From 1b24ddb6b12bd85d15beed45476d72678b758128 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 20:21:12 -0400 Subject: Add new MVC, 'Obj' This MVC will be used to browse scrott datastructures. --- app/controller/obj.control.php | 48 +++++++++++++++++++++++++++++++++++++++++ app/controller/root.control.php | 12 +++++++++++ 2 files changed, 60 insertions(+) create mode 100644 app/controller/obj.control.php (limited to 'app/controller') diff --git a/app/controller/obj.control.php b/app/controller/obj.control.php new file mode 100644 index 0000000..f341b48 --- /dev/null +++ b/app/controller/obj.control.php @@ -0,0 +1,48 @@ +type) + { + case "group": + $this->action_group($mod, $argv[0]); + break; + } + } + + function action_group($mod, $guid) + { + /* TODO */ + } +} + +?> diff --git a/app/controller/root.control.php b/app/controller/root.control.php index 9a4ebd8..7e4d1ab 100644 --- a/app/controller/root.control.php +++ b/app/controller/root.control.php @@ -15,12 +15,14 @@ */ require_once "class/controller.class.php"; +require_once "class/object.class.php"; require_once "class/setting.class.php"; require_once "controller/sysconf.control.php"; require_once "controller/except.control.php"; require_once "controller/auth.control.php"; require_once "controller/deauth.control.php"; require_once "controller/dashboard.control.php"; +require_once "controller/obj.control.php"; require_once "controller/deleteacct.control.php"; /* @@ -82,6 +84,16 @@ class Root extends Controller case "logout": $ctrl = new Deauth(); break; case "deleteaccount": $ctrl = new Deleteacct(); break; default: + /* Check if arg is an object guid */ + $obj = new DBObject(); + + if ($obj->isGUID($argv[0])) + { + $ctrl = new Obj(); + break; + } + + /* No page to show for requested path */ throw new Exception("The requested path is not valid."); break; } -- cgit v1.2.3 From d8f7264898d59a261c0e65e525502143259415ad Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 21:29:32 -0400 Subject: Create blank view for groups Finish initializing the Obj MVC by writing an empty view/action for groups. --- app/controller/obj.control.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'app/controller') diff --git a/app/controller/obj.control.php b/app/controller/obj.control.php index f341b48..08172b5 100644 --- a/app/controller/obj.control.php +++ b/app/controller/obj.control.php @@ -34,14 +34,15 @@ class Obj extends Controller switch ($obj->type) { case "group": - $this->action_group($mod, $argv[0]); + $this->action_group($mod, $obj->guid); break; } } function action_group($mod, $guid) { - /* TODO */ + $mod->initGroup($guid); + include "view/obj/group.view.php"; } } -- cgit v1.2.3 From f7848f8b7b471766d674c8bf8e9a75099a9ffda5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 10 Jun 2016 01:12:45 -0400 Subject: Assert access control before rendering an object view If the current user does not have access permission to the requested object, throw an exception and do not proceed. --- app/controller/obj.control.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'app/controller') diff --git a/app/controller/obj.control.php b/app/controller/obj.control.php index 08172b5..74288ee 100644 --- a/app/controller/obj.control.php +++ b/app/controller/obj.control.php @@ -31,6 +31,9 @@ class Obj extends Controller $mod = new ObjModel(); $obj = new DBObject($argv[0]); + if (!$obj->canAccess($this->getCurrentUser())) + throw new Exception("You do not have permission to access this object"); + switch ($obj->type) { case "group": -- cgit v1.2.3 From 1f39899416ca012d50d261d88b6c2bc86a673212 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 12 Jun 2016 20:50:57 -0400 Subject: Update Obj controller This commit makes the Obj controller compatable with changes introduced in the previous commit. --- app/controller/obj.control.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'app/controller') diff --git a/app/controller/obj.control.php b/app/controller/obj.control.php index 74288ee..2154d16 100644 --- a/app/controller/obj.control.php +++ b/app/controller/obj.control.php @@ -16,7 +16,6 @@ require_once "class/controller.class.php"; require_once "model/obj.mod.php"; -require_once "class/object.class.php"; /* * Object viewer, Used to view groups, pads, and more! @@ -28,23 +27,21 @@ class Obj extends Controller */ function handle($argv) { - $mod = new ObjModel(); - $obj = new DBObject($argv[0]); + $mod = new ObjModel($argv[0]); - if (!$obj->canAccess($this->getCurrentUser())) + if (!$mod->obj->canAccess($this->getCurrentUser())) throw new Exception("You do not have permission to access this object"); - switch ($obj->type) + switch ($mod->obj->type) { case "group": - $this->action_group($mod, $obj->guid); + $this->action_group($mod); break; } } - function action_group($mod, $guid) + function action_group($mod) { - $mod->initGroup($guid); include "view/obj/group.view.php"; } } -- cgit v1.2.3