OmarElGabry/miniPHP

View on GitHub
app/controllers/PostsController.php

Summary

Maintainability
A
0 mins
Test Coverage
<?php

/**
 * Posts controller
 *
 * @license    http://opensource.org/licenses/MIT The MIT License (MIT)
 * @author     Omar El Gabry <omar.elgabry.93@gmail.com>
 */

class PostsController extends Controller{


    public function beforeAction(){

        parent::beforeAction();

        Config::setJsConfig('curPage', "posts");

        $action  = $this->request->param('action');
        $actions = ['create', 'update'];
        $this->Security->requirePost($actions);

        switch($action){
            case "create":
                $this->Security->config("form", [ 'fields' => ['title', 'content']]);
                break;
            case "update":
                $this->Security->config("form", [ 'fields' => ['post_id', 'title', 'content']]);
                break;
            case "delete":
                $this->Security->config("validateCsrfToken", true);
                $this->Security->config("form", [ 'fields' => ['post_id']]);
                break;
        }
    }

    /**
     * show posts page
     *
     */
    public function index(){

        // clear all notifications
        $this->user->clearNotifications(Session::getUserId(), $this->post->table);

        $pageNum  = $this->request->query("page");

        $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'posts/index.php', ['pageNum' => $pageNum]);
    }

    /**
     * view a post
     *
     * @param integer|string $postId
     */
    public function view($postId = 0){

        $postId = Encryption::decryptId($postId);

        if(!$this->post->exists($postId)){
            return $this->error(404);
        }

        Config::setJsConfig('curPage', ["posts", "comments"]);
        Config::setJsConfig('postId', Encryption::encryptId($postId));

        $action  = $this->request->query('action');
        $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'posts/viewPost.php', ["action"=> $action, "postId" => $postId]);
    }

    /**
     * show new post form
     */
    public function newPost(){
        $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'posts/newPost.php');
    }

    /**
     * creates a new post
     *
     */
    public function create(){

        $title    = $this->request->data("title");
        $content  = $this->request->data("content");

        $result = $this->post->create(Session::getUserId(), $title, $content);

        if(!$result){
            Session::set('posts-errors', $this->post->errors());
        }else{
            Session::set('posts-success', "Post has been created");
        }

        return $this->redirector->root("Posts/newPost");
    }

    /**
     * update a post
     *
     */
    public function update(){

        $postId  = $this->request->data("post_id");
        $title   = $this->request->data("title");
        $content = $this->request->data("content");

        $postId = Encryption::decryptId($postId);

        if(!$this->post->exists($postId)){
            return $this->error(404);
        }

        $post = $this->post->update($postId, $title, $content);

        if(!$post){

            Session::set('posts-errors', $this->post->errors());
            return $this->redirector->root("Posts/View/" . urlencode(Encryption::encryptId($postId)) . "?action=update");

        }else{
            return $this->redirector->root("Posts/View/" . urlencode(Encryption::encryptId($postId)));
        }
    }

    public function delete($postId = 0){

        $postId = Encryption::decryptId($postId);

        if(!$this->post->exists($postId)){
            return $this->error(404);
        }

        $this->post->deleteById($postId);

        return $this->redirector->root("Posts");
    }

    public function isAuthorized(){

        $action = $this->request->param('action');
        $role = Session::getUserRole();
        $resource = "posts";

        // only for admins
        Permission::allow('admin', $resource, ['*']);

        // only for normal users
        Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']);
        Permission::allow('user', $resource, ['update', 'delete'], 'owner');

        $postId  = ($action === "delete")? $this->request->param("args")[0]: $this->request->data("post_id");
        if(!empty($postId)){
            $postId = Encryption::decryptId($postId);
        } 

        $config = [
            "user_id" => Session::getUserId(),
            "table" => "posts",
            "id" => $postId
        ];

        return Permission::check($role, $resource, $action, $config);
    }
}