fix bug can edit table and column not have right through api

exceedone · Oct 4, 2024 · ac713d0 · ac713d0
1 parent 23887f3
commit ac713d0
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 0 deletions.
diff --git a/resources/lang/en/exment.php b/resources/lang/en/exment.php
@@ -113,6 +113,7 @@
             'cannot_preview' => '*:name does not support the preview function during editing. If you want to check it, save it once and then do it.',
             'preview_error' => 'The preview has expired. Please close this screen and preview again.',
             'csrf_error' => 'The expiration date has expired, so please reopen your browser.',
+            'not_edit_column_type' => 'The column type cannot be changed.',
         ],
 
         'help' =>[

diff --git a/resources/lang/ja/exment.php b/resources/lang/ja/exment.php
@@ -113,6 +113,7 @@
             'cannot_preview' => '※:nameは、編集中のプレビュー機能に対応していません。確認する場合、一度保存後に実施してください。',
             'preview_error' => 'プレビューの有効期限が切れました。この画面を閉じ、再度プレビューを実施してください。',
             'csrf_error' => '有効期限が切れたので、ブラウザを開き直してください。',
+            'not_edit_column_type' => '列種類は変更不可です。',
         ],
 
         'help' =>[

diff --git a/src/Controllers/AdminControllerTableBase.php b/src/Controllers/AdminControllerTableBase.php
@@ -59,6 +59,15 @@ public function callAction($method, $parameters)
         return $this->{$method}(...array_values($parameters));
     }
 
+    protected function validateEditColumnType($column, $columnType)
+    {
+        if (is_null($columnType) || $columnType !== $column->column_type) {
+            Checker::error(exmtrans("common.message.not_edit_column_type"));
+            return false;
+        }
+        return true;
+    }
+
     /**
      * validate table_name and id
      * ex. check /admin/column/user/1/edit

diff --git a/src/Controllers/CustomColumnController.php b/src/Controllers/CustomColumnController.php
@@ -79,6 +79,35 @@ public function edit(Request $request, Content $content, $tableKey, $id)
         return parent::edit($request, $content, $tableKey, $id);
     }
 
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param int $id
+     *
+     * @return \Illuminate\Http\Response|null
+     */
+    public function update($tableKey, $id)
+    {   
+        //Validation table value
+        if (!$this->validateTable($this->custom_table, Permission::CUSTOM_TABLE)) {
+            return;
+        }
+        if (!$this->validateTableAndId(CustomColumn::class, $id, 'column')) {
+            return;
+        }
+        if (request()->has('column_type')) {
+            $column_type = request()->get('column_type');
+            $column = $this->custom_columns->first(function ($value) use ($id) {
+                return $value->id == $id;
+            });
+            if (!$this->validateEditColumnType($column, $column_type)) {
+                return;
+            }
+        }
+
+        return $this->form($id)->update($id);
+    }
+
     /**
      * Create interface.
      *

diff --git a/src/Controllers/CustomTableController.php b/src/Controllers/CustomTableController.php
@@ -664,6 +664,10 @@ public function edit(Request $request, Content $content, $id)
      */
     public function update($id)
     {
+        if (!$this->validateTable($id, Permission::CUSTOM_TABLE)) {
+            return;
+        }
+
         if (request()->has('columnmulti')) {
             return $this->formMultiColumn($id)->update($id);
         }