99 lines
3.5 KiB
PHP
99 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Grav\Plugin\Api\Controllers;
|
|
|
|
use Grav\Plugin\Api\Exceptions\NotFoundException;
|
|
use Grav\Plugin\Api\Response\ApiResponse;
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use RocketTheme\Toolbox\Event\Event;
|
|
|
|
/**
|
|
* Menubar API — lets plugins register toolbar items with executable actions.
|
|
*
|
|
* Plugins listen for `onApiMenubarItems` to register items and
|
|
* `onApiMenubarAction` to handle action execution.
|
|
*
|
|
* Item format:
|
|
* [
|
|
* 'id' => 'warm-cache', // unique identifier
|
|
* 'plugin' => 'warm-cache', // owning plugin slug
|
|
* 'label' => 'Warm Cache', // tooltip / display name
|
|
* 'icon' => 'fa-tachometer', // FA icon class
|
|
* 'action' => 'warm', // action key for POST
|
|
* 'confirm' => 'Warm the cache?', // optional confirmation prompt
|
|
* 'authorize' => 'api.some.permission', // optional — string or array (any-of)
|
|
* ]
|
|
*
|
|
* `authorize` follows the same string-or-array semantics as the sidebar API.
|
|
* Items without `authorize` are visible to every authenticated user.
|
|
*/
|
|
class MenubarController extends AbstractApiController
|
|
{
|
|
/**
|
|
* GET /menubar/items — Collect menu items from plugins, filtered by the
|
|
* current user's permissions.
|
|
*/
|
|
public function items(ServerRequestInterface $request): ResponseInterface
|
|
{
|
|
$this->requirePermission($request, 'api.access');
|
|
|
|
$user = $this->getUser($request);
|
|
$event = new Event(['items' => [], 'user' => $user]);
|
|
$this->grav->fireEvent('onApiMenubarItems', $event);
|
|
|
|
$isSuperAdmin = $this->isSuperAdmin($user);
|
|
$filtered = [];
|
|
foreach ($event['items'] as $item) {
|
|
if (!$this->userPassesAuthorize($user, $item['authorize'] ?? null, $isSuperAdmin)) {
|
|
continue;
|
|
}
|
|
// Strip the authorize field — it's a server-side annotation, not client data
|
|
unset($item['authorize']);
|
|
$filtered[] = $item;
|
|
}
|
|
|
|
return ApiResponse::create($filtered);
|
|
}
|
|
|
|
/**
|
|
* POST /menubar/actions/{plugin}/{action} — Execute a plugin action.
|
|
*/
|
|
public function executeAction(ServerRequestInterface $request): ResponseInterface
|
|
{
|
|
$this->requirePermission($request, 'api.access');
|
|
|
|
$plugin = $this->getRouteParam($request, 'plugin');
|
|
$action = $this->getRouteParam($request, 'action');
|
|
$body = $this->getRequestBody($request);
|
|
|
|
$sentinel = "__no_handler_{$plugin}_{$action}__";
|
|
$event = new Event([
|
|
'plugin' => $plugin,
|
|
'action' => $action,
|
|
'body' => $body,
|
|
'user' => $this->getUser($request),
|
|
'result' => [
|
|
'status' => 'error',
|
|
'message' => $sentinel,
|
|
],
|
|
]);
|
|
|
|
$this->grav->fireEvent('onApiMenubarAction', $event);
|
|
|
|
$result = $event['result'];
|
|
|
|
// Distinguish "no plugin registered for this action" from a handler
|
|
// that ran and reported a domain-level failure (e.g. auth error from
|
|
// Cloudflare). The former is a 404; the latter is a successful API
|
|
// call that the client will toast as an error based on result.status.
|
|
if (($result['message'] ?? null) === $sentinel) {
|
|
throw new NotFoundException("No handler registered for action '{$plugin}/{$action}'.");
|
|
}
|
|
|
|
return ApiResponse::create($result, 200);
|
|
}
|
|
}
|