Skip to content

Commit

Permalink
Fix restrictions for form operations
Browse files Browse the repository at this point in the history
  • Loading branch information
martialblog committed Aug 5, 2024
1 parent e3899de commit 7413564
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
8 changes: 5 additions & 3 deletions application/forms/EditForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,23 +56,25 @@ public function onSuccess()
$this->view->getMetaData();
$this->view->getTree();

// Store the view to the session
$this->viewconfig->storeToSession($this->view);

$cancel = $this->getElement('btn_submit_cancel');
$delete = $this->getElement('btn_submit_delete');

if ($this->getElement('btn_submit_save_file')->getValue() !== null) {
// Store the view to its YAML file
$this->viewconfig->storeToFile($this->view);
Notification::success($this->translate('Top Level View successfully saved'));
} elseif ($cancel !== null && $cancel->getValue() !== null) {
// Clear the stored session data for the view
$this->viewconfig->clearSession($this->view);
Notification::success($this->translate('Top Level View restored from disk'));
} elseif ($delete != null && $delete->getValue() !== null) {
// Delte the view's YAML file
$this->viewconfig->delete($this->view);
$this->setRedirectUrl('toplevelview');
Notification::success($this->translate('Top Level View successfully deleted'));
} else {
// Store the view to the user's session by default
$this->viewconfig->storeToSession($this->view);
Notification::success($this->translate('Top Level View successfully saved for the current session'));
}
return true;
Expand Down
14 changes: 14 additions & 0 deletions library/Toplevelview/ViewConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,10 @@ public function loadAll($format = self::FORMAT_YAML): array
*/
public function storeToSession($view): void
{
// Assert the user has rights to edit this view
$restrictions = $this->getRestrictions('toplevelview/filter/edit');
$this->assertAccessToView($restrictions, $view->getName());

Session::getSession()->set(self::SESSION_PREFIX . $view->getName(), $view->getText());
}

Expand All @@ -266,6 +270,12 @@ public function clearSession($view): void
*/
public function storeToFile($view): void
{
// Assert the user has rights to edit this file
$restrictions = $this->getRestrictions('toplevelview/filter/edit');
$this->assertAccessToView($restrictions, $view->getName());

var_dump($restrictions);

$file_path = $this->getConfigDir() . DIRECTORY_SEPARATOR . $view->getName() . '.' . $view->getFormat();
// Store a backup of the existing config
if (file_exists($file_path)) {
Expand All @@ -283,6 +293,10 @@ public function storeToFile($view): void
*/
public function delete($view): void
{
// Assert the user has rights to edit this view
$restrictions = $this->getRestrictions('toplevelview/filter/edit');
$this->assertAccessToView($restrictions, $view->getName());

$file_path = $this->getConfigDir() . DIRECTORY_SEPARATOR . $view->getName() . '.' . $view->getFormat();

$this->clearSession($view);
Expand Down

0 comments on commit 7413564

Please sign in to comment.