1<?php 2/** 3 * webtrees: online genealogy 4 * Copyright (C) 2019 webtrees development team 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 3 of the License, or 8 * (at your option) any later version. 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * You should have received a copy of the GNU General Public License 14 * along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16declare(strict_types=1); 17 18namespace Fisharebest\Webtrees\Http\RequestHandlers; 19 20use Fisharebest\Webtrees\Auth; 21use Fisharebest\Webtrees\Contracts\UserInterface; 22use Fisharebest\Webtrees\Services\ModuleService; 23use Psr\Http\Message\ResponseInterface; 24use Psr\Http\Message\ServerRequestInterface; 25use Psr\Http\Server\RequestHandlerInterface; 26use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; 27use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; 28use function method_exists; 29use function strpos; 30use function strtolower; 31 32/** 33 * Controller for module actions. 34 */ 35class ModuleAction implements RequestHandlerInterface 36{ 37 /** @var ModuleService */ 38 private $module_service; 39 40 /** @var UserInterface */ 41 private $user; 42 43 /** 44 * ModuleController constructor. 45 * 46 * @param ModuleService $module_service 47 * @param UserInterface $user 48 */ 49 public function __construct(ModuleService $module_service, UserInterface $user) 50 { 51 $this->module_service = $module_service; 52 $this->user = $user; 53 } 54 55 /** 56 * Perform an HTTP action for one of the modules. 57 * 58 * @param ServerRequestInterface $request 59 * 60 * @return ResponseInterface 61 */ 62 public function handle(ServerRequestInterface $request): ResponseInterface 63 { 64 $module_name = $request->getQueryParams()['module'] ?? $request->getParsedBody()['module'] ?? ''; 65 $action = $request->getQueryParams()['action'] ?? $request->getParsedBody()['action'] ?? ''; 66 67 // Check that the module is enabled. 68 // The module itself will need to check any tree-level access, 69 // which may be different for each component (tab, menu, etc.) of the module. 70 $module = $this->module_service->findByName($module_name); 71 72 if ($module === null) { 73 throw new NotFoundHttpException('Module ' . $module_name . ' does not exist'); 74 } 75 76 // We'll call a function such as Module::getFooBarAction() 77 $verb = strtolower($request->getMethod()); 78 $method = $verb . $action . 'Action'; 79 80 // Actions with "Admin" in the name are for administrators only. 81 if (strpos($action, 'Admin') !== false && !Auth::isAdmin($this->user)) { 82 throw new AccessDeniedHttpException('Admin only action'); 83 } 84 85 if (!method_exists($module, $method)) { 86 throw new NotFoundHttpException('Method ' . $method . '() not found in ' . $module_name); 87 } 88 89 return $module->$method($request); 90 } 91} 92