From 03cdd0b3941808a74286d1f40482b9354c359588 Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Tue, 17 Mar 2015 19:57:15 +0000 Subject: [PATCH] routeSQL : Test if the chained object exists or send a 404 git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2031 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- routeSQL.php | 225 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 159 insertions(+), 66 deletions(-) diff --git a/routeSQL.php b/routeSQL.php index cf662d2..c4b1934 100644 --- a/routeSQL.php +++ b/routeSQL.php @@ -13,6 +13,8 @@ error_reporting (E_ALL); Allow to do CRUD on datas with only one line in index.php */ class routeSQL { + /** Activate the debug */ + public $debug=0; /** Display the Actions column in list of entries */ public $displayActions = true; /** Do a confirmation in javascript before deleting entry */ @@ -123,10 +125,14 @@ class routeSQL $dataflash .= "
\n"; $dataflash .= "$alert ".$flash[1]."\n"; @@ -230,7 +236,7 @@ class routeSQL } /** Display the search area */ - public function searchArea ($nbentries, $page, $num, $search) + private function searchArea ($nbentries, $page, $num, $search) { $route = new route (); $content = ""; @@ -280,6 +286,7 @@ class routeSQL } /** Add HTML routes */ $route = new route (); + $route->debug = $this->debug;; $route->allowSlashes=false; $route->get ($this->url_prefix."/", function ($chain) use ($route) { @@ -292,18 +299,30 @@ class routeSQL function ($p1, $v1, $p2, $v2, $p3, $v3, $chain) use ($route) { // List all the objects of the table - if ($this->chained !== null && - $this->chained->accessright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->accessright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework", + "Access forbidden"), 403); + } + $this->chained->connect(); + // $chainedValues are the informations associated to the $chain + $chainedValues = $this->chained->keyexists ($chain); + if ($chainedValues === false) + throw new Exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright () !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework", + "Access forbidden"), 403); } if ($this->chained !== null && @@ -338,7 +357,7 @@ class routeSQL //echo "PAGE=$page\n"; //echo "NUM=$num\n"; //echo "SEARCH=$search\n"; - //$route->debug=1; + //$route->debug=$this->debug; $this->connect(); $csrf = new csrf (); $token = $csrf->createToken (); @@ -541,27 +560,39 @@ echo $content; function ($id, $token, $chain) { // Delete an existing object if the token is valid - if ($this->chained !== null && - $this->chained->editright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->editright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework","Access forbidden"), + 403); + } + $this->chained->connect(); + // $chainedValues are the informations associated to the $chain + $chainedValues = $this->chained->keyexists ($chain); + if ($chainedValues === false) + throw new Exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright ($id) !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->editright ($id) !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->readonly ($id) === TRUE) - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); $csrf = new csrf (); @@ -589,27 +620,39 @@ echo $content; $route->get ($this->url_prefix."/add", function ($chain) { // Add a new entry : form to be filled by the user - if ($this->chained !== null && - $this->chained->editright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->editright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework","Access forbidden"), + 403); + } + $this->chained->connect(); + // $chainedValues are the informations associated to the $chain + $chainedValues = $this->chained->keyexists ($chain); + if ($chainedValues === false) + throw new Exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright () !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->editright () !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->readonly () === TRUE) - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); $content = $this->showflash (); @@ -675,8 +718,9 @@ echo $content; unset ($field); } - $field = new formfield ("submit", _("Save the datas")); - $field->defaults = _("Save the datas"); + $field = new formfield ("submit", dgettext("domframework", + "Save the datas")); + $field->defaults = dgettext("domframework","Save the datas"); $field->type = "submit"; $fields[] = $field; unset ($field); @@ -688,27 +732,39 @@ echo $content; $route->post ($this->url_prefix."/add", function ($chain) use ($route) { // Add a new entry : effective save of the datas - if ($this->chained !== null && - $this->chained->editright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->editright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework","Access forbidden"), + 403); + } + $this->chained->connect(); + // $chainedvalues are the informations associated to the $chain + $chainedvalues = $this->chained->keyexists ($chain); + if ($chainedvalues === false) + throw new exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright () !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->editright () !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->readonly () === TRUE) - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); $f = new form (); @@ -720,7 +776,8 @@ echo $content; { $this->objectDB->insert ($values); $renderer = new renderer (); - $renderer->flash ("SUCCESS", _("Creation done")); + $renderer->flash ("SUCCESS", dgettext("domframework", + "Creation done")); $route->redirect ("/". str_replace ("{chain}", $chain, $this->url_prefix), ""); @@ -749,18 +806,29 @@ echo $content; $route->get ($this->url_prefix."/{id}", function ($id, $chain) { // List the details of one existing object - if ($this->chained !== null && - $this->chained->accessright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->accessright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework","Access forbidden"), + 403); + } + $this->chained->connect(); + // $chainedvalues are the informations associated to the $chain + $chainedvalues = $this->chained->keyexists ($chain); + if ($chainedvalues === false) + throw new exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright ($id) !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->chained !== null && $this->chained->editright ($chain) !== true) @@ -842,8 +910,9 @@ echo $content; if ($readonly === false && $this->readwriteAllowed === true) { - $field = new formfield ("submit", _("Save the datas")); - $field->defaults = _("Save the datas"); + $field = new formfield ("submit", dgettext("domframework", + "Save the datas")); + $field->defaults = dgettext("domframework","Save the datas"); $field->type = "submit"; $fields[] = $field; unset ($field); @@ -856,27 +925,39 @@ echo $content; $route->post ($this->url_prefix."/{id}", function ($id, $chain) use ($route) { // Save the details of one existing object - if ($this->chained !== null && - $this->chained->editright ($chain) !== TRUE) + if ($this->chained !== null) { - if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + if ($this->chained->editright ($chain) !== TRUE) + { + if ($this->auth["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework","Access forbidden"), + 403); + } + $this->chained->connect(); + // $chainedvalues are the informations associated to the $chain + $chainedvalues = $this->chained->keyexists ($chain); + if ($chainedvalues === false) + throw new exception (dgettext("domframework", + "Object not found"), 404); } if ($this->accessright ($id) !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->editright ($id) !== TRUE) { if ($this->auth["email"] === "anonymous") - throw new Exception (_("Anonymous not allowed"), 401); - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->readonly ($id) === TRUE) - throw new Exception (_("Access forbidden"), 403); + throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); $oldvalues = $this->objectDB->read (array (array @@ -903,7 +984,7 @@ echo $content; { $this->objectDB->update ($id, $values); $renderer = new renderer (); - $renderer->flash ("SUCCESS", _("Update done")); + $renderer->flash ("SUCCESS", dgettext("domframework","Update done")); $route->redirect ("/". str_replace ("{chain}", $chain, $this->url_prefix), ""); @@ -982,4 +1063,16 @@ echo $content; } return FALSE; } + + /** Return the datas of the row if the $id exists in the primary key of the + table + Return FALSE in the other cases */ + public function keyexists ($id) + { + $datas = $this->objectDB->read (array (array ($this->objectDB->primary, + $id))); + if (count ($datas) > 0) + return $datas[0]; + return FALSE; + } }