Skip to content

Commit

Permalink
fix(target_actor): prevent inconsistent adds
Browse files Browse the repository at this point in the history
  • Loading branch information
@btry
btry committed Jan 31, 2022
1 parent c456a5d commit 9f75b25
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 23 deletions.
58 changes: 39 additions & 19 deletions front/targetticket.form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,31 +41,51 @@

// Edit an existing target ticket
if (isset($_POST['update'])) {
$targetticket->update($_POST);
if (!$targetticket->canUpdateItem()) {
Session::addMessageAfterRedirect(__('No right to update this item.', 'formcreator'), false, ERROR);
} else {
$targetticket->update($_POST);
}
Html::back();

} else if (isset($_POST['actor_role'])) {
$id = (int) $_POST['id'];
$actor_value = $_POST['actor_value_' . $_POST['actor_type']] ?? null;
$use_notification = ($_POST['use_notification'] == 0) ? 0 : 1;
$targetTicket_actor = new PluginFormcreatorTarget_Actor();
$targetTicket_actor->add([
'itemtype' => $targetticket->getType(),
'items_id' => $id,
'actor_role' => $_POST['actor_role'],
'actor_type' => $_POST['actor_type'],
'actor_value' => $actor_value,
'use_notification' => $use_notification,
]);
$id = (int) $_POST['id'];
$targetticket->getFromDB($id);
if (!$targetticket->canUpdateItem()) {
Session::addMessageAfterRedirect(__('No right to update this item.', 'formcreator'), false, ERROR);
} else {
$actor_value = $_POST['actor_value_' . $_POST['actor_type']] ?? null;
$use_notification = ($_POST['use_notification'] == 0) ? 0 : 1;
$targetTicket_actor = new PluginFormcreatorTarget_Actor();
$targetTicket_actor->add([
'itemtype' => $targetticket->getType(),
'items_id' => $id,
'actor_role' => $_POST['actor_role'],
'actor_type' => $_POST['actor_type'],
'actor_value' => $actor_value,
'use_notification' => $use_notification,
]);
}
Html::back();

} else if (isset($_GET['delete_actor'])) {
$targetTicket_actor = new PluginFormcreatorTarget_Actor();
$targetTicket_actor->delete([
'itemtype' => $targetticket->getType(),
'items_id' => $id,
'id' => (int) $_GET['delete_actor']
]);
$requiredKeys = ['id'];
if (count(array_intersect(array_keys($_GET), $requiredKeys)) < count($requiredKeys)) {
Session::addMessageAfterRedirect(__('Bad request while deleting an actor.', 'formcreator'), false, ERROR);
Html::back();
}
$id = (int) $_GET['id'];
$targetticket->getFromDB($id);
if (!$targetticket->canUpdateItem()) {
Session::addMessageAfterRedirect(__('No right to update this item.', 'formcreator'), false, ERROR);
} else {
$targetTicket_actor = new PluginFormcreatorTarget_Actor();
$targetTicket_actor->delete([
'itemtype' => $targetticket->getType(),
'items_id' => $id,
'id' => (int) $_GET['delete_actor']
]);
}
Html::back();

// Show target ticket form
Expand Down
6 changes: 3 additions & 3 deletions inc/abstracttarget.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1826,9 +1826,9 @@ public function post_updateItem($history = 1) {
$this->updateConditions($this->input);
}

protected static function getDeleteImage($id) {
protected function getDeleteImage($id) {
$formUrl = static::getFormURL();
$link = ' &nbsp;<a href="' . $formUrl . '?delete_actor=' . $id . '">';
$link = ' &nbsp;<a href="' . $formUrl . '?delete_actor=' . $id . '&id=' . $this->getID() . '">';
$link .= '<i style="color: #000" class="fas fa-trash-alt" alt="' . __('Delete') . '" title="' . __('Delete') . '"></i>';
$link .= '</a>';
return $link;
Expand Down Expand Up @@ -2371,7 +2371,7 @@ protected function showActorSettingsForType($actorType, array $actors) {
break;
}
echo $values['use_notification'] ? ' ' . $img_mail . ' ' : ' ' . $img_nomail . ' ';
echo self::getDeleteImage($id);
echo $this->getDeleteImage($id);
echo '</div>';
}

Expand Down
29 changes: 28 additions & 1 deletion inc/target_actor.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ static function getEnumActorType() {
self::ACTOR_TYPE_SUPPLIER => __('Specific supplier', 'formcreator'),
self::ACTOR_TYPE_QUESTION_SUPPLIER => __('Supplier from the question', 'formcreator'),
self::ACTOR_TYPE_QUESTION_ACTORS => __('Actors from the question', 'formcreator'),
self::ACTOR_TYPE_AUTHORS_SUPERVISOR => __('Form author\'s supervisor', 'formcreator'),
self::ACTOR_TYPE_AUTHORS_SUPERVISOR => __('Form author\'s supervisor', 'formcreator'),
];
}

Expand All @@ -92,6 +92,33 @@ public static function getTypeName($nb = 0) {
}

public function prepareInputForAdd($input) {

$requiredKeys = ['itemtype', 'items_id', 'actor_role', 'actor_type', 'use_notification'];
if (count(array_intersect(array_keys($input), $requiredKeys)) < count($requiredKeys)) {
Session::addMessageAfterRedirect(__('Bad request while adding an actor.', 'formcreator'), false, ERROR);
return false;
}

switch ($input['actor_type']) {
case self::ACTOR_TYPE_PERSON:
case self::ACTOR_TYPE_GROUP:
if (!isset($input['actor_value']) || $input['actor_value'] == 0) {
Session::addMessageAfterRedirect(__('Bad request while adding an actor.', 'formcreator'), false, ERROR);
return false;
}
break;

case self::ACTOR_TYPE_QUESTION_PERSON:
case self::ACTOR_TYPE_QUESTION_GROUP:
case self::ACTOR_TYPE_QUESTION_ACTORS:
if (!isset($input['actor_value']) || $input['actor_value'] == 0) {
Session::addMessageAfterRedirect(__('Bad request while adding an actor.', 'formcreator'), false, ERROR);
return false;
}
break;

}

// generate a unique id
if (!isset($input['uuid']) || empty($input['uuid'])) {
$input['uuid'] = plugin_formcreator_getUuid();
Expand Down

0 comments on commit 9f75b25

Please sign in to comment.