These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * This file is part of the Sonata Project package. |
||
7 | * |
||
8 | * (c) Thomas Rabaix <[email protected]> |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Sonata\AdminBundle\Action; |
||
15 | |||
16 | use Sonata\AdminBundle\Admin\Pool; |
||
17 | use Sonata\AdminBundle\Twig\Extension\SonataAdminExtension; |
||
18 | use Symfony\Component\HttpFoundation\JsonResponse; |
||
19 | use Symfony\Component\HttpFoundation\Request; |
||
20 | use Symfony\Component\HttpFoundation\Response; |
||
21 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
22 | use Symfony\Component\PropertyAccess\PropertyPath; |
||
23 | use Symfony\Component\Validator\Validator\ValidatorInterface; |
||
24 | use Twig\Environment; |
||
25 | |||
26 | final class SetObjectFieldValueAction |
||
27 | { |
||
28 | /** |
||
29 | * @var Pool |
||
30 | */ |
||
31 | private $pool; |
||
32 | |||
33 | /** |
||
34 | * @var Environment |
||
35 | */ |
||
36 | private $twig; |
||
37 | |||
38 | /** |
||
39 | * @var ValidatorInterface |
||
40 | */ |
||
41 | private $validator; |
||
42 | |||
43 | public function __construct(Environment $twig, Pool $pool, $validator) |
||
44 | { |
||
45 | // NEXT_MAJOR: Move ValidatorInterface check to method signature |
||
46 | if (!($validator instanceof ValidatorInterface)) { |
||
47 | throw new \InvalidArgumentException( |
||
48 | 'Argument 3 is an instance of '.\get_class($validator).', expecting an instance of' |
||
49 | .' \Symfony\Component\Validator\Validator\ValidatorInterface' |
||
50 | ); |
||
51 | } |
||
52 | $this->pool = $pool; |
||
53 | $this->twig = $twig; |
||
54 | $this->validator = $validator; |
||
55 | } |
||
56 | |||
57 | /** |
||
58 | * @throws NotFoundHttpException |
||
59 | * |
||
60 | * @return Response |
||
61 | */ |
||
62 | public function __invoke(Request $request) |
||
63 | { |
||
64 | $field = $request->get('field'); |
||
65 | $code = $request->get('code'); |
||
66 | $objectId = $request->get('objectId'); |
||
67 | $value = $originalValue = $request->get('value'); |
||
68 | $context = $request->get('context'); |
||
69 | |||
70 | $admin = $this->pool->getInstance($code); |
||
71 | $admin->setRequest($request); |
||
72 | |||
73 | // alter should be done by using a post method |
||
74 | if (!$request->isXmlHttpRequest()) { |
||
75 | return new JsonResponse('Expected an XmlHttpRequest request header', 405); |
||
76 | } |
||
77 | |||
78 | if ('POST' !== $request->getMethod()) { |
||
79 | return new JsonResponse('Expected a POST Request', 405); |
||
80 | } |
||
81 | |||
82 | $rootObject = $object = $admin->getObject($objectId); |
||
83 | |||
84 | if (!$object) { |
||
85 | return new JsonResponse('Object does not exist', 404); |
||
86 | } |
||
87 | |||
88 | // check user permission |
||
89 | if (false === $admin->hasAccess('edit', $object)) { |
||
90 | return new JsonResponse('Invalid permissions', 403); |
||
91 | } |
||
92 | |||
93 | if ('list' === $context) { |
||
94 | $fieldDescription = $admin->getListFieldDescription($field); |
||
95 | } else { |
||
96 | return new JsonResponse('Invalid context', 400); |
||
97 | } |
||
98 | |||
99 | if (!$fieldDescription) { |
||
100 | return new JsonResponse('The field does not exist', 400); |
||
101 | } |
||
102 | |||
103 | if (!$fieldDescription->getOption('editable')) { |
||
104 | return new JsonResponse('The field cannot be edited, editable option must be set to true', 400); |
||
105 | } |
||
106 | |||
107 | $propertyPath = new PropertyPath($field); |
||
108 | |||
109 | // If property path has more than 1 element, take the last object in order to validate it |
||
110 | if ($propertyPath->getLength() > 1) { |
||
111 | $object = $this->pool->getPropertyAccessor()->getValue($object, $propertyPath->getParent()); |
||
0 ignored issues
–
show
|
|||
112 | |||
113 | $elements = $propertyPath->getElements(); |
||
114 | $field = end($elements); |
||
115 | $propertyPath = new PropertyPath($field); |
||
116 | } |
||
117 | |||
118 | // Handle date type has setter expect a DateTime object |
||
119 | if ('' !== $value && 'date' === $fieldDescription->getType()) { |
||
120 | $value = new \DateTime($value); |
||
121 | } |
||
122 | |||
123 | // Handle boolean type transforming the value into a boolean |
||
124 | if ('' !== $value && 'boolean' === $fieldDescription->getType()) { |
||
125 | $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); |
||
126 | } |
||
127 | |||
128 | // Handle entity choice association type, transforming the value into entity |
||
129 | if ('' !== $value |
||
130 | && 'choice' === $fieldDescription->getType() |
||
131 | && null !== $fieldDescription->getOption('class') |
||
132 | && $fieldDescription->getOption('class') === $fieldDescription->getTargetEntity() |
||
133 | ) { |
||
134 | $value = $admin->getModelManager()->find($fieldDescription->getOption('class'), $value); |
||
135 | |||
136 | if (!$value) { |
||
137 | return new JsonResponse(sprintf( |
||
138 | 'Edit failed, object with id: %s not found in association: %s.', |
||
139 | $originalValue, |
||
140 | $field |
||
141 | ), 404); |
||
142 | } |
||
143 | } |
||
144 | |||
145 | $this->pool->getPropertyAccessor()->setValue($object, $propertyPath, '' !== $value ? $value : null); |
||
146 | |||
147 | $violations = $this->validator->validate($object); |
||
148 | |||
149 | if (\count($violations)) { |
||
150 | $messages = []; |
||
151 | |||
152 | foreach ($violations as $violation) { |
||
153 | $messages[] = $violation->getMessage(); |
||
154 | } |
||
155 | |||
156 | return new JsonResponse(implode("\n", $messages), 400); |
||
157 | } |
||
158 | |||
159 | $admin->update($object); |
||
0 ignored issues
–
show
It seems like
$object can also be of type array ; however, Sonata\AdminBundle\Admin...iderInterface::update() does only seem to accept object , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
160 | |||
161 | // render the widget |
||
162 | // todo : fix this, the twig environment variable is not set inside the extension ... |
||
163 | $extension = $this->twig->getExtension(SonataAdminExtension::class); |
||
164 | |||
165 | $content = $extension->renderListElement($this->twig, $rootObject, $fieldDescription); |
||
166 | |||
167 | return new JsonResponse($content, 200); |
||
168 | } |
||
169 | } |
||
170 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: