xref: /webtrees/app/Http/RequestHandlers/ModuleAction.php (revision 57ab22314b2599feb432b1a1ed71643cfc2f0452)
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2019 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16declare(strict_types=1);
17
18namespace Fisharebest\Webtrees\Http\RequestHandlers;
19
20use Fisharebest\Webtrees\Auth;
21use Fisharebest\Webtrees\Contracts\UserInterface;
22use Fisharebest\Webtrees\Services\ModuleService;
23use Psr\Http\Message\ResponseInterface;
24use Psr\Http\Message\ServerRequestInterface;
25use Psr\Http\Server\RequestHandlerInterface;
26use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
27use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
28use function method_exists;
29use function strpos;
30use function strtolower;
31
32/**
33 * Controller for module actions.
34 */
35class ModuleAction implements RequestHandlerInterface
36{
37    /** @var ModuleService */
38    private $module_service;
39
40    /** @var UserInterface */
41    private $user;
42
43    /**
44     * ModuleController constructor.
45     *
46     * @param ModuleService $module_service
47     * @param UserInterface $user
48     */
49    public function __construct(ModuleService $module_service, UserInterface $user)
50    {
51        $this->module_service = $module_service;
52        $this->user           = $user;
53    }
54
55    /**
56     * Perform an HTTP action for one of the modules.
57     *
58     * @param ServerRequestInterface $request
59     *
60     * @return ResponseInterface
61     */
62    public function handle(ServerRequestInterface $request): ResponseInterface
63    {
64        $module_name = $request->getQueryParams()['module'] ?? $request->getParsedBody()['module'] ?? '';
65        $action      = $request->getQueryParams()['action'] ?? $request->getParsedBody()['action'] ?? '';
66
67        // Check that the module is enabled.
68        // The module itself will need to check any tree-level access,
69        // which may be different for each component (tab, menu, etc.) of the module.
70        $module = $this->module_service->findByName($module_name);
71
72        if ($module === null) {
73            throw new NotFoundHttpException('Module ' . $module_name . ' does not exist');
74        }
75
76        // We'll call a function such as Module::getFooBarAction()
77        $verb   = strtolower($request->getMethod());
78        $method = $verb . $action . 'Action';
79
80        // Actions with "Admin" in the name are for administrators only.
81        if (strpos($action, 'Admin') !== false && !Auth::isAdmin($this->user)) {
82            throw new AccessDeniedHttpException('Admin only action');
83        }
84
85        if (!method_exists($module, $method)) {
86            throw new NotFoundHttpException('Method ' . $method . '() not found in ' . $module_name);
87        }
88
89        return $module->$method($request);
90    }
91}
92