ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Validation Checking against StackApiController

Browse Source 
Signed-off-by: Ryan Fletcher <ryan.fletcher@codepassion.ca>
This commit is contained in:
Ryan Fletcher
2018-07-12 22:10:43 -04:00
committed by Julius Härtl
parent 3cb496daa2
commit 5415ec21dc
1 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
lib/Controller/StackApiController.php
View File

@@ -60,6 +60,12 @@ class StackApiController extends ApiController {
* Return all of the stacks in the specified board. * Return all of the stacks in the specified board.
*/ */
public function index() { public function index() {
// validation check against the id.
if (is_numeric($this->request->params['boardId']) === false) {
return new DataResponse("board id must be a number", HTTP::STATUS_BAD_REQUEST);
}
$stacks = $this->service->findAll($this->request->params['boardId']); $stacks = $this->service->findAll($this->request->params['boardId']);
if ($stacks === false || $stacks === null) { if ($stacks === false || $stacks === null) {
@@ -81,6 +87,15 @@ class StackApiController extends ApiController {
*/ */
public function create($title, $order) { public function create($title, $order) {
// validation check against the id.
if (is_numeric($this->request->params['boardId']) === false) {
return new DataResponse("board id must be a number", HTTP::STATUS_BAD_REQUEST);
}
if (is_numeric($order) === false) {
return new DataResponse("order must be a number", HTTP::STATUS_BAD_REQUEST);
}
try { try {
$stack = $this->service->create($title, $this->request->params['boardId'], $order); $stack = $this->service->create($title, $this->request->params['boardId'], $order);
} catch (StatusException $e) { } catch (StatusException $e) {
@@ -102,6 +117,19 @@ class StackApiController extends ApiController {
* Update a stack by the specified stackId and boardId with the values that were put. * Update a stack by the specified stackId and boardId with the values that were put.
*/ */
public function update($title, $order) { public function update($title, $order) {
if (is_numeric($this->request->params['boardId']) === false) {
return new DataResponse("board id must be a number", HTTP::STATUS_BAD_REQUEST);
}
if (is_numeric($this->request->params['stackId']) === false) {
return new DataResponse("stack id must be a number", HTTP::STATUS_BAD_REQUEST);
}
if (is_numeric($order) === false) {
return new DataResponse("order must be a number", HTTP::STATUS_BAD_REQUEST);
}
try { try {
$stack = $this->service->update( $stack = $this->service->update(
$this->request->params['stackId'], $this->request->params['stackId'],
@@ -121,9 +149,14 @@ class StackApiController extends ApiController {
* @CORS * @CORS
* @NoCSRFRequired * @NoCSRFRequired
* *
* Delete the stack specified by $this->request->params['id']. Return the board that was deleted. * Delete the stack specified by $this->request->params['stackId']. Return the board that was deleted.
*/ */
public function delete() { public function delete() {
if (is_numeric($this->request->params['stackId']) === false) {
return new DataResponse("stack id must be a number", HTTP::STATUS_BAD_REQUEST);
}
$stack = $this->service->delete($this->request->params['stackId']); $stack = $this->service->delete($this->request->params['stackId']);
if ($stack == false || $stack == null) { if ($stack == false || $stack == null) {