diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/controller/shifts_controller.php | 16 | ||||
-rw-r--r-- | includes/helper/error_helper.php | 11 | ||||
-rw-r--r-- | includes/includes.php | 1 | ||||
-rw-r--r-- | includes/pages/user_atom.php | 16 | ||||
-rw-r--r-- | includes/pages/user_ical.php | 17 |
5 files changed, 28 insertions, 33 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index caf124ba..726814cf 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -1,5 +1,6 @@ <?php +use Engelsystem\Http\Exceptions\HttpForbidden; use Engelsystem\ShiftSignupState; /** @@ -348,17 +349,18 @@ function shift_next_controller() function shifts_json_export_controller() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('{"error":"Missing or invalid key"}', ['content-type' => 'application/json']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('shifts_json_export')) { - engelsystem_error('No privilege for shifts_json_export.'); + throw new HttpForbidden('{"error":"Not allowed"}', ['content-type' => 'application/json']); } $shifts = load_ical_shifts(); diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php deleted file mode 100644 index 9314a57a..00000000 --- a/includes/helper/error_helper.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -/** - * Displays a fatal message and stops execution. - * - * @param string $message - */ -function engelsystem_error($message) -{ - raw_output($message); -} diff --git a/includes/includes.php b/includes/includes.php index 855ff359..601a6ca2 100644 --- a/includes/includes.php +++ b/includes/includes.php @@ -60,7 +60,6 @@ $includeFiles = [ __DIR__ . '/../includes/helper/graph_helper.php', __DIR__ . '/../includes/helper/message_helper.php', - __DIR__ . '/../includes/helper/error_helper.php', __DIR__ . '/../includes/helper/email_helper.php', __DIR__ . '/../includes/mailer/shifts_mailer.php', diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 8e5b4858..a491fea7 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -1,6 +1,7 @@ <?php use Engelsystem\Database\DB; +use Engelsystem\Http\Exceptions\HttpForbidden; /** * Publically available page to feed the news to feed readers @@ -8,17 +9,18 @@ use Engelsystem\Database\DB; function user_atom() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || empty($user) + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (empty($user)) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('atom')) { - engelsystem_error('No privilege for atom.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $news = DB::select(' diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ee3a8340..2f3a7ccc 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -1,22 +1,25 @@ <?php +use Engelsystem\Http\Exceptions\HttpForbidden; + /** * Controller for ical output of users own shifts or any user_shifts filter. */ function user_ical() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('ical')) { - engelsystem_error('No privilege for ical.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $ical_shifts = load_ical_shifts(); |