routeSQL : Test if the chained object exists or send a 404
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2031 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
213
routeSQL.php
213
routeSQL.php
@@ -13,6 +13,8 @@ error_reporting (E_ALL);
|
|||||||
Allow to do CRUD on datas with only one line in index.php */
|
Allow to do CRUD on datas with only one line in index.php */
|
||||||
class routeSQL
|
class routeSQL
|
||||||
{
|
{
|
||||||
|
/** Activate the debug */
|
||||||
|
public $debug=0;
|
||||||
/** Display the Actions column in list of entries */
|
/** Display the Actions column in list of entries */
|
||||||
public $displayActions = true;
|
public $displayActions = true;
|
||||||
/** Do a confirmation in javascript before deleting entry */
|
/** Do a confirmation in javascript before deleting entry */
|
||||||
@@ -123,10 +125,14 @@ class routeSQL
|
|||||||
$dataflash .= "<div class='alert ";
|
$dataflash .= "<div class='alert ";
|
||||||
switch ($flash[0])
|
switch ($flash[0])
|
||||||
{
|
{
|
||||||
case 4: $dataflash .= "alert-danger";$alert = _("Error!");break;
|
case 4: $dataflash .= "alert-danger";
|
||||||
case 3: $dataflash .= "alert-warning";$alert = _("Warning!");break;
|
$alert = dgettext("domframework","Error!");break;
|
||||||
case 2: $dataflash .= "alert-info";$alert = _("Info :");break;
|
case 3: $dataflash .= "alert-warning";
|
||||||
case 1: $dataflash .= "alert-success";$alert = _("Success : ");break;
|
$alert = dgettext("domframework","Warning!");break;
|
||||||
|
case 2: $dataflash .= "alert-info";
|
||||||
|
$alert = dgettext("domframework","Info :");break;
|
||||||
|
case 1: $dataflash .= "alert-success";
|
||||||
|
$alert = dgettext("domframework","Success : ");break;
|
||||||
}
|
}
|
||||||
$dataflash .= " alert-dismissable'>\n";
|
$dataflash .= " alert-dismissable'>\n";
|
||||||
$dataflash .= "<strong>$alert</strong> ".$flash[1]."\n";
|
$dataflash .= "<strong>$alert</strong> ".$flash[1]."\n";
|
||||||
@@ -230,7 +236,7 @@ class routeSQL
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Display the search area */
|
/** Display the search area */
|
||||||
public function searchArea ($nbentries, $page, $num, $search)
|
private function searchArea ($nbentries, $page, $num, $search)
|
||||||
{
|
{
|
||||||
$route = new route ();
|
$route = new route ();
|
||||||
$content = "";
|
$content = "";
|
||||||
@@ -280,6 +286,7 @@ class routeSQL
|
|||||||
}
|
}
|
||||||
/** Add HTML routes */
|
/** Add HTML routes */
|
||||||
$route = new route ();
|
$route = new route ();
|
||||||
|
$route->debug = $this->debug;;
|
||||||
$route->allowSlashes=false;
|
$route->allowSlashes=false;
|
||||||
$route->get ($this->url_prefix."/", function ($chain) use ($route)
|
$route->get ($this->url_prefix."/", function ($chain) use ($route)
|
||||||
{
|
{
|
||||||
@@ -292,18 +299,30 @@ class routeSQL
|
|||||||
function ($p1, $v1, $p2, $v2, $p3, $v3, $chain) use ($route)
|
function ($p1, $v1, $p2, $v2, $p3, $v3, $chain) use ($route)
|
||||||
{
|
{
|
||||||
// List all the objects of the table
|
// List all the objects of the table
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->accessright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->accessright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework",
|
||||||
|
"Access forbidden"), 403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedValues are the informations associated to the $chain
|
||||||
|
$chainedValues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedValues === false)
|
||||||
|
throw new Exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright () !== TRUE)
|
if ($this->accessright () !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework",
|
||||||
|
"Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null &&
|
||||||
@@ -338,7 +357,7 @@ class routeSQL
|
|||||||
//echo "PAGE=$page\n";
|
//echo "PAGE=$page\n";
|
||||||
//echo "NUM=$num\n";
|
//echo "NUM=$num\n";
|
||||||
//echo "SEARCH=$search\n";
|
//echo "SEARCH=$search\n";
|
||||||
//$route->debug=1;
|
//$route->debug=$this->debug;
|
||||||
$this->connect();
|
$this->connect();
|
||||||
$csrf = new csrf ();
|
$csrf = new csrf ();
|
||||||
$token = $csrf->createToken ();
|
$token = $csrf->createToken ();
|
||||||
@@ -541,27 +560,39 @@ echo $content;
|
|||||||
function ($id, $token, $chain)
|
function ($id, $token, $chain)
|
||||||
{
|
{
|
||||||
// Delete an existing object if the token is valid
|
// Delete an existing object if the token is valid
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->editright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->editright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"),
|
||||||
|
403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedValues are the informations associated to the $chain
|
||||||
|
$chainedValues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedValues === false)
|
||||||
|
throw new Exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright ($id) !== TRUE)
|
if ($this->accessright ($id) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->editright ($id) !== TRUE)
|
if ($this->editright ($id) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->readonly ($id) === TRUE)
|
if ($this->readonly ($id) === TRUE)
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
|
|
||||||
$this->connect();
|
$this->connect();
|
||||||
$csrf = new csrf ();
|
$csrf = new csrf ();
|
||||||
@@ -589,27 +620,39 @@ echo $content;
|
|||||||
$route->get ($this->url_prefix."/add", function ($chain)
|
$route->get ($this->url_prefix."/add", function ($chain)
|
||||||
{
|
{
|
||||||
// Add a new entry : form to be filled by the user
|
// Add a new entry : form to be filled by the user
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->editright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->editright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"),
|
||||||
|
403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedValues are the informations associated to the $chain
|
||||||
|
$chainedValues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedValues === false)
|
||||||
|
throw new Exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright () !== TRUE)
|
if ($this->accessright () !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->editright () !== TRUE)
|
if ($this->editright () !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->readonly () === TRUE)
|
if ($this->readonly () === TRUE)
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
|
|
||||||
$this->connect();
|
$this->connect();
|
||||||
$content = $this->showflash ();
|
$content = $this->showflash ();
|
||||||
@@ -675,8 +718,9 @@ echo $content;
|
|||||||
unset ($field);
|
unset ($field);
|
||||||
}
|
}
|
||||||
|
|
||||||
$field = new formfield ("submit", _("Save the datas"));
|
$field = new formfield ("submit", dgettext("domframework",
|
||||||
$field->defaults = _("Save the datas");
|
"Save the datas"));
|
||||||
|
$field->defaults = dgettext("domframework","Save the datas");
|
||||||
$field->type = "submit";
|
$field->type = "submit";
|
||||||
$fields[] = $field;
|
$fields[] = $field;
|
||||||
unset ($field);
|
unset ($field);
|
||||||
@@ -688,27 +732,39 @@ echo $content;
|
|||||||
$route->post ($this->url_prefix."/add", function ($chain) use ($route)
|
$route->post ($this->url_prefix."/add", function ($chain) use ($route)
|
||||||
{
|
{
|
||||||
// Add a new entry : effective save of the datas
|
// Add a new entry : effective save of the datas
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->editright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->editright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"),
|
||||||
|
403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedvalues are the informations associated to the $chain
|
||||||
|
$chainedvalues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedvalues === false)
|
||||||
|
throw new exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright () !== TRUE)
|
if ($this->accessright () !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->editright () !== TRUE)
|
if ($this->editright () !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->readonly () === TRUE)
|
if ($this->readonly () === TRUE)
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
|
|
||||||
$this->connect();
|
$this->connect();
|
||||||
$f = new form ();
|
$f = new form ();
|
||||||
@@ -720,7 +776,8 @@ echo $content;
|
|||||||
{
|
{
|
||||||
$this->objectDB->insert ($values);
|
$this->objectDB->insert ($values);
|
||||||
$renderer = new renderer ();
|
$renderer = new renderer ();
|
||||||
$renderer->flash ("SUCCESS", _("Creation done"));
|
$renderer->flash ("SUCCESS", dgettext("domframework",
|
||||||
|
"Creation done"));
|
||||||
$route->redirect ("/".
|
$route->redirect ("/".
|
||||||
str_replace ("{chain}", $chain, $this->url_prefix),
|
str_replace ("{chain}", $chain, $this->url_prefix),
|
||||||
"");
|
"");
|
||||||
@@ -749,18 +806,29 @@ echo $content;
|
|||||||
$route->get ($this->url_prefix."/{id}", function ($id, $chain)
|
$route->get ($this->url_prefix."/{id}", function ($id, $chain)
|
||||||
{
|
{
|
||||||
// List the details of one existing object
|
// List the details of one existing object
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->accessright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->accessright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"),
|
||||||
|
403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedvalues are the informations associated to the $chain
|
||||||
|
$chainedvalues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedvalues === false)
|
||||||
|
throw new exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright ($id) !== TRUE)
|
if ($this->accessright ($id) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null &&
|
||||||
$this->chained->editright ($chain) !== true)
|
$this->chained->editright ($chain) !== true)
|
||||||
@@ -842,8 +910,9 @@ echo $content;
|
|||||||
|
|
||||||
if ($readonly === false && $this->readwriteAllowed === true)
|
if ($readonly === false && $this->readwriteAllowed === true)
|
||||||
{
|
{
|
||||||
$field = new formfield ("submit", _("Save the datas"));
|
$field = new formfield ("submit", dgettext("domframework",
|
||||||
$field->defaults = _("Save the datas");
|
"Save the datas"));
|
||||||
|
$field->defaults = dgettext("domframework","Save the datas");
|
||||||
$field->type = "submit";
|
$field->type = "submit";
|
||||||
$fields[] = $field;
|
$fields[] = $field;
|
||||||
unset ($field);
|
unset ($field);
|
||||||
@@ -856,27 +925,39 @@ echo $content;
|
|||||||
$route->post ($this->url_prefix."/{id}", function ($id, $chain) use ($route)
|
$route->post ($this->url_prefix."/{id}", function ($id, $chain) use ($route)
|
||||||
{
|
{
|
||||||
// Save the details of one existing object
|
// Save the details of one existing object
|
||||||
if ($this->chained !== null &&
|
if ($this->chained !== null)
|
||||||
$this->chained->editright ($chain) !== TRUE)
|
{
|
||||||
|
if ($this->chained->editright ($chain) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework",
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
"Anonymous not allowed"), 401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"),
|
||||||
|
403);
|
||||||
|
}
|
||||||
|
$this->chained->connect();
|
||||||
|
// $chainedvalues are the informations associated to the $chain
|
||||||
|
$chainedvalues = $this->chained->keyexists ($chain);
|
||||||
|
if ($chainedvalues === false)
|
||||||
|
throw new exception (dgettext("domframework",
|
||||||
|
"Object not found"), 404);
|
||||||
}
|
}
|
||||||
if ($this->accessright ($id) !== TRUE)
|
if ($this->accessright ($id) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->editright ($id) !== TRUE)
|
if ($this->editright ($id) !== TRUE)
|
||||||
{
|
{
|
||||||
if ($this->auth["email"] === "anonymous")
|
if ($this->auth["email"] === "anonymous")
|
||||||
throw new Exception (_("Anonymous not allowed"), 401);
|
throw new Exception (dgettext("domframework","Anonymous not allowed"),
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
401);
|
||||||
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
}
|
}
|
||||||
if ($this->readonly ($id) === TRUE)
|
if ($this->readonly ($id) === TRUE)
|
||||||
throw new Exception (_("Access forbidden"), 403);
|
throw new Exception (dgettext("domframework","Access forbidden"), 403);
|
||||||
|
|
||||||
$this->connect();
|
$this->connect();
|
||||||
$oldvalues = $this->objectDB->read (array (array
|
$oldvalues = $this->objectDB->read (array (array
|
||||||
@@ -903,7 +984,7 @@ echo $content;
|
|||||||
{
|
{
|
||||||
$this->objectDB->update ($id, $values);
|
$this->objectDB->update ($id, $values);
|
||||||
$renderer = new renderer ();
|
$renderer = new renderer ();
|
||||||
$renderer->flash ("SUCCESS", _("Update done"));
|
$renderer->flash ("SUCCESS", dgettext("domframework","Update done"));
|
||||||
$route->redirect ("/".
|
$route->redirect ("/".
|
||||||
str_replace ("{chain}", $chain, $this->url_prefix),
|
str_replace ("{chain}", $chain, $this->url_prefix),
|
||||||
"");
|
"");
|
||||||
@@ -982,4 +1063,16 @@ echo $content;
|
|||||||
}
|
}
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return the datas of the row if the $id exists in the primary key of the
|
||||||
|
table
|
||||||
|
Return FALSE in the other cases */
|
||||||
|
public function keyexists ($id)
|
||||||
|
{
|
||||||
|
$datas = $this->objectDB->read (array (array ($this->objectDB->primary,
|
||||||
|
$id)));
|
||||||
|
if (count ($datas) > 0)
|
||||||
|
return $datas[0];
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user