Schlaefer / Saito

src/Controller/PostingsController.php

<?php

declare(strict_types=1);

/**
 * Saito - The Threaded Web Forum
 *
 * @copyright Copyright (c) the Saito Project Developers
 * @link https://github.com/Schlaefer/Saito
 * @license http://opensource.org/licenses/MIT
 */

namespace App\Controller;

use Api\Controller\ApiAppController;
use App\Controller\Component\PostingComponent;
use App\Model\Entity\Entry;
use App\Model\Table\EntriesTable;
use Cake\Core\Configure;
use Cake\Http\Exception\BadRequestException;
use Cake\Http\Exception\NotFoundException;
use Saito\Exception\SaitoForbiddenException;
use Saito\Posting\PostingInterface;

/**
 * Endpoint for adding/POST and editing/PUT posting
 *
 * @property EntriesTable $Entries
 * @property PostingComponent $Posting
 */
class PostingsController extends ApiAppController
{
    /**
     * {@inheritDoc}
     */
    public function initialize()
    {
        parent::initialize();
        $this->loadModel('Entries');
        $this->loadComponent('Posting');
    }

    /**
     * Add a a new posting
     *
     * @return void
     */
    public function add(): void
    {
        $data = $this->getRequest()->getData();
        $allowedFields = ['category_id', 'edited', 'edited_by', 'pid', 'subject', 'text'];
        $data = array_intersect_key($data, array_fill_keys($allowedFields, 1));

It seems like $data can also be of type null; however, parameter $array1 of array_intersect_key() does only seem to accept array, maybe add an additional type check?

        $data += [
            'name' => $this->CurrentUser->get('username'),
            'user_id' => $this->CurrentUser->getId(),
        ];

        /** @var Entry */
        $posting = $this->Posting->create($data, $this->CurrentUser);

        if (empty($posting)) {
            throw new BadRequestException();
        }

        $errors = $posting->getErrors();

        if (!count($errors)) {
            $this->set(compact('posting'));

            return;
        }

        $this->set(compact('errors'));
        $this->viewBuilder()->setTemplate('/Error/json/entityValidation');
    }

    /**
     * Edit an existing posting
     *
     * @param string $id Unused in favor of request-data.
     * @return void
     */
    public function edit(string $id): void

The parameter $id is not used and could be removed.

    {
        $id = $this->getRequest()->getData('id', null);

        if (empty($id)) {
            throw new BadRequestException('No posting-id provided.');
        }

        $posting = $this->Entries->get($id);

$id of type array|string is incompatible with the type integer expected by parameter $primaryKey of App\Model\Table\EntriesTable::get().

        if (!$posting) {
            throw new NotFoundException('Posting not found.');
        }

        $data = $this->getRequest()->getData();
        $allowedFields = ['category_id', 'edited', 'edited_by', 'subject', 'text'];
        $data = array_intersect_key($data, array_fill_keys($allowedFields, 1));

It seems like $data can also be of type null; however, parameter $array1 of array_intersect_key() does only seem to accept array, maybe add an additional type check?

        $data += [
            'edited' => bDate(),
            'edited_by' => $this->CurrentUser->get('username'),
        ];

        $updatedPosting = $this->Posting->update($posting, $data, $this->CurrentUser);

It seems like $posting can also be of type array; however, parameter $entry of App\Controller\Component\PostingComponent::update() does only seem to accept App\Model\Entity\Entry, maybe add an additional type check?

        if (!$updatedPosting) {

$updatedPosting is of type App\Model\Entity\Entry, thus it always evaluated to true.

            throw new BadRequestException('Posting could not be saved.');
        }

        if (!$updatedPosting->hasErrors()) {
            $this->set('posting', $updatedPosting);
            $this->render('/Postings/json/add');

            return;
        }

        $errors = $updatedPosting->getErrors();
        $this->set(compact('errors'));
        $this->viewBuilder()->setTemplate('/Error/json/entityValidation');
    }

    /**
     * Serves meta information required to add or edit a posting
     *
     * @param string|null $id ID of the posting (send on edit)
     * @return void
     */
    public function meta(?string $id = null): void
    {
        $id = (int)$id;
        $isEdit = !empty($id);
        $pid = $this->getRequest()->getQuery('pid', null);
        $isAnswer = !empty($pid);

        if ($isAnswer) {
            /** @var PostingInterface */
            $parent = $this->Entries->get($pid)->toPosting()->withCurrentUser($this->CurrentUser);

The method toPosting() does not exist on Cake\Datasource\EntityInterface. It seems like you code against a sub-type of Cake\Datasource\EntityInterface such as App\Model\Entity\Entry.

$pid of type array|string is incompatible with the type integer expected by parameter $primaryKey of App\Model\Table\EntriesTable::get().

            // Don't leak content of forbidden categories
            if ($parent->isAnsweringForbidden()) {
                throw new SaitoForbiddenException(
                    'Access to parent in PostingsController:meta() forbidden.',
                    ['CurrentUser' => $this->CurrentUser]
                );
            }

            $this->set('parent', $parent);
        }

        if ($isEdit) {
            /** @var PostingInterface */
            $posting = $this->Entries->get($id)->toPosting()->withCurrentUser($this->CurrentUser);
            if (!$posting->isEditingAllowed()) {
                throw new SaitoForbiddenException(
                    'Access to posting in PostingsController:meta() forbidden.',
                    ['CurrentUser' => $this->CurrentUser]
                );
            }
            $this->set('posting', $posting);
        } else {
            /// We currently don't save drafts for edits
            $where = ['user_id' => $this->CurrentUser->getId()];
            if (is_numeric($pid)) {
                $where['pid'] = $pid;
            }
            $draft = $this->Entries->Drafts->find()->where($where)->first();

            if ($draft) {
                $this->set('draft', $draft);
            }
        }

        $settings = Configure::read('Saito.Settings');

        $this->set(compact('isAnswer', 'isEdit', 'settings'));

        $action = $isAnswer ? 'answer' : 'thread';
        $categories = $this->CurrentUser->getCategories()->getAll($action, 'list');
        $this->set('categories', $categories);
    }
}