feat(demo): add story 1 — Sorano: Rock and Time
This commit is contained in:
@@ -0,0 +1,361 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Grav\Plugin\FlexObjects\Controllers;
|
||||
|
||||
use Grav\Common\Config\Config;
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Common\Inflector;
|
||||
use Grav\Common\Language\Language;
|
||||
use Grav\Common\Session;
|
||||
use Grav\Common\Uri;
|
||||
use Grav\Common\User\Interfaces\UserInterface;
|
||||
use Grav\Common\Utils;
|
||||
use Grav\Framework\Controller\Traits\ControllerResponseTrait;
|
||||
use Grav\Framework\Flex\FlexDirectory;
|
||||
use Grav\Framework\Flex\FlexForm;
|
||||
use Grav\Framework\Flex\FlexFormFlash;
|
||||
use Grav\Framework\Flex\Interfaces\FlexFormInterface;
|
||||
use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
|
||||
use Grav\Framework\Psr7\Response;
|
||||
use Grav\Framework\RequestHandler\Exception\NotFoundException;
|
||||
use Grav\Framework\RequestHandler\Exception\PageExpiredException;
|
||||
use Grav\Framework\Route\Route;
|
||||
use Grav\Plugin\FlexObjects\Flex;
|
||||
use Grav\Plugin\Form\Forms;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
use RocketTheme\Toolbox\Event\Event;
|
||||
use RocketTheme\Toolbox\Session\Message;
|
||||
use function in_array;
|
||||
use function is_callable;
|
||||
|
||||
/**
|
||||
* Class AbstractController
|
||||
* @package Grav\Plugin\FlexObjects\Controllers
|
||||
*/
|
||||
abstract class AbstractController implements RequestHandlerInterface
|
||||
{
|
||||
use ControllerResponseTrait;
|
||||
|
||||
/** @var string */
|
||||
protected $nonce_action = 'flex-object';
|
||||
/** @var string */
|
||||
protected $nonce_name = 'nonce';
|
||||
/** @var ServerRequestInterface */
|
||||
protected $request;
|
||||
/** @var Grav */
|
||||
protected $grav;
|
||||
/** @var UserInterface|null */
|
||||
protected $user;
|
||||
/** @var string */
|
||||
protected $type;
|
||||
/** @var string */
|
||||
protected $key;
|
||||
/** @var FlexDirectory */
|
||||
protected $directory;
|
||||
/** @var FlexObjectInterface */
|
||||
protected $object;
|
||||
|
||||
/**
|
||||
* Handle request.
|
||||
*
|
||||
* Fires event: flex.[directory].[task|action].[command]
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return Response
|
||||
*/
|
||||
public function handle(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$attributes = $request->getAttributes();
|
||||
$this->request = $request;
|
||||
$this->grav = $attributes['grav'] ?? Grav::instance();
|
||||
$this->type = $attributes['type'] ?? null;
|
||||
$this->key = $attributes['key'] ?? null;
|
||||
if ($this->type) {
|
||||
$this->directory = $this->getFlex()->getDirectory($this->type);
|
||||
$this->object = $attributes['object'] ?? null;
|
||||
if (!$this->object && $this->key && $this->directory) {
|
||||
$this->object = $this->directory->getObject($this->key) ?? $this->directory->createObject([], $this->key ?? '');
|
||||
if (is_callable([$this->object, 'refresh'])) {
|
||||
$this->object->refresh();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** @var Route $route */
|
||||
$route = $attributes['route'];
|
||||
$post = $this->getPost();
|
||||
|
||||
if ($this->isFormSubmit()) {
|
||||
$form = $this->getForm();
|
||||
$this->nonce_name = $attributes['nonce_name'] ?? $form->getNonceName();
|
||||
$this->nonce_action = $attributes['nonce_action'] ?? $form->getNonceAction();
|
||||
}
|
||||
|
||||
try {
|
||||
$task = $request->getAttribute('task') ?? $post['task'] ?? $route->getParam('task');
|
||||
if ($task) {
|
||||
if (empty($attributes['forwarded'])) {
|
||||
$this->checkNonce($task);
|
||||
}
|
||||
$type = 'task';
|
||||
$command = $task;
|
||||
} else {
|
||||
$type = 'action';
|
||||
$command = $request->getAttribute('action') ?? $post['action'] ?? $route->getParam('action') ?? 'display';
|
||||
}
|
||||
$command = strtolower($command);
|
||||
|
||||
$event = new Event(
|
||||
[
|
||||
'controller' => $this,
|
||||
'response' => null
|
||||
]
|
||||
);
|
||||
|
||||
$this->grav->fireEvent("flex.{$this->type}.{$type}.{$command}", $event);
|
||||
|
||||
$response = $event['response'];
|
||||
if (!$response) {
|
||||
/** @var Inflector $inflector */
|
||||
$inflector = $this->grav['inflector'];
|
||||
$method = $type . $inflector::camelize($command);
|
||||
if ($method && method_exists($this, $method)) {
|
||||
$response = $this->{$method}($request);
|
||||
} else {
|
||||
throw new NotFoundException($request);
|
||||
}
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
$response = $this->createErrorResponse($e);
|
||||
}
|
||||
|
||||
if ($response instanceof Response) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ServerRequestInterface
|
||||
*/
|
||||
public function getRequest(): ServerRequestInterface
|
||||
{
|
||||
return $this->request;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|null $name
|
||||
* @param mixed $default
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPost(?string $name = null, $default = null)
|
||||
{
|
||||
$body = $this->request->getParsedBody();
|
||||
|
||||
if ($name) {
|
||||
return $body[$name] ?? $default;
|
||||
}
|
||||
|
||||
return $body;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function isFormSubmit(): bool
|
||||
{
|
||||
return (bool)$this->getPost('__form-name__');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|null $type
|
||||
* @return FlexForm
|
||||
*/
|
||||
public function getForm(?string $type = null): FlexFormInterface
|
||||
{
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new \RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$formName = $this->getPost('__form-name__');
|
||||
if ($formName) {
|
||||
/** @var Forms $forms */
|
||||
$forms = $this->getGrav()['forms'];
|
||||
$form = $forms->getActiveForm();
|
||||
if ($form instanceof FlexForm && $form->getName() === $formName && $form->getObject()->getFlexKey() === $object->getFlexKey()) {
|
||||
return $form;
|
||||
}
|
||||
}
|
||||
|
||||
return $object->getForm($type ?? 'edit');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param FlexObjectInterface $object
|
||||
* @param string $type
|
||||
* @return FlexFormFlash
|
||||
*/
|
||||
protected function getFormFlash(FlexObjectInterface $object, string $type = '')
|
||||
{
|
||||
/** @var Uri $uri */
|
||||
$uri = $this->grav['uri'];
|
||||
$url = $uri->url;
|
||||
|
||||
$formName = $this->getPost('__form-name__');
|
||||
if (!$formName) {
|
||||
$form = $object->getForm($type);
|
||||
$formName = $form->getName();
|
||||
$uniqueId = $form->getUniqueId();
|
||||
} else {
|
||||
$uniqueId = $this->getPost('__unique_form_id__') ?: $formName ?: sha1($url);
|
||||
}
|
||||
|
||||
/** @var Session $session */
|
||||
$session = $this->grav['session'];
|
||||
|
||||
$config = [
|
||||
'session_id' => $session->getId(),
|
||||
'unique_id' => $uniqueId,
|
||||
'form_name' => $formName,
|
||||
];
|
||||
$flash = new FlexFormFlash($config);
|
||||
if (!$flash->exists()) {
|
||||
$flash->setUrl($url)->setUser($this->grav['user']);
|
||||
}
|
||||
|
||||
return $flash;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Grav
|
||||
*/
|
||||
public function getGrav(): Grav
|
||||
{
|
||||
return $this->grav;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Session
|
||||
*/
|
||||
public function getSession(): Session
|
||||
{
|
||||
return $this->grav['session'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Flex
|
||||
*/
|
||||
public function getFlex(): Flex
|
||||
{
|
||||
return $this->grav['flex_objects'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getDirectoryType(): string
|
||||
{
|
||||
return $this->type;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getObjectKey(): string
|
||||
{
|
||||
return $this->key;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return FlexDirectory|null
|
||||
*/
|
||||
public function getDirectory(): ?FlexDirectory
|
||||
{
|
||||
return $this->directory;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return FlexObjectInterface|null
|
||||
*/
|
||||
public function getObject(): ?FlexObjectInterface
|
||||
{
|
||||
return $this->object;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $string
|
||||
* @param array $args
|
||||
* @return string
|
||||
*/
|
||||
public function translate(string $string, ...$args): string
|
||||
{
|
||||
/** @var Language $language */
|
||||
$language = $this->grav['language'];
|
||||
array_unshift($args, $string);
|
||||
|
||||
return $language->translate($args);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $message
|
||||
* @param string $type
|
||||
* @return $this
|
||||
*/
|
||||
public function setMessage(string $message, string $type = 'info'): self
|
||||
{
|
||||
/** @var Message $messages */
|
||||
$messages = $this->grav['messages'];
|
||||
$messages->add($message, $type);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param UserInterface $user
|
||||
* @return void
|
||||
*/
|
||||
public function setUser(UserInterface $user): void
|
||||
{
|
||||
$this->user = $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Config
|
||||
*/
|
||||
protected function getConfig(): Config
|
||||
{
|
||||
return $this->grav['config'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $task
|
||||
* @return void
|
||||
* @throws PageExpiredException
|
||||
*/
|
||||
protected function checkNonce(string $task): void
|
||||
{
|
||||
$nonce = null;
|
||||
|
||||
if (in_array(strtoupper($this->request->getMethod()), ['POST', 'PUT', 'PATCH', 'DELETE'])) {
|
||||
$nonce = $this->getPost($this->nonce_name);
|
||||
}
|
||||
|
||||
if (!$nonce) {
|
||||
$nonce = $this->grav['uri']->param($this->nonce_name);
|
||||
}
|
||||
|
||||
if (!$nonce) {
|
||||
$nonce = $this->grav['uri']->query($this->nonce_name);
|
||||
}
|
||||
|
||||
if (!$nonce || !Utils::verifyNonce($nonce, $this->nonce_action)) {
|
||||
throw new PageExpiredException($this->request);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,675 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Grav\Plugin\FlexObjects\Controllers;
|
||||
|
||||
use Exception;
|
||||
use Grav\Common\Debugger;
|
||||
use Grav\Common\Page\Interfaces\PageInterface;
|
||||
use Grav\Common\Page\Medium\Medium;
|
||||
use Grav\Common\Page\Medium\MediumFactory;
|
||||
use Grav\Common\Utils;
|
||||
use Grav\Framework\Flex\FlexObject;
|
||||
use Grav\Framework\Flex\Interfaces\FlexAuthorizeInterface;
|
||||
use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
|
||||
use Grav\Framework\Media\Interfaces\MediaInterface;
|
||||
use LogicException;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\UploadedFileInterface;
|
||||
use RocketTheme\Toolbox\Event\Event;
|
||||
use RuntimeException;
|
||||
use function is_array;
|
||||
use function is_string;
|
||||
|
||||
/**
|
||||
* Class MediaController
|
||||
* @package Grav\Plugin\FlexObjects\Controllers
|
||||
*/
|
||||
class MediaController extends AbstractController
|
||||
{
|
||||
/**
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaUpload(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.create');
|
||||
|
||||
$object = $this->getObject();
|
||||
if (null === $object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if (!method_exists($object, 'checkUploadedMediaFile')) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
// Get updated object from Form Flash.
|
||||
$flash = $this->getFormFlash($object);
|
||||
if ($flash->exists()) {
|
||||
$object = $flash->getObject() ?? $object;
|
||||
$object->update([], $flash->getFilesByFields());
|
||||
}
|
||||
|
||||
// Get field for the uploaded media.
|
||||
$field = $this->getPost('name', 'undefined');
|
||||
if ($field === 'undefined') {
|
||||
$field = null;
|
||||
}
|
||||
|
||||
$request = $this->getRequest();
|
||||
$files = $request->getUploadedFiles();
|
||||
if ($field && isset($files['data'])) {
|
||||
$files = $files['data'];
|
||||
$parts = explode('.', $field);
|
||||
$last = array_pop($parts);
|
||||
foreach ($parts as $name) {
|
||||
if (!is_array($files[$name])) {
|
||||
throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);
|
||||
}
|
||||
$files = $files[$name];
|
||||
}
|
||||
$file = $files[$last] ?? null;
|
||||
|
||||
} else {
|
||||
// Legacy call with name being the filename instead of field name.
|
||||
$file = $files['file'] ?? null;
|
||||
$field = null;
|
||||
}
|
||||
|
||||
/** @var UploadedFileInterface $file */
|
||||
if (is_array($file)) {
|
||||
$file = reset($file);
|
||||
}
|
||||
|
||||
if (!$file instanceof UploadedFileInterface) {
|
||||
throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);
|
||||
}
|
||||
|
||||
$filename = $file->getClientFilename();
|
||||
|
||||
$object->checkUploadedMediaFile($file, $filename, $field);
|
||||
|
||||
try {
|
||||
// TODO: This only merges main level data, but is good for ordering (for now).
|
||||
$data = $flash->getData() ?? [];
|
||||
$data = array_replace($data, (array)$this->getPost('data'));
|
||||
|
||||
$crop = $this->getPost('crop');
|
||||
if (is_string($crop)) {
|
||||
$crop = json_decode($crop, true, 512, JSON_THROW_ON_ERROR);
|
||||
}
|
||||
|
||||
$flash->setData($data);
|
||||
$flash->addUploadedFile($file, $field, $crop);
|
||||
$flash->save();
|
||||
} catch (Exception $e) {
|
||||
throw new RuntimeException($e->getMessage(), $e->getCode(), $e);
|
||||
}
|
||||
|
||||
// Include exif metadata into the response if configured to do so
|
||||
$metadata = [];
|
||||
$include_metadata = $this->grav['config']->get('system.media.auto_metadata_exif', false);
|
||||
if ($include_metadata) {
|
||||
$medium = MediumFactory::fromUploadedFile($file);
|
||||
|
||||
$media = $object->getMedia();
|
||||
$media->add($filename, $medium);
|
||||
|
||||
$basename = str_replace(['@3x', '@2x'], '', Utils::pathinfo($filename, PATHINFO_BASENAME));
|
||||
if (isset($media[$basename])) {
|
||||
$metadata = $media[$basename]->metadata() ?: [];
|
||||
}
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),
|
||||
'filename' => htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'),
|
||||
'metadata' => $metadata
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaUploadMeta(): ResponseInterface
|
||||
{
|
||||
try {
|
||||
$this->checkAuthorization('media.create');
|
||||
|
||||
$object = $this->getObject();
|
||||
if (null === $object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if (!method_exists($object, 'getMediaField')) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$object->refresh();
|
||||
|
||||
// Get updated object from Form Flash.
|
||||
$flash = $this->getFormFlash($object);
|
||||
if ($flash->exists()) {
|
||||
$object = $flash->getObject() ?? $object;
|
||||
$object->update([], $flash->getFilesByFields());
|
||||
}
|
||||
|
||||
// Get field and data for the uploaded media.
|
||||
$field = (string)$this->getPost('field');
|
||||
$media = $object->getMediaField($field);
|
||||
if (!$media) {
|
||||
throw new RuntimeException('Media field not found: ' . $field, 404);
|
||||
}
|
||||
|
||||
$data = $this->getPost('data');
|
||||
if (is_string($data)) {
|
||||
$data = json_decode($data, true);
|
||||
}
|
||||
|
||||
$filename = Utils::basename($data['name'] ?? '');
|
||||
|
||||
// Update field.
|
||||
$files = $object->getNestedProperty($field, []);
|
||||
// FIXME: Do we want to save something into the field as well?
|
||||
$files[$filename] = [];
|
||||
$object->setNestedProperty($field, $files);
|
||||
|
||||
$info = [
|
||||
'modified' => $data['modified'] ?? null,
|
||||
'size' => $data['size'] ?? null,
|
||||
'mime' => $data['mime'] ?? null,
|
||||
'width' => $data['width'] ?? null,
|
||||
'height' => $data['height'] ?? null,
|
||||
'duration' => $data['duration'] ?? null,
|
||||
'orientation' => $data['orientation'] ?? null,
|
||||
'meta' => array_filter($data, static function ($val) { return $val !== null; })
|
||||
];
|
||||
$info = array_filter($info, static function ($val) { return $val !== null; });
|
||||
|
||||
// As the file may not be saved locally, we need to update the index.
|
||||
$media->updateIndex([$filename => $info]);
|
||||
|
||||
$object->save();
|
||||
$flash->save();
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),
|
||||
'field' => $field,
|
||||
'filename' => $filename,
|
||||
'metadata' => $data
|
||||
];
|
||||
} catch (\Exception $e) {
|
||||
/** @var Debugger $debugger */
|
||||
$debugger = $this->grav['debugger'];
|
||||
$debugger->addException($e);
|
||||
|
||||
return $this->createJsonErrorResponse($e);
|
||||
}
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaReorder(): ResponseInterface
|
||||
{
|
||||
try {
|
||||
$this->checkAuthorization('media.update');
|
||||
|
||||
$object = $this->getObject();
|
||||
if (null === $object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if (!method_exists($object, 'getMediaField')) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$object->refresh();
|
||||
|
||||
// Get updated object from Form Flash.
|
||||
$flash = $this->getFormFlash($object);
|
||||
if ($flash->exists()) {
|
||||
$object = $flash->getObject() ?? $object;
|
||||
$object->update([], $flash->getFilesByFields());
|
||||
}
|
||||
|
||||
// Get field and data for the uploaded media.
|
||||
$field = (string)$this->getPost('field');
|
||||
$media = $object->getMediaField($field);
|
||||
if (!$media) {
|
||||
throw new RuntimeException('Media field not found: ' . $field, 404);
|
||||
}
|
||||
|
||||
// Create id => filename map from all files in the media.
|
||||
$map = [];
|
||||
foreach ($media as $name => $medium) {
|
||||
$id = $medium->get('meta.id');
|
||||
if ($id) {
|
||||
$map[$id] = $name;
|
||||
}
|
||||
}
|
||||
|
||||
// Get reorder list and reorder the map.
|
||||
$data = $this->getPost('data');
|
||||
if (is_string($data)) {
|
||||
$data = json_decode($data, true);
|
||||
}
|
||||
$data = array_fill_keys($data, null);
|
||||
$map = array_filter(array_merge($data, $map), static function($val) { return $val !== null; });
|
||||
|
||||
// Reorder the files.
|
||||
$files = $object->getNestedProperty($field, []);
|
||||
$map = array_fill_keys($map, null);
|
||||
$files = array_filter(array_merge($map, $files), static function($val) { return $val !== null; });
|
||||
|
||||
// Update field.
|
||||
$object->setNestedProperty($field, $files);
|
||||
$object->save();
|
||||
$flash->save();
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FIELD_REORDER_SUCCESSFUL'),
|
||||
'field' => $field,
|
||||
'ordering' => array_keys($files)
|
||||
];
|
||||
} catch (\Exception $e) {
|
||||
/** @var Debugger $debugger */
|
||||
$debugger = $this->grav['debugger'];
|
||||
$debugger->addException($e);
|
||||
|
||||
$ex = new RuntimeException($this->translate('PLUGIN_ADMIN.FIELD_REORDER_FAILED', $field), $e->getCode(), $e);
|
||||
return $this->createJsonErrorResponse($ex);
|
||||
}
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaDelete(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.delete');
|
||||
|
||||
/** @var FlexObjectInterface|null $object */
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$filename = $this->getPost('filename');
|
||||
|
||||
// Handle bad filenames.
|
||||
if (!Utils::checkFilename($filename)) {
|
||||
throw new RuntimeException($this->translate('PLUGIN_ADMIN.NO_FILE_FOUND'), 400);
|
||||
}
|
||||
|
||||
try {
|
||||
$field = $this->getPost('name');
|
||||
$flash = $this->getFormFlash($object);
|
||||
$flash->removeFile($filename, $field);
|
||||
$flash->save();
|
||||
} catch (Exception $e) {
|
||||
throw new RuntimeException($e->getMessage(), $e->getCode(), $e);
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Used in pagemedia field.
|
||||
*
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaCopy(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.create');
|
||||
|
||||
/** @var FlexObjectInterface|null $object */
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if (!method_exists($object, 'uploadMediaFile')) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$request = $this->getRequest();
|
||||
$files = $request->getUploadedFiles();
|
||||
|
||||
$file = $files['file'] ?? null;
|
||||
if (!$file instanceof UploadedFileInterface) {
|
||||
throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);
|
||||
}
|
||||
|
||||
$post = $request->getParsedBody();
|
||||
$filename = $post['name'] ?? $file->getClientFilename();
|
||||
|
||||
// Upload media right away.
|
||||
$object->uploadMediaFile($file, $filename);
|
||||
|
||||
// Include exif metadata into the response if configured to do so
|
||||
$metadata = [];
|
||||
$include_metadata = $this->grav['config']->get('system.media.auto_metadata_exif', false);
|
||||
if ($include_metadata) {
|
||||
$basename = str_replace(['@3x', '@2x'], '', Utils::pathinfo($filename, PATHINFO_BASENAME));
|
||||
$media = $object->getMedia();
|
||||
if (isset($media[$basename])) {
|
||||
$metadata = $media[$basename]->metadata() ?: [];
|
||||
}
|
||||
}
|
||||
|
||||
if ($object instanceof PageInterface) {
|
||||
// Backwards compatibility to existing plugins.
|
||||
// DEPRECATED: page
|
||||
$this->grav->fireEvent('onAdminAfterAddMedia', new Event(['object' => $object, 'page' => $object]));
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),
|
||||
'filename' => htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'),
|
||||
'metadata' => $metadata
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Used in pagemedia field.
|
||||
*
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaRemove(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.delete');
|
||||
|
||||
/** @var FlexObjectInterface|null $object */
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if (!method_exists($object, 'deleteMediaFile')) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$field = $this->getPost('field');
|
||||
$filename = $this->getPost('filename');
|
||||
|
||||
// Handle bad filenames.
|
||||
if (!Utils::checkFilename($filename)) {
|
||||
throw new RuntimeException($this->translate('PLUGIN_ADMIN.NO_FILE_FOUND'), 400);
|
||||
}
|
||||
|
||||
$object->deleteMediaFile($filename, $field);
|
||||
if ($field) {
|
||||
$order = $object->getNestedProperty($field);
|
||||
unset($order[$filename]);
|
||||
$object->setNestedProperty($field, $order);
|
||||
$object->save();
|
||||
}
|
||||
|
||||
if ($object instanceof PageInterface) {
|
||||
// Backwards compatibility to existing plugins.
|
||||
// DEPRECATED: page
|
||||
$this->grav->fireEvent('onAdminAfterDelMedia', new Event(['object' => $object, 'page' => $object, 'media' => $object->getMedia(), 'filename' => $filename]));
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'message' => $this->translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function actionMediaList(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.list');
|
||||
|
||||
/** @var MediaInterface|FlexObjectInterface $object */
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
// Get updated object from Form Flash.
|
||||
$flash = $this->getFormFlash($object);
|
||||
if ($flash->exists()) {
|
||||
$object = $flash->getObject() ?? $object;
|
||||
$object->update([], $flash->getFilesByFields());
|
||||
}
|
||||
|
||||
$media = $object->getMedia();
|
||||
$media_list = [];
|
||||
|
||||
/**
|
||||
* @var string $name
|
||||
* @var Medium $medium
|
||||
*/
|
||||
foreach ($media->all() as $name => $medium) {
|
||||
$media_list[$name] = [
|
||||
'url' => ($thumb = $medium->display($medium->get('extension') === 'svg' ? 'source' : 'thumbnail')) ? $thumb->cropZoom(400, 300)->url() : '',
|
||||
'size' => $medium->get('size'),
|
||||
'metadata' => $medium->metadata() ?: [],
|
||||
'original' => $medium->higherQualityAlternative()->get('filename')
|
||||
];
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'results' => $media_list
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Used by the filepicker field to get a list of files in a folder.
|
||||
*
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
protected function actionMediaPicker(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('media.list');
|
||||
|
||||
/** @var FlexObject $object */
|
||||
$object = $this->getObject();
|
||||
if (!$object || !\is_callable([$object, 'getFieldSettings'])) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
// Get updated object from Form Flash.
|
||||
$flash = $this->getFormFlash($object);
|
||||
if ($flash->exists()) {
|
||||
$object = $flash->getObject() ?? $object;
|
||||
$object->update([], $flash->getFilesByFields());
|
||||
}
|
||||
|
||||
$name = $this->getPost('name');
|
||||
$settings = $name ? $object->getFieldSettings($name) : null;
|
||||
if (empty($settings['media_picker_field'])) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$media = $object->getMediaField($name);
|
||||
|
||||
$available_files = [];
|
||||
$metadata = [];
|
||||
$thumbs = [];
|
||||
|
||||
/**
|
||||
* @var string $name
|
||||
* @var Medium $medium
|
||||
*/
|
||||
foreach ($media->all() as $name => $medium) {
|
||||
$available_files[] = $name;
|
||||
|
||||
if (isset($settings['include_metadata'])) {
|
||||
$img_metadata = $medium->metadata();
|
||||
if ($img_metadata) {
|
||||
$metadata[$name] = $img_metadata;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Peak in the flashObject for optimistic filepicker updates
|
||||
$pending_files = [];
|
||||
$sessionField = base64_encode($this->grav['uri']->url());
|
||||
$flash = $this->getSession()->getFlashObject('files-upload');
|
||||
$folder = $media->getPath() ?: null;
|
||||
|
||||
if ($flash && isset($flash[$sessionField])) {
|
||||
foreach ($flash[$sessionField] as $field => $data) {
|
||||
foreach ($data as $file) {
|
||||
$test = \dirname($file['path']);
|
||||
if ($test === $folder) {
|
||||
$pending_files[] = $file['name'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->getSession()->setFlashObject('files-upload', $flash);
|
||||
|
||||
// Handle Accepted file types
|
||||
// Accept can only be file extensions (.pdf|.jpg)
|
||||
if (isset($settings['accept'])) {
|
||||
$available_files = array_filter($available_files, function ($file) use ($settings) {
|
||||
return $this->filterAcceptedFiles($file, $settings);
|
||||
});
|
||||
|
||||
$pending_files = array_filter($pending_files, function ($file) use ($settings) {
|
||||
return $this->filterAcceptedFiles($file, $settings);
|
||||
});
|
||||
}
|
||||
|
||||
if (isset($settings['deny'])) {
|
||||
$available_files = array_filter($available_files, function ($file) use ($settings) {
|
||||
return $this->filterDeniedFiles($file, $settings);
|
||||
});
|
||||
|
||||
$pending_files = array_filter($pending_files, function ($file) use ($settings) {
|
||||
return $this->filterDeniedFiles($file, $settings);
|
||||
});
|
||||
}
|
||||
|
||||
// Generate thumbs if needed
|
||||
if (isset($settings['preview_images']) && $settings['preview_images'] === true) {
|
||||
foreach ($available_files as $filename) {
|
||||
$thumbs[$filename] = $media[$filename]->zoomCrop(100,100)->url();
|
||||
}
|
||||
}
|
||||
|
||||
$response = [
|
||||
'code' => 200,
|
||||
'status' => 'success',
|
||||
'files' => array_values($available_files),
|
||||
'pending' => array_values($pending_files),
|
||||
'folder' => $folder,
|
||||
'metadata' => $metadata,
|
||||
'thumbs' => $thumbs
|
||||
];
|
||||
|
||||
return $this->createJsonResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $file
|
||||
* @param array $settings
|
||||
* @return false|int
|
||||
*/
|
||||
protected function filterAcceptedFiles(string $file, array $settings)
|
||||
{
|
||||
$valid = false;
|
||||
|
||||
foreach ((array)$settings['accept'] as $type) {
|
||||
$find = str_replace('*', '.*', $type);
|
||||
$valid |= preg_match('#' . $find . '$#i', $file);
|
||||
}
|
||||
|
||||
return $valid;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $file
|
||||
* @param array $settings
|
||||
* @return false|int
|
||||
*/
|
||||
protected function filterDeniedFiles(string $file, array $settings)
|
||||
{
|
||||
$valid = true;
|
||||
|
||||
foreach ((array)$settings['deny'] as $type) {
|
||||
$find = str_replace('*', '.*', $type);
|
||||
$valid = !preg_match('#' . $find . '$#i', $file);
|
||||
}
|
||||
|
||||
return $valid;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $action
|
||||
* @return void
|
||||
* @throws LogicException
|
||||
* @throws RuntimeException
|
||||
*/
|
||||
protected function checkAuthorization(string $action): void
|
||||
{
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
// If object does not have ACL support ignore ACL checks.
|
||||
if (!$object instanceof FlexAuthorizeInterface) {
|
||||
return;
|
||||
}
|
||||
|
||||
switch ($action) {
|
||||
case 'media.list':
|
||||
$action = 'read';
|
||||
break;
|
||||
|
||||
case 'media.create':
|
||||
case 'media.update':
|
||||
case 'media.delete':
|
||||
$action = $object->exists() ? 'update' : 'create';
|
||||
break;
|
||||
|
||||
default:
|
||||
throw new LogicException(sprintf('Unsupported authorize action %s', $action), 500);
|
||||
}
|
||||
|
||||
if (!$object->isAuthorized($action, null, $this->user)) {
|
||||
throw new RuntimeException('Forbidden', 403);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,206 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Grav\Plugin\FlexObjects\Controllers;
|
||||
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Common\Utils;
|
||||
use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
|
||||
use Grav\Framework\Media\Interfaces\MediaInterface;
|
||||
use Grav\Framework\Psr7\Response;
|
||||
use Grav\Framework\Psr7\Stream;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use function in_array;
|
||||
use function is_string;
|
||||
|
||||
/**
|
||||
* Public, permission-aware proxy for Flex Object media.
|
||||
*
|
||||
* PROTOTYPE (see docs/specs/media-proxy.md).
|
||||
*
|
||||
* Flex Objects store their data file and their uploaded media in the same
|
||||
* folder under `user://data/<type>/<key>`. Historically the media was linked
|
||||
* with a direct `/user/data/...` URL, which means the webserver — not Grav —
|
||||
* decides who can read it, and a blanket deny on `user/data` breaks every
|
||||
* image (getgrav/grav#4129).
|
||||
*
|
||||
* This controller serves a single media file through PHP after resolving the
|
||||
* owning object and (optionally) checking its read ACL, so the data folder can
|
||||
* stay private while public media still loads. It is the retrieval half of the
|
||||
* "store in user://data, serve via a lightweight proxy" design.
|
||||
*
|
||||
* Route (registered in flex-objects.php, base configurable):
|
||||
* GET /flex-media/<type>/<key>/<filename>[?field=<field>]
|
||||
*/
|
||||
final class MediaProxyController
|
||||
{
|
||||
/** Media types we are willing to serve inline. Mirrors the .htaccess allow-list. */
|
||||
private const SERVEABLE = [
|
||||
'jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'bmp', 'ico',
|
||||
'mp4', 'webm', 'ogg', 'ogv', 'mov', 'mp3', 'wav', 'm4a', 'flac', 'pdf',
|
||||
];
|
||||
|
||||
public function __construct(private readonly Grav $grav)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the public proxy URL for a media file on an object.
|
||||
*
|
||||
* Templates use this instead of `medium.url` while the proxy is opt-in;
|
||||
* the core follow-up rewrites `Medium::url()` to emit it automatically.
|
||||
*/
|
||||
public static function url(FlexObjectInterface $object, string $filename, ?string $field = null): string
|
||||
{
|
||||
$grav = Grav::instance();
|
||||
$base = (string) $grav['config']->get('plugins.flex-objects.media_proxy.base', '/flex-media');
|
||||
|
||||
$path = rtrim($base, '/')
|
||||
. '/' . rawurlencode($object->getFlexType())
|
||||
. '/' . rawurlencode($object->getKey())
|
||||
. '/' . str_replace('%2F', '/', rawurlencode($filename));
|
||||
|
||||
if ($field !== null && $field !== '') {
|
||||
$path .= '?field=' . rawurlencode($field);
|
||||
}
|
||||
|
||||
return $grav['base_url'] . $path;
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve and stream the requested media file.
|
||||
*
|
||||
* @return ResponseInterface 200/206 with the file, or 304/403/404.
|
||||
*/
|
||||
public function serve(
|
||||
string $type,
|
||||
string $key,
|
||||
string $filename,
|
||||
?string $field,
|
||||
ServerRequestInterface $request
|
||||
): ResponseInterface {
|
||||
$config = $this->grav['config'];
|
||||
|
||||
// Reject path traversal and hidden files outright.
|
||||
if ($filename === '' || str_contains($filename, '..') || str_starts_with($filename, '.')) {
|
||||
return $this->error(404);
|
||||
}
|
||||
|
||||
$extension = strtolower(Utils::pathinfo($filename, PATHINFO_EXTENSION));
|
||||
if (!in_array($extension, self::SERVEABLE, true)) {
|
||||
// Never let the proxy hand out data files, databases, keys, etc.
|
||||
return $this->error(404);
|
||||
}
|
||||
|
||||
$flex = $this->grav['flex'] ?? null;
|
||||
$object = $flex ? $flex->getObject($key, $type) : null;
|
||||
if (!$object instanceof FlexObjectInterface || !$object->exists()) {
|
||||
return $this->error(404);
|
||||
}
|
||||
|
||||
// Permission gate. Off by default — the proxy currently exists to keep a
|
||||
// single retrieval chokepoint, not to ACL-gate reads. When explicitly
|
||||
// enabled, only an explicit "no" blocks the file, so directories without
|
||||
// a read ACL keep behaving as public media.
|
||||
if ($config->get('plugins.flex-objects.media_proxy.authorize', false)) {
|
||||
$user = $this->grav['user'] ?? null;
|
||||
if ($object->isAuthorized('read', 'frontend', $user) === false) {
|
||||
return $this->error(403);
|
||||
}
|
||||
}
|
||||
|
||||
// Resolve the media collection (field-scoped or the object's own media).
|
||||
$media = $field
|
||||
? (method_exists($object, 'getMediaField') ? $object->getMediaField($field) : null)
|
||||
: ($object instanceof MediaInterface ? $object->getMedia() : null);
|
||||
|
||||
$medium = $media[$filename] ?? null;
|
||||
if ($medium === null) {
|
||||
return $this->error(404);
|
||||
}
|
||||
|
||||
$filepath = $medium->get('filepath');
|
||||
if (!is_string($filepath) || !is_file($filepath)) {
|
||||
return $this->error(404);
|
||||
}
|
||||
|
||||
return $this->stream($filepath, $medium->get('mime') ?: null, $request, $config);
|
||||
}
|
||||
|
||||
/**
|
||||
* Stream a file with caching, conditional-GET (304) and single-range (206) support.
|
||||
*/
|
||||
private function stream(string $filepath, ?string $mime, ServerRequestInterface $request, $config): ResponseInterface
|
||||
{
|
||||
$size = (int) filesize($filepath);
|
||||
$mtime = (int) filemtime($filepath);
|
||||
$etag = '"' . dechex($mtime) . '-' . dechex($size) . '"';
|
||||
$mime = $mime ?: (Utils::getMimeByExtension(Utils::pathinfo($filepath, PATHINFO_EXTENSION), 'application/octet-stream'));
|
||||
|
||||
$cacheControl = (string) $config->get('plugins.flex-objects.media_proxy.cache_control', 'public, max-age=604800');
|
||||
|
||||
$baseHeaders = [
|
||||
'Content-Type' => $mime,
|
||||
'Cache-Control' => $cacheControl,
|
||||
'Last-Modified' => gmdate('D, d M Y H:i:s', $mtime) . ' GMT',
|
||||
'ETag' => $etag,
|
||||
'Accept-Ranges' => 'bytes',
|
||||
// Defense in depth: never let a served file be interpreted as a document.
|
||||
'X-Content-Type-Options' => 'nosniff',
|
||||
'Content-Disposition' => 'inline; filename="' . basename($filepath) . '"',
|
||||
];
|
||||
|
||||
// Conditional GET — return 304 when the client's copy is still fresh.
|
||||
$ifNoneMatch = $request->getHeaderLine('If-None-Match');
|
||||
$ifModifiedSince = $request->getHeaderLine('If-Modified-Since');
|
||||
if (($ifNoneMatch !== '' && trim($ifNoneMatch) === $etag)
|
||||
|| ($ifModifiedSince !== '' && @strtotime($ifModifiedSince) >= $mtime)) {
|
||||
return new Response(304, $baseHeaders);
|
||||
}
|
||||
|
||||
// Single-range support (enough for video/audio seeking).
|
||||
$range = $request->getHeaderLine('Range');
|
||||
if ($range !== '' && preg_match('/^bytes=(\d*)-(\d*)$/', trim($range), $m)) {
|
||||
$start = $m[1] === '' ? null : (int) $m[1];
|
||||
$end = $m[2] === '' ? null : (int) $m[2];
|
||||
if ($start === null && $end !== null) { // suffix range: last N bytes
|
||||
$start = max(0, $size - $end);
|
||||
$end = $size - 1;
|
||||
} else {
|
||||
$start ??= 0;
|
||||
$end = $end === null ? $size - 1 : min($end, $size - 1);
|
||||
}
|
||||
if ($start > $end || $start >= $size) {
|
||||
return new Response(416, $baseHeaders + ['Content-Range' => "bytes */$size"]);
|
||||
}
|
||||
|
||||
$length = $end - $start + 1;
|
||||
$fh = fopen($filepath, 'rb');
|
||||
fseek($fh, $start);
|
||||
$body = stream_get_contents($fh, $length);
|
||||
fclose($fh);
|
||||
|
||||
return new Response(206, $baseHeaders + [
|
||||
'Content-Range' => "bytes $start-$end/$size",
|
||||
'Content-Length' => (string) $length,
|
||||
], $body);
|
||||
}
|
||||
|
||||
// Full file — stream the resource so we don't buffer it all in memory.
|
||||
$body = Stream::create(fopen($filepath, 'rb'));
|
||||
|
||||
return new Response(200, $baseHeaders + ['Content-Length' => (string) $size], $body);
|
||||
}
|
||||
|
||||
private function error(int $code): ResponseInterface
|
||||
{
|
||||
$text = [403 => 'Forbidden', 404 => 'Not Found'][$code] ?? 'Error';
|
||||
|
||||
return new Response($code, [
|
||||
'Content-Type' => 'text/plain; charset=utf-8',
|
||||
'Cache-Control' => 'no-store',
|
||||
], $text);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,543 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Grav\Plugin\FlexObjects\Controllers;
|
||||
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Framework\Flex\FlexForm;
|
||||
use Grav\Framework\Flex\FlexObject;
|
||||
use Grav\Framework\Flex\Interfaces\FlexAuthorizeInterface;
|
||||
use Grav\Framework\Route\Route;
|
||||
use Grav\Plugin\FlexObjects\Events\FlexTaskEvent;
|
||||
use Nyholm\Psr7\ServerRequest;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use RocketTheme\Toolbox\Event\Event;
|
||||
use RuntimeException;
|
||||
|
||||
/**
|
||||
* Object controller is for the frontend.
|
||||
*
|
||||
* Currently following tasks are supported:
|
||||
*
|
||||
* - save (create or update)
|
||||
* - create
|
||||
* - update
|
||||
* - delete
|
||||
* - reset
|
||||
* - preview
|
||||
*/
|
||||
class ObjectController extends AbstractController
|
||||
{
|
||||
/**
|
||||
* Save object.
|
||||
*
|
||||
* Forwards call to either create or update task.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskSave(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$form = $this->getForm();
|
||||
$object = $form->getObject();
|
||||
|
||||
return $object->exists() ? $this->taskUpdate($request) : $this->taskCreate($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create object.
|
||||
*
|
||||
* Task fails if object exists.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskCreate(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('create');
|
||||
|
||||
$form = $this->getForm();
|
||||
$callable = function (array $data, array $files, FlexObject $object) {
|
||||
if (method_exists($object, 'storeOriginal')) {
|
||||
$object->storeOriginal();
|
||||
}
|
||||
$object->update($data, $files);
|
||||
if (\is_callable([$object, 'check'])) {
|
||||
$object->check($this->user);
|
||||
}
|
||||
|
||||
$event = new FlexTaskEvent($this, $object, 'create');
|
||||
$this->grav->dispatchEvent($event);
|
||||
|
||||
$object->save();
|
||||
};
|
||||
|
||||
$form->setSubmitMethod($callable);
|
||||
$form->handleRequest($request);
|
||||
if (!$form->isValid()) {
|
||||
$error = $form->getError();
|
||||
if ($error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
$errors = $form->getErrors();
|
||||
foreach ($errors as $field) {
|
||||
foreach ($field as $error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
}
|
||||
|
||||
$data = $form->getData();
|
||||
if (null !== $data) {
|
||||
$object = $form->getObject();
|
||||
$flash = $form->getFlash();
|
||||
$flash->setObject($object);
|
||||
$flash->setData($data->toArray());
|
||||
$flash->save();
|
||||
}
|
||||
|
||||
return $this->createDisplayResponse();
|
||||
}
|
||||
|
||||
// FIXME: make it conditional
|
||||
$grav = $this->grav;
|
||||
$grav->fireEvent('gitsync');
|
||||
|
||||
$this->object = $form->getObject();
|
||||
$event = new Event(
|
||||
[
|
||||
'task' => 'create',
|
||||
'controller' => $this,
|
||||
'object' => $this->object,
|
||||
'response' => null,
|
||||
'message' => null,
|
||||
]
|
||||
);
|
||||
|
||||
$this->grav->fireEvent("flex.{$this->type}.task.create.after", $event);
|
||||
|
||||
$this->setMessage($event['message'] ?? $this->translate('PLUGIN_FLEX_OBJECTS.STATE.CREATED_SUCCESSFULLY'), 'info');
|
||||
|
||||
if ($event['response']) {
|
||||
return $event['response'];
|
||||
}
|
||||
|
||||
|
||||
$redirect = $request->getAttribute('redirect', (string)$request->getUri());
|
||||
|
||||
return $this->createRedirectResponse($redirect, 303);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update object.
|
||||
*
|
||||
* Task fails if object does not exist.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskUpdate(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('update');
|
||||
|
||||
$form = $this->getForm();
|
||||
$callable = function (array $data, array $files, FlexObject $object) {
|
||||
if (method_exists($object, 'storeOriginal')) {
|
||||
$object->storeOriginal();
|
||||
}
|
||||
$object->update($data, $files);
|
||||
if (\is_callable([$object, 'check'])) {
|
||||
$object->check($this->user);
|
||||
}
|
||||
|
||||
$event = new FlexTaskEvent($this, $object, 'update');
|
||||
$this->grav->dispatchEvent($event);
|
||||
|
||||
$object->save();
|
||||
};
|
||||
|
||||
$form->setSubmitMethod($callable);
|
||||
$form->handleRequest($request);
|
||||
if (!$form->isValid()) {
|
||||
$error = $form->getError();
|
||||
if ($error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
$errors = $form->getErrors();
|
||||
foreach ($errors as $field) {
|
||||
foreach ($field as $error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
}
|
||||
|
||||
$data = $form->getData();
|
||||
if (null !== $data) {
|
||||
$object = $form->getObject();
|
||||
$flash = $form->getFlash();
|
||||
$flash->setObject($object);
|
||||
$flash->setData($data->toArray());
|
||||
$flash->save();
|
||||
}
|
||||
|
||||
return $this->createDisplayResponse();
|
||||
}
|
||||
|
||||
// FIXME: make it conditional
|
||||
$grav = $this->grav;
|
||||
$grav->fireEvent('gitsync');
|
||||
|
||||
$this->object = $form->getObject();
|
||||
$event = new Event(
|
||||
[
|
||||
'task' => 'update',
|
||||
'controller' => $this,
|
||||
'object' => $this->object,
|
||||
'response' => null,
|
||||
'message' => null,
|
||||
]
|
||||
);
|
||||
|
||||
$this->grav->fireEvent("flex.{$this->type}.task.update.after", $event);
|
||||
|
||||
$this->setMessage($event['message'] ?? $this->translate('PLUGIN_FLEX_OBJECTS.STATE.UPDATED_SUCCESSFULLY'), 'info');
|
||||
|
||||
if ($event['response']) {
|
||||
return $event['response'];
|
||||
}
|
||||
|
||||
$redirect = $request->getAttribute('redirect', (string)$request->getUri()->getPath());
|
||||
|
||||
return $this->createRedirectResponse($redirect, 303);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete object.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskDelete(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('delete');
|
||||
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
$event = new FlexTaskEvent($this, $object, 'delete');
|
||||
$this->grav->dispatchEvent($event);
|
||||
|
||||
$object->delete();
|
||||
|
||||
// FIXME: make it conditional
|
||||
$grav = $this->grav;
|
||||
$grav->fireEvent('gitsync');
|
||||
|
||||
$event = new Event(
|
||||
[
|
||||
'task' => 'delete',
|
||||
'controller' => $this,
|
||||
'object' => $object,
|
||||
'response' => null,
|
||||
'message' => null,
|
||||
]
|
||||
);
|
||||
|
||||
$this->grav->fireEvent("flex.{$this->type}.task.delete.after", $event);
|
||||
|
||||
$this->setMessage($this->translate($event['message'] ?? 'PLUGIN_FLEX_OBJECTS.STATE.DELETED_SUCCESSFULLY'), 'info');
|
||||
|
||||
if ($event['response']) {
|
||||
return $event['response'];
|
||||
}
|
||||
|
||||
$redirect = $request->getAttribute('redirect', (string)$request->getUri()->getPath());
|
||||
|
||||
return $this->createRedirectResponse($redirect, 303);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset form to original values.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskReset(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('save');
|
||||
|
||||
$flash = $this->getForm()->getFlash();
|
||||
$flash->delete();
|
||||
|
||||
$redirect = $request->getAttribute('redirect', (string)$request->getUri()->getPath());
|
||||
|
||||
return $this->createRedirectResponse($redirect, 303);
|
||||
}
|
||||
|
||||
/**
|
||||
* Preview object.
|
||||
*
|
||||
* Takes a form input and converts it to visible presentation of the object.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskPreview(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('save');
|
||||
|
||||
/** @var FlexForm $form */
|
||||
$form = $this->getForm('edit');
|
||||
$form->setRequest($request);
|
||||
if (!$form->validate()) {
|
||||
$error = $form->getError();
|
||||
if ($error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
$errors = $form->getErrors();
|
||||
foreach ($errors as $field) {
|
||||
foreach ($field as $error) {
|
||||
$this->setMessage($error, 'error');
|
||||
}
|
||||
}
|
||||
|
||||
return $this->createRedirectResponse((string)$request->getUri(), 303);
|
||||
}
|
||||
|
||||
$this->object = $form->updateObject();
|
||||
|
||||
return $this->actionDisplayPreview();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaList(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('action', 'media.list');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaUpload(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('task', 'media.upload');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaUploadMeta(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('task', 'media.upload.meta');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaReorder(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('task', 'media.reorder');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskMediaDelete(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('task', 'media.delete');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function taskGetFilesInFolder(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
$directory = $this->getDirectory();
|
||||
if (!$directory) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
return $this->forwardMediaTask('action', 'media.picker');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
* @deprecated Do not use
|
||||
*/
|
||||
public function taskFilesUpload(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
/** @var Route $route */
|
||||
$route = $this->grav['route'];
|
||||
if ($route->getParam('task') === 'media.upload') {
|
||||
return $this->taskMediaUpload($request);
|
||||
}
|
||||
|
||||
throw new RuntimeException('Task filesUpload should not be called, please update form plugin!', 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @return ResponseInterface
|
||||
* @deprecated Do not use
|
||||
*/
|
||||
public function taskRemoveMedia(ServerRequestInterface $request): ResponseInterface
|
||||
{
|
||||
/** @var Route $route */
|
||||
$route = $this->grav['route'];
|
||||
if ($route->getParam('task') === 'media.delete') {
|
||||
return $this->taskMediaDelete($request);
|
||||
}
|
||||
|
||||
throw new RuntimeException('Task removeMedia should not be called, please update form plugin!', 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* Display object preview.
|
||||
*
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function actionDisplayPreview(): ResponseInterface
|
||||
{
|
||||
$this->checkAuthorization('save');
|
||||
$this->checkAuthorization('read');
|
||||
|
||||
$object = $this->getObject();
|
||||
if (!$object) {
|
||||
throw new RuntimeException('No object found!', 404);
|
||||
}
|
||||
|
||||
$grav = Grav::instance();
|
||||
|
||||
$grav['twig']->init();
|
||||
$grav['theme'];
|
||||
$content = [
|
||||
'code' => 200,
|
||||
'id' => $object->getKey(),
|
||||
'exists' => $object->exists(),
|
||||
'html' => (string)$object->render('preview', ['nocache' => []])
|
||||
];
|
||||
|
||||
$accept = $this->getAccept(['application/json', 'text/html']);
|
||||
if ($accept === 'text/html') {
|
||||
return $this->createHtmlResponse($content['html']);
|
||||
}
|
||||
if ($accept === 'application/json') {
|
||||
return $this->createJsonResponse($content);
|
||||
}
|
||||
|
||||
throw new RuntimeException('Not found', 404);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $action
|
||||
* @param string|null $scope
|
||||
* @return void
|
||||
* @throws RuntimeException
|
||||
*/
|
||||
public function checkAuthorization(string $action, ?string $scope = null): void
|
||||
{
|
||||
$object = $this->getObject();
|
||||
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if ($object instanceof FlexAuthorizeInterface) {
|
||||
if (!$object->isAuthorized($action, $scope, $this->user)) {
|
||||
throw new RuntimeException('Forbidden', 403);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param string[] $actions
|
||||
* @return void
|
||||
* @throws RuntimeException
|
||||
*/
|
||||
public function checkAuthorizations(array $actions): void
|
||||
{
|
||||
$object = $this->getObject();
|
||||
|
||||
if (!$object) {
|
||||
throw new RuntimeException('Not Found', 404);
|
||||
}
|
||||
|
||||
if ($object instanceof FlexAuthorizeInterface) {
|
||||
$test = false;
|
||||
foreach ($actions as $action) {
|
||||
$test |= $object->isAuthorized($action, null, $this->user);
|
||||
}
|
||||
|
||||
if (!$test) {
|
||||
throw new RuntimeException('Forbidden', 403);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $type
|
||||
* @param string $name
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
protected function forwardMediaTask(string $type, string $name): ResponseInterface
|
||||
{
|
||||
/** @var Route $route */
|
||||
$route = $this->grav['route']->withGravParam('task', null)->withGravParam($type, $name);
|
||||
$object = $this->getObject();
|
||||
|
||||
/** @var ServerRequest $request */
|
||||
$request = $this->grav['request'];
|
||||
$request = $request
|
||||
->withAttribute($type, $name)
|
||||
->withAttribute('type', $this->type)
|
||||
->withAttribute('key', $this->key)
|
||||
->withAttribute('storage_key', $object && $object->exists() ? $object->getStorageKey() : null)
|
||||
->withAttribute('route', $route)
|
||||
->withAttribute('forwarded', true)
|
||||
->withAttribute('object', $object);
|
||||
|
||||
$controller = new MediaController();
|
||||
if ($this->user) {
|
||||
$controller->setUser($this->user);
|
||||
}
|
||||
|
||||
return $controller->handle($request);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user