This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the MilioooMessageBundle package. |
||
5 | * |
||
6 | * (c) Michiel boeckaert <[email protected]> |
||
7 | * This source file is subject to the MIT license that is bundled |
||
8 | * with this source code in the file LICENSE. |
||
9 | */ |
||
10 | |||
11 | namespace Miliooo\MessagingBundle\Controller; |
||
12 | |||
13 | use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface; |
||
14 | use Miliooo\Messaging\Manager\DeleteThreadManagerSecureInterface; |
||
15 | use Miliooo\Messaging\ThreadProvider\ThreadProviderInterface; |
||
16 | use Miliooo\Messaging\Helpers\FlashMessages\FlashMessageProviderInterface; |
||
17 | use Symfony\Component\Routing\RouterInterface; |
||
18 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
19 | use Miliooo\Messaging\Model\ThreadInterface; |
||
20 | use Symfony\Component\HttpFoundation\Response; |
||
21 | use Miliooo\Messaging\User\ParticipantProviderInterface; |
||
22 | use Miliooo\Messaging\User\ParticipantInterface; |
||
23 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
||
24 | |||
25 | /** |
||
26 | * The delete thread controller is responsible for deleting threads from the storage engine. |
||
27 | * |
||
28 | * @author Michiel Boeckaert <[email protected]> |
||
29 | */ |
||
30 | class DeleteThreadController |
||
31 | { |
||
32 | /** |
||
33 | * A templating engine |
||
34 | * |
||
35 | * @var EngineInterface |
||
36 | */ |
||
37 | private $templating; |
||
38 | |||
39 | /** |
||
40 | * A delete thread manager instance. |
||
41 | * |
||
42 | * @var DeleteThreadManagerSecureInterface |
||
43 | */ |
||
44 | private $deleteThreadManager; |
||
45 | |||
46 | /** |
||
47 | * A thread provider instance. |
||
48 | * |
||
49 | * @var ThreadProviderInterface |
||
50 | */ |
||
51 | private $threadProvider; |
||
52 | |||
53 | /** |
||
54 | * A flash message provider. |
||
55 | * |
||
56 | * @var flashMessageProviderInterface |
||
57 | */ |
||
58 | private $flashMessageProvider; |
||
59 | |||
60 | /** |
||
61 | * A routing instance. |
||
62 | * |
||
63 | * @var RouterInterface |
||
64 | */ |
||
65 | private $router; |
||
66 | |||
67 | /** |
||
68 | * A participant provider. |
||
69 | * |
||
70 | * @var ParticipantProviderInterface |
||
71 | */ |
||
72 | private $participantProvider; |
||
73 | |||
74 | |||
75 | /** |
||
76 | * Constructor. |
||
77 | * |
||
78 | * @param EngineInterface $templating |
||
79 | * @param DeleteThreadManagerSecureInterface $deleteThreadManager |
||
80 | * @param ThreadProviderInterface $threadProvider |
||
81 | * @param FlashMessageProviderInterface $flashMessageProvider |
||
82 | * @param RouterInterface $router |
||
83 | * @param ParticipantProviderInterface $participantProvider |
||
84 | */ |
||
85 | public function __construct( |
||
86 | EngineInterface $templating, |
||
87 | DeleteThreadManagerSecureInterface $deleteThreadManager, |
||
88 | ThreadProviderInterface $threadProvider, |
||
89 | FlashMessageProviderInterface $flashMessageProvider, |
||
90 | RouterInterface $router, |
||
91 | ParticipantProviderInterface $participantProvider |
||
92 | ) { |
||
0 ignored issues
–
show
Coding Style
introduced
by
![]() |
|||
93 | $this->templating = $templating; |
||
94 | $this->deleteThreadManager = $deleteThreadManager; |
||
95 | $this->threadProvider = $threadProvider; |
||
96 | $this->flashMessageProvider = $flashMessageProvider; |
||
0 ignored issues
–
show
It seems like
$flashMessageProvider of type object<Miliooo\Messaging...ssageProviderInterface> is incompatible with the declared type object<Miliooo\Messaging...ssageProviderInterface> of property $flashMessageProvider .
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. ![]() |
|||
97 | $this->router = $router; |
||
98 | $this->participantProvider = $participantProvider; |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * Deletes a thread. |
||
103 | * |
||
104 | * Deletes a thread and returns the user to the inbox with a success or error flash message. |
||
105 | * |
||
106 | * @param integer $threadId The unique id of the thread |
||
107 | * |
||
108 | * @return Response |
||
109 | */ |
||
110 | public function deleteAction($threadId) |
||
111 | { |
||
112 | $loggedInUser = $this->participantProvider->getAuthenticatedParticipant(); |
||
113 | $thread = $this->threadProvider->findThreadById($threadId); |
||
114 | |||
115 | if ($thread) { |
||
116 | $this->doThreadDelete($loggedInUser, $thread); |
||
117 | } else { |
||
118 | $this->doThreadNotFound(); |
||
119 | } |
||
120 | |||
121 | $url = $this->router->generate('miliooo_message_inbox'); |
||
122 | |||
123 | return new RedirectResponse($url); |
||
124 | } |
||
125 | |||
126 | /** |
||
127 | * Deletes the thread and adds a flash. |
||
128 | * |
||
129 | * @param ParticipantInterface $loggedInUser |
||
130 | * @param ThreadInterface $thread |
||
131 | */ |
||
132 | protected function doThreadDelete(ParticipantInterface $loggedInUser, ThreadInterface $thread) |
||
133 | { |
||
134 | //helper to decide if we need to add success flash |
||
135 | $access = true; |
||
136 | |||
137 | try { |
||
138 | $this->deleteThreadManager->deleteThread($loggedInUser, $thread); |
||
139 | } catch (AccessDeniedException $e) { |
||
0 ignored issues
–
show
|
|||
140 | |||
141 | //add no permission flash |
||
142 | $this->flashMessageProvider->addFlash( |
||
143 | FlashMessageProviderInterface::TYPE_ERROR, |
||
144 | 'flash.thread_delete_no_permission', |
||
145 | [] |
||
146 | ); |
||
147 | //set access to false |
||
148 | $access = false; |
||
149 | } |
||
150 | |||
151 | if ($access) { |
||
152 | //add success to the flash |
||
153 | $this->flashMessageProvider->addFlash( |
||
154 | FlashMessageProviderInterface::TYPE_SUCCESS, |
||
155 | 'flash.thread_deleted_success', |
||
156 | [] |
||
157 | ); |
||
158 | } |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * Adds an error flash. |
||
163 | */ |
||
164 | protected function doThreadNotFound() |
||
165 | { |
||
166 | //add thread not found to the flash |
||
167 | $this->flashMessageProvider->addFlash( |
||
168 | FlashMessageProviderInterface::TYPE_ERROR, |
||
169 | 'flash.thread_not_found', |
||
170 | [] |
||
171 | ); |
||
172 | } |
||
173 | } |
||
174 |