silverstripe-framework/Forms/UploadField_ItemHandler.php
Sam Minnee 93a0122c0f FIX: Don’t treat URLs as root relative when FRAMEWORK_DIR = “”
Code was assuming that FRAMEWORK_DIR would always have a value. If it
doesn’t (because you’re running a test instance of a naked framework)
This caused URLs to be treated as root relative, which creates some
duplicate-inclusion bugs.

The use of ltrim() works, but is a bit clumsy. A more flexible approach
to including front-end assets of given modules would be preferable;
ideally something that also let you keep your code outside of the
web root.
2016-09-16 16:16:39 +12:00

224 lines
4.4 KiB
PHP

<?php
namespace SilverStripe\Forms;
use SilverStripe\Assets\File;
use SilverStripe\Assets\Folder;
use SilverStripe\Control\Controller;
use SilverStripe\Control\RequestHandler;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\View\Requirements;
/**
* RequestHandler for actions (edit, remove, delete) on a single item (File) of the UploadField
*
* @author Zauberfisch
*/
class UploadField_ItemHandler extends RequestHandler
{
/**
* @var UploadFIeld
*/
protected $parent;
/**
* @var int FileID
*/
protected $itemID;
private static $url_handlers = array(
'$Action!' => '$Action',
'' => 'index',
);
private static $allowed_actions = array(
'delete',
'edit',
'EditForm',
);
/**
* @param UploadFIeld $parent
* @param int $itemID
*/
public function __construct($parent, $itemID)
{
$this->parent = $parent;
$this->itemID = $itemID;
parent::__construct();
}
/**
* @return File
*/
public function getItem()
{
return DataObject::get_by_id('SilverStripe\\Assets\\File', $this->itemID);
}
/**
* @param string $action
* @return string
*/
public function Link($action = null)
{
return Controller::join_links($this->parent->Link(), '/item/', $this->itemID, $action);
}
/**
* @return string
*/
public function DeleteLink()
{
$token = $this->parent->getForm()->getSecurityToken();
return $token->addToUrl($this->Link('delete'));
}
/**
* @return string
*/
public function EditLink()
{
return $this->Link('edit');
}
/**
* Action to handle deleting of a single file
*
* @param HTTPRequest $request
* @return HTTPResponse
*/
public function delete(HTTPRequest $request)
{
// Check form field state
if ($this->parent->isDisabled() || $this->parent->isReadonly()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->parent->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
// Check item permissions
$item = $this->getItem();
if (!$item) {
return $this->httpError(404);
}
if ($item instanceof Folder) {
return $this->httpError(403);
}
if (!$item->canDelete()) {
return $this->httpError(403);
}
$item->delete();
return null;
}
/**
* Action to handle editing of a single file
*
* @param HTTPRequest $request
* @return DBHTMLText
*/
public function edit(HTTPRequest $request)
{
// Check form field state
if ($this->parent->isDisabled() || $this->parent->isReadonly()) {
return $this->httpError(403);
}
// Check item permissions
$item = $this->getItem();
if (!$item) {
return $this->httpError(404);
}
if ($item instanceof Folder) {
return $this->httpError(403);
}
if (!$item->canEdit()) {
return $this->httpError(403);
}
Requirements::css(ltrim(FRAMEWORK_ADMIN_DIR . '/client/dist/styles/UploadField.css', '/'));
return $this->customise(array(
'Form' => $this->EditForm()
))->renderWith($this->parent->getTemplateFileEdit());
}
/**
* @return Form
*/
public function EditForm()
{
$file = $this->getItem();
if (!$file) {
return $this->httpError(404);
}
if ($file instanceof Folder) {
return $this->httpError(403);
}
if (!$file->canEdit()) {
return $this->httpError(403);
}
// Get form components
$fields = $this->parent->getFileEditFields($file);
$actions = $this->parent->getFileEditActions($file);
$validator = $this->parent->getFileEditValidator($file);
$form = new Form(
$this,
__FUNCTION__,
$fields,
$actions,
$validator
);
$form->loadDataFrom($file);
$form->addExtraClass('small');
return $form;
}
/**
* @param array $data
* @param Form $form
* @param HTTPRequest $request
* @return DBHTMLText
*/
public function doEdit(array $data, Form $form, HTTPRequest $request)
{
// Check form field state
if ($this->parent->isDisabled() || $this->parent->isReadonly()) {
return $this->httpError(403);
}
// Check item permissions
$item = $this->getItem();
if (!$item) {
return $this->httpError(404);
}
if ($item instanceof Folder) {
return $this->httpError(403);
}
if (!$item->canEdit()) {
return $this->httpError(403);
}
$form->saveInto($item);
$item->write();
$form->sessionMessage(_t('UploadField.Saved', 'Saved'), 'good');
return $this->edit($request);
}
}