Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Refactor checking if user is allowed to edit the form #2335

Merged
merged 1 commit into from
Sep 24, 2024
Merged

chore: Refactor checking if user is allowed to edit the form #2335

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 22 additions & 38 deletions lib/Controller/ApiController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,6 @@
'uid' => $keyValuePairs['ownerId']
]);

$form = $this->getFormIfAllowed($formId);
$user = $this->userManager->get($keyValuePairs['ownerId']);
if ($user == null) {
$this->logger->debug('Could not find new form owner');
Expand Down Expand Up @@ -749,12 +748,17 @@
'text' => $optionTexts,
]);

$form = $this->getFormIfAllowed($formId);
if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();

Check warning on line 754 in lib/Controller/ApiController.php

View check run for this annotation

Codecov / codecov/patch

lib/Controller/ApiController.php#L751-L754 

Added lines #L751 - L754 were not covered by tests
}

try {
$question = $this->questionMapper->findById($questionId);
$form = $this->formMapper->findById($formId);
} catch (IMapperException $e) {
$this->logger->debug('Could not find form or question');
throw new OCSBadRequestException('Could not find form or question');
$this->logger->debug('Could not find question');
throw new OCSBadRequestException('Could not find question');

Check warning on line 761 in lib/Controller/ApiController.php

View check run for this annotation

Codecov / codecov/patch

lib/Controller/ApiController.php#L760-L761 

Added lines #L760 - L761 were not covered by tests
}

if ($question->getFormId() !== $formId) {
Expand All @@ -764,16 +768,6 @@
throw new OCSBadRequestException();
}

if ($form->getOwnerId() !== $this->currentUser->getUID()) {
$this->logger->debug('This form is not owned by the current user');
throw new OCSForbiddenException();
}

if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();
}

$addedOptions = [];
foreach ($optionTexts as $text) {
$option = new Option();
Expand Down Expand Up @@ -818,30 +812,25 @@
'keyValuePairs' => $keyValuePairs
]);

$form = $this->getFormIfAllowed($formId);
if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();

Check warning on line 818 in lib/Controller/ApiController.php

View check run for this annotation

Codecov / codecov/patch

lib/Controller/ApiController.php#L815-L818 

Added lines #L815 - L818 were not covered by tests
}

try {
$option = $this->optionMapper->findById($optionId);
$question = $this->questionMapper->findById($questionId);
$form = $this->formMapper->findById($formId);
} catch (IMapperException $e) {
$this->logger->debug('Could not find option, question or form');
throw new OCSBadRequestException('Could not find option, question or form');
$this->logger->debug('Could not find option or question');
throw new OCSBadRequestException('Could not find option or question');

Check warning on line 826 in lib/Controller/ApiController.php

View check run for this annotation

Codecov / codecov/patch

lib/Controller/ApiController.php#L825-L826 

Added lines #L825 - L826 were not covered by tests
}

if ($option->getQuestionId() !== $questionId || $question->getFormId() !== $formId) {
$this->logger->debug('The given option id doesn\'t match the question or form.');
throw new OCSBadRequestException();
}

if ($form->getOwnerId() !== $this->currentUser->getUID()) {
$this->logger->debug('This form is not owned by the current user');
throw new OCSForbiddenException();
}

if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();
}

// Don't allow empty array
if (sizeof($keyValuePairs) === 0) {
$this->logger->info('Empty keyValuePairs, will not update.');
Expand Down Expand Up @@ -884,10 +873,15 @@
'optionId' => $optionId
]);

$form = $this->getFormIfAllowed($formId);
if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();

Check warning on line 879 in lib/Controller/ApiController.php

View check run for this annotation

Codecov / codecov/patch

lib/Controller/ApiController.php#L876-L879 

Added lines #L876 - L879 were not covered by tests
}

try {
$option = $this->optionMapper->findById($optionId);
$question = $this->questionMapper->findById($questionId);
$form = $this->formMapper->findById($formId);
} catch (IMapperException $e) {
$this->logger->debug('Could not find form, question or option');
throw new OCSBadRequestException('Could not find form, question or option');
Expand All @@ -898,16 +892,6 @@
throw new OCSBadRequestException();
}

if ($form->getOwnerId() !== $this->currentUser->getUID()) {
$this->logger->debug('This form is not owned by the current user');
throw new OCSForbiddenException();
}

if ($this->formsService->isFormArchived($form)) {
$this->logger->debug('This form is archived and can not be modified');
throw new OCSForbiddenException();
}

$this->optionMapper->delete($option);

$this->formsService->setLastUpdatedTimestamp($formId);
Expand Down
Loading