1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2019 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <http://www.gnu.org/licenses/>. 16 */ 17declare(strict_types=1); 18 19namespace Fisharebest\Webtrees\Http\RequestHandlers; 20 21use Fisharebest\Webtrees\Auth; 22use Fisharebest\Webtrees\Contracts\UserInterface; 23use Fisharebest\Webtrees\Services\ModuleService; 24use Psr\Http\Message\ResponseInterface; 25use Psr\Http\Message\ServerRequestInterface; 26use Psr\Http\Server\RequestHandlerInterface; 27use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; 28use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; 29 30use function method_exists; 31use function strpos; 32use function strtolower; 33 34/** 35 * Controller for module actions. 36 */ 37class ModuleAction implements RequestHandlerInterface 38{ 39 /** @var ModuleService */ 40 private $module_service; 41 42 /** @var UserInterface */ 43 private $user; 44 45 /** 46 * ModuleController constructor. 47 * 48 * @param ModuleService $module_service 49 * @param UserInterface $user 50 */ 51 public function __construct(ModuleService $module_service, UserInterface $user) 52 { 53 $this->module_service = $module_service; 54 $this->user = $user; 55 } 56 57 /** 58 * Perform an HTTP action for one of the modules. 59 * 60 * @param ServerRequestInterface $request 61 * 62 * @return ResponseInterface 63 */ 64 public function handle(ServerRequestInterface $request): ResponseInterface 65 { 66 $module_name = $request->getQueryParams()['module'] ?? $request->getParsedBody()['module'] ?? ''; 67 $action = $request->getQueryParams()['action'] ?? $request->getParsedBody()['action'] ?? ''; 68 69 // Check that the module is enabled. 70 // The module itself will need to check any tree-level access, 71 // which may be different for each component (tab, menu, etc.) of the module. 72 $module = $this->module_service->findByName($module_name); 73 74 if ($module === null) { 75 throw new NotFoundHttpException('Module ' . $module_name . ' does not exist'); 76 } 77 78 // We'll call a function such as Module::getFooBarAction() 79 $verb = strtolower($request->getMethod()); 80 $method = $verb . $action . 'Action'; 81 82 // Actions with "Admin" in the name are for administrators only. 83 if (strpos($action, 'Admin') !== false && !Auth::isAdmin($this->user)) { 84 throw new AccessDeniedHttpException('Admin only action'); 85 } 86 87 if (!method_exists($module, $method)) { 88 throw new NotFoundHttpException('Method ' . $method . '() not found in ' . $module_name); 89 } 90 91 return $module->$method($request); 92 } 93} 94