {
if (
!empty($_POST['password1']) &&
!empty($_POST['password2']) &&
$_POST['password1'] === $_POST['password2']
$this->user->setpassword($_POST['password1']) &&
$this->user->hashpassword() &&
$this->usermanager->add($this->user)
) {
if (
$this->user->setpassword($_POST['password1']) &&
$this->user->hashpassword() &&
$this->usermanager->add($this->user)
) {
Model::sendflashmessage('password updated successfully', 'success');
} else {
Model::sendflashmessage("password is not compatible or an error occured", 'error');
}
Model::sendflashmessage('password updated successfully', 'success');
} else {
Model::sendflashmessage("passwords does not match", "error");
Model::sendflashmessage("password is not compatible or an error occured", 'error');
}
$this->routedirect('profile');
} else {
$this->routedirect('home');
Model::sendflashmessage("passwords does not match", "error");
}
$this->routedirect('profile');
}
}
9 changes: 8 additions & 1 deletion app/class/Controlleruser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ class Controlleruser extends Controller
public function __construct($router)
{
parent::__construct($router);

if ($this->user->isvisitor()) {
http_response_code(401);
$this->showtemplate('connect', ['route' => 'user']);
exit;
}
}

public function desktop()
Expand All @@ -18,7 +24,8 @@ public function desktop()
$datas['userlist'] = $this->usermanager->getlister();
$this->showtemplate('user', $datas);
} else {
$this->routedirect('home');
http_response_code(403);
$this->showtemplate('forbidden', []);
}
}

Expand Down
28 changes: 28 additions & 0 deletions app/view/templates/forbidden.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?php $this->layout('layout', ['title' => 'Forbidden', 'description' => 'forbidden', 'stylesheets' => [$css . 'home.css']]) ?>




<?php $this->start('page') ?>

<h1>Forbidden</h1>

<span>
<?= $user->level() ?>
</span>

<?php if($user->isinvite()) { ?>
<p>
Sorry <?= $user->name() ?>, you are not allowed to do this.
</p>
<?php } ?>

<?php
if(in_array($route, ['pageedit', 'pageread', 'pageadd'])) {
echo '<p><a href="' . $this->upage('pageread', $id) . '">back to page read view</a></p>';
} else {
echo '<p><a href="' . $this->url('home') . '">Go back to home</a>';
}
?>

<?php $this->stop() ?>
20 changes: 0 additions & 20 deletions app/view/templates/unauthorized.php
View file

This file was deleted.

0 comments on commit 556f28c

Please sign in to comment.