ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fixed up missing checks from labelService, BadRequestException is now extending StatusException

Browse Source 
Signed-off-by: Ryan Fletcher <ryan.fletcher@codepassion.ca>
This commit is contained in:
Ryan Fletcher
2018-07-20 09:26:36 -04:00
committed by Julius Härtl
parent 507a7fd243
commit 72aeb723a5
3 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/BadRequestException.php
View File

@@ -24,7 +24,7 @@
namespace OCA\Deck; namespace OCA\Deck;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
class BadRequestException extends \Exception { class BadRequestException extends StatusException {
public function __construct($message) { public function __construct($message) {
parent::__construct($message); parent::__construct($message);

2
lib/Middleware/SharingMiddleware.php
View File

@@ -60,7 +60,7 @@ class SharingMiddleware extends Middleware {
* @throws \Exception * @throws \Exception
*/ */
public function afterException($controller, $methodName, \Exception $exception) { public function afterException($controller, $methodName, \Exception $exception) {
if ($exception instanceof StatusException || $exception instanceof BadRequestException) { if ($exception instanceof StatusException) {
if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) { if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
$this->logger->logException($exception); $this->logger->logException($exception);
} }

36
lib/Service/LabelService.php
View File

@@ -27,6 +27,7 @@ use OCA\Deck\Db\Label;
use OCA\Deck\Db\Acl; use OCA\Deck\Db\Acl;
use OCA\Deck\Db\LabelMapper; use OCA\Deck\Db\LabelMapper;
use OCA\Deck\StatusException; use OCA\Deck\StatusException;
use OCA\Deck\BadRequestException;
class LabelService { class LabelService {
@@ -50,8 +51,12 @@ class LabelService {
* @throws \OCA\Deck\NoPermissionException * @throws \OCA\Deck\NoPermissionException
* @throws \OCP\AppFramework\Db\DoesNotExistException * @throws \OCP\AppFramework\Db\DoesNotExistException
* @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
* @throws BadRequestException
*/ */
public function find($labelId) { public function find($labelId) {
if (is_numeric($labelId) === false) {
throw new BadRequestException('label id must be a number');
}
$this->permissionService->checkPermission($this->labelMapper, $labelId, Acl::PERMISSION_READ); $this->permissionService->checkPermission($this->labelMapper, $labelId, Acl::PERMISSION_READ);
return $this->labelMapper->find($labelId); return $this->labelMapper->find($labelId);
} }
@@ -67,6 +72,19 @@ class LabelService {
* @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
*/ */
public function create($title, $color, $boardId) { public function create($title, $color, $boardId) {
if ($title === false || $title === null) {
throw new BadRequestException('title must be provided');
}
if ($color === false || $color === null) {
throw new BadRequestException('color must be provided');
}
if (is_numeric($boardId) === false) {
throw new BadRequestException('board id must be a number');
}
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE); $this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE);
if ($this->boardService->isArchived(null, $boardId)) { if ($this->boardService->isArchived(null, $boardId)) {
throw new StatusException('Operation not allowed. This board is archived.'); throw new StatusException('Operation not allowed. This board is archived.');
@@ -87,6 +105,11 @@ class LabelService {
* @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
*/ */
public function delete($id) { public function delete($id) {
if (is_numeric($id) === false) {
throw new BadRequestException('label id must be a number');
}
$this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE); $this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE);
if ($this->boardService->isArchived($this->labelMapper, $id)) { if ($this->boardService->isArchived($this->labelMapper, $id)) {
throw new StatusException('Operation not allowed. This board is archived.'); throw new StatusException('Operation not allowed. This board is archived.');
@@ -105,6 +128,19 @@ class LabelService {
* @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
*/ */
public function update($id, $title, $color) { public function update($id, $title, $color) {
if (is_numeric($id) === false) {
throw new BadRequestException('label id must be a number');
}
if ($title === false || $title === null) {
throw new BadRequestException('title must be provided');
}
if ($color === false || $color === null) {
throw new BadRequestException('color must be provided');
}
$this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE); $this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE);
if ($this->boardService->isArchived($this->labelMapper, $id)) { if ($this->boardService->isArchived($this->labelMapper, $id)) {
throw new StatusException('Operation not allowed. This board is archived.'); throw new StatusException('Operation not allowed. This board is archived.');