AllowedFor wip

dg · dg · commit c19ebdc5e787 · 2024-03-11T21:01:56.000+01:00
diff --git a/src/Application/Attributes/AllowedFor.php b/src/Application/Attributes/AllowedFor.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nette\Application\Attributes;
+
+use Attribute;
+
+
+#[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
+class AllowedFor
+{
+	public function __construct(
+		public ?bool $httpGet = null,
+		public ?bool $httpPost = null,
+		public ?bool $forward = null,
+		public ?array $actions = null,
+		public ?bool $crossOrigin = null,
+	) {
+	}
+}
diff --git a/src/Application/UI/Component.php b/src/Application/UI/Component.php
@@ -134,6 +134,13 @@ public function checkRequirements($element): void
 		) {
 			$this->getPresenter()->detectedCsrf();
 		}
+
+		if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {
+			$method = strtolower($this->getPresenter()->getRequest()->getMethod());
+			if (empty($attrs[0]->newInstance()->$method)) {
+				throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");
+			}
+		}
 	}
 
 

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,13 @@ public function checkRequirements($element): void`
`134`	`134`	`) {`
`135`	`135`	`$this->getPresenter()->detectedCsrf();`
`136`	`136`	`}`
	`137`	`+`
	`138`	`+ if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {`
	`139`	`+ $method = strtolower($this->getPresenter()->getRequest()->getMethod());`
	`140`	`+ if (empty($attrs[0]->newInstance()->$method)) {`
	`141`	`+ throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");`
	`142`	`+ }`
	`143`	`+ }`
`137`	`144`	`}`
`138`	`145`
`139`	`146`