1 | <?php |
||||
2 | |||||
3 | namespace DNADesign\Elemental\Controllers; |
||||
4 | |||||
5 | use DNADesign\Elemental\Forms\EditFormFactory; |
||||
6 | use DNADesign\Elemental\Models\BaseElement; |
||||
7 | use Exception; |
||||
8 | use Psr\Log\LoggerInterface; |
||||
9 | use SilverStripe\Admin\LeftAndMain; |
||||
10 | use SilverStripe\Control\HTTPRequest; |
||||
11 | use SilverStripe\Control\HTTPResponse; |
||||
12 | use SilverStripe\Control\HTTPResponse_Exception; |
||||
13 | use SilverStripe\Core\Convert; |
||||
14 | use SilverStripe\Core\Injector\Injector; |
||||
15 | use SilverStripe\Forms\Form; |
||||
16 | use SilverStripe\Security\SecurityToken; |
||||
17 | |||||
18 | /** |
||||
19 | * Controller for "ElementalArea" - handles loading and saving of in-line edit forms in an elemental area in admin |
||||
20 | */ |
||||
21 | class ElementalAreaController extends LeftAndMain |
||||
22 | { |
||||
23 | private static $url_segment = 'elemental-area'; |
||||
24 | |||||
25 | private static $ignore_menuitem = true; |
||||
26 | |||||
27 | private static $url_handlers = [ |
||||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||||
28 | // API access points with structured data |
||||
29 | 'POST api/saveForm/$ID' => 'apiSaveForm', |
||||
30 | ]; |
||||
31 | |||||
32 | private static $allowed_actions = [ |
||||
0 ignored issues
–
show
|
|||||
33 | 'elementForm', |
||||
34 | 'schema', |
||||
35 | 'apiSaveForm', |
||||
36 | ]; |
||||
37 | |||||
38 | public function getClientConfig() |
||||
39 | { |
||||
40 | $clientConfig = parent::getClientConfig(); |
||||
41 | $clientConfig['form']['elementForm'] = [ |
||||
42 | 'schemaUrl' => $this->Link('schema/elementForm'), |
||||
43 | 'saveUrl' => $this->Link('api/saveForm'), |
||||
44 | 'saveMethod' => 'post', |
||||
45 | 'payloadFormat' => 'json', |
||||
46 | ]; |
||||
47 | return $clientConfig; |
||||
48 | } |
||||
49 | |||||
50 | /** |
||||
51 | * @param HTTPRequest|null $request |
||||
52 | * @return Form |
||||
53 | * @throws HTTPResponse_Exception |
||||
54 | */ |
||||
55 | public function elementForm(HTTPRequest $request = null) |
||||
56 | { |
||||
57 | // Get ID either from posted back value, or url parameter |
||||
58 | if (!$request) { |
||||
59 | $this->jsonError(400); |
||||
60 | return null; |
||||
61 | } |
||||
62 | $id = $request->param('ID'); |
||||
63 | if (!$id) { |
||||
64 | $this->jsonError(400); |
||||
65 | return null; |
||||
66 | } |
||||
67 | return $this->getElementForm($id) ?: $this->jsonError(404); |
||||
68 | } |
||||
69 | |||||
70 | /** |
||||
71 | * @param int $elementID |
||||
72 | * @return Form|null Returns null if no element exists for the given ID |
||||
73 | */ |
||||
74 | public function getElementForm($elementID) |
||||
75 | { |
||||
76 | $scaffolder = Injector::inst()->get(EditFormFactory::class); |
||||
77 | $element = BaseElement::get()->byID($elementID); |
||||
78 | |||||
79 | if (!$element) { |
||||
80 | return null; |
||||
81 | } |
||||
82 | |||||
83 | /** @var Form $form */ |
||||
84 | $form = $scaffolder->getForm( |
||||
85 | $this, |
||||
86 | 'ElementForm_'.$elementID, |
||||
87 | ['Record' => $element] |
||||
88 | ); |
||||
89 | |||||
90 | return $form; |
||||
91 | } |
||||
92 | |||||
93 | /** |
||||
94 | * Save an inline edit form for a block |
||||
95 | * |
||||
96 | * @param HTTPRequest $request |
||||
97 | * @return HTTPResponse|null JSON encoded string or null if an exception is thrown |
||||
98 | * @throws HTTPResponse_Exception |
||||
99 | */ |
||||
100 | public function apiSaveForm(HTTPRequest $request) |
||||
101 | { |
||||
102 | // Validate required input data |
||||
103 | if (!isset($this->urlParams['ID'])) { |
||||
104 | $this->jsonError(400); |
||||
105 | return null; |
||||
106 | } |
||||
107 | |||||
108 | $data = Convert::json2array($request->getBody()); |
||||
109 | if (empty($data)) { |
||||
110 | $this->jsonError(400); |
||||
111 | return null; |
||||
112 | } |
||||
113 | |||||
114 | // Inject request body as request vars |
||||
115 | foreach ($data as $key => $value) { |
||||
116 | $request->offsetSet($key, $value); |
||||
117 | } |
||||
118 | |||||
119 | // Check security token |
||||
120 | if (!SecurityToken::inst()->checkRequest($request)) { |
||||
121 | $this->jsonError(400); |
||||
122 | return null; |
||||
123 | } |
||||
124 | |||||
125 | /** @var BaseElement $element */ |
||||
126 | $element = BaseElement::get()->byID($this->urlParams['ID']); |
||||
127 | // Ensure the element can be edited by the current user |
||||
128 | if (!$element || !$element->canEdit()) { |
||||
0 ignored issues
–
show
|
|||||
129 | $this->jsonError(403); |
||||
130 | return null; |
||||
131 | } |
||||
132 | |||||
133 | // Remove the pseudo namespaces that were added by the form factory |
||||
134 | $data = $this->removeNamespacesFromFields($data, $element->ID); |
||||
0 ignored issues
–
show
It seems like
$data can also be of type boolean ; however, parameter $data of DNADesign\Elemental\Cont...eNamespacesFromFields() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
135 | |||||
136 | try { |
||||
137 | $updated = false; |
||||
138 | $element->update($data); |
||||
139 | // Check if anything will actually be changed before writing |
||||
140 | if ($element->isChanged()) { |
||||
141 | $element->write(); |
||||
142 | // Track changes so we can return to the client |
||||
143 | $updated = true; |
||||
144 | } |
||||
145 | } catch (Exception $ex) { |
||||
146 | Injector::inst()->get(LoggerInterface::class)->debug($ex->getMessage()); |
||||
147 | |||||
148 | $this->jsonError(500); |
||||
149 | return null; |
||||
150 | } |
||||
151 | |||||
152 | $body = Convert::raw2json([ |
||||
153 | 'status' => 'success', |
||||
154 | 'updated' => $updated, |
||||
155 | ]); |
||||
156 | return HTTPResponse::create($body)->addHeader('Content-Type', 'application/json'); |
||||
157 | } |
||||
158 | |||||
159 | /** |
||||
160 | * Remove the pseudo namespaces that were added to form fields by the form factory |
||||
161 | * |
||||
162 | * @param array $data |
||||
163 | * @param int $elementID |
||||
164 | * @return array |
||||
165 | */ |
||||
166 | protected function removeNamespacesFromFields(array $data, $elementID) |
||||
167 | { |
||||
168 | $output = []; |
||||
169 | $template = sprintf(EditFormFactory::FIELD_NAMESPACE_TEMPLATE, $elementID, ''); |
||||
170 | foreach ($data as $key => $value) { |
||||
171 | // Only look at fields that match the namespace template |
||||
172 | if (substr($key, 0, strlen($template)) !== $template) { |
||||
173 | continue; |
||||
174 | } |
||||
175 | |||||
176 | $fieldName = substr($key, strlen($template)); |
||||
177 | $output[$fieldName] = $value; |
||||
178 | } |
||||
179 | return $output; |
||||
180 | } |
||||
181 | } |
||||
182 |