Commit 4df983ce authored by Chenu Denis's avatar Chenu Denis

[fix] Better protection of public method

parent ad55cc04
......@@ -5,7 +5,7 @@
* @author Denis Chenu <denis@sondages.pro>
* @copyright 2018-2020 Denis Chenu <http://www.sondages.pro>
* @license AGPL v3
* @version 3.3.2
* @version 3.3.3-beta1
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
......@@ -291,21 +291,24 @@ class reloadAnyResponse extends PluginBase {
$this->subscribe("beforeLogout","deleteAllBySessionId");
}
/**
* Delete all related current survey session from this user
* @return @void
*/
public function deleteAllBySessionId()
{
if($this->getEvent()->getEventName() != "beforeLogout") {
return;
/**
* Delete all related current survey session from this user
* @return @void
*/
public function deleteAllBySessionId()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
\reloadAnyResponse\models\surveySession::deleteAllBySessionId();
}
\reloadAnyResponse\models\surveySession::deleteAllBySessionId();
}
/** @inheritdoc **/
public function getPluginSettings($getValues=true)
{
if(!Permission::model()->hasGlobalPermission('settings','read')) {
throw new CHttpException(403);
}
/* @todo translation of label and help */
$pluginSetting = parent::getPluginSettings($getValues);
return $pluginSetting;
......@@ -313,6 +316,9 @@ class reloadAnyResponse extends PluginBase {
/** @inheritdoc **/
public function saveSettings($settings)
{
if(!Permission::model()->hasGlobalPermission('settings','update')) {
throw new CHttpException(403);
}
parent::saveSettings($settings);
if (!empty($settings['keepMaxStep']) && intval($settings['keepMaxStep'])) {
$criteria = new CDBcriteria;
......@@ -331,6 +337,9 @@ class reloadAnyResponse extends PluginBase {
/** @inheritdoc **/
public function beforeSurveySettings()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$oEvent = $this->event;
$oSurvey = Survey::model()->findByPk($oEvent->get('survey'));
/* currentDefault translation */
......@@ -546,6 +555,9 @@ class reloadAnyResponse extends PluginBase {
*/
public function beforeControllerAction()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->getEvent()->get("controller") == "survey" && $this->getEvent()->get("action") == "index") {
$this->checkSurveyAttributes();
return;
......@@ -581,7 +593,7 @@ class reloadAnyResponse extends PluginBase {
* Check if survey seetings need to be updated with current params
* @return void
*/
public function checkSurveyAttributes()
private function checkSurveyAttributes()
{
$sid = App()->getRequest()->getParam('sid');
$srid = App()->getRequest()->getParam('srid');
......@@ -608,12 +620,18 @@ class reloadAnyResponse extends PluginBase {
*/
public function setSurveyEditable()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$this->getEvent()->set('alloweditaftercompletion','Y');
}
/** @inheritdoc **/
public function newSurveySettings()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$event = $this->event;
foreach ($event->get('settings') as $name => $value) {
$this->set($name, $value, 'Survey', $event->get('survey'));
......@@ -626,6 +644,9 @@ class reloadAnyResponse extends PluginBase {
/** @inheritdoc **/
public function afterSurveyActivate()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if ($this->event->get("simulate")) {
return;
}
......@@ -639,6 +660,9 @@ class reloadAnyResponse extends PluginBase {
**/
public function afterSurveySave()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->_getCurrentSetting('deleteLinkWhenSurveyDeactivated')) {
$oSurvey = $this->getEvent()->get('model');
if($oSurvey->sid && $oSurvey->active != 'Y') {
......@@ -655,6 +679,9 @@ class reloadAnyResponse extends PluginBase {
**/
public function afterSurveyDelete()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->_getCurrentSetting('deleteLinkWhenSurveyDeleted')) {
$oSurvey = $this->getEvent()->get('model');
if($oSurvey->sid) {
......@@ -672,6 +699,9 @@ class reloadAnyResponse extends PluginBase {
**/
public function beforeSurveyDeleteMany()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->_getCurrentSetting('deleteLinkWhenSurveyDeleted')) {
$criteria = $this->getEvent()->get('filterCriteria');
}
......@@ -684,6 +714,9 @@ class reloadAnyResponse extends PluginBase {
**/
public function afterModelSave()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$oModel = $this->getEvent()->get('model');
$className = get_class($oModel);
/* Create responlink for survey and srid (work when start a survey) */
......@@ -719,6 +752,9 @@ class reloadAnyResponse extends PluginBase {
**/
public function afterModelDelete()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->_getCurrentSetting('deleteLinkWhenResponseDeleted')) {
$oModel = $this->getEvent()->get('model');
$className = get_class($oModel);
......@@ -735,6 +771,9 @@ class reloadAnyResponse extends PluginBase {
/** @See event */
public function beforeLoadResponse()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$srid = App()->getRequest()->getQuery('srid');
$surveyId = $this->getEvent()->get('surveyId');
$oSurvey = Survey::model()->findByPk($surveyId);
......@@ -776,6 +815,9 @@ class reloadAnyResponse extends PluginBase {
/** @inheritdoc **/
public function beforeSurveyPage()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
/* Save current session Id to allow same user to reload survey in same browser */
/* resetAllSessionVariables regenerate session id */
/* Keep previous session id, if user reload start url it reset the sessionId, need to leav access */
......@@ -853,6 +895,9 @@ class reloadAnyResponse extends PluginBase {
*/
public function getPluginTwigPath()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$this->unsubscribe('getPluginTwigPath');
if(!$this->surveyId) {
return;
......@@ -889,6 +934,9 @@ class reloadAnyResponse extends PluginBase {
*/
public function addPluginTwigPath()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$viewPath = dirname(__FILE__)."/twig";
$this->getEvent()->append('add', array($viewPath));
}
......@@ -900,6 +948,9 @@ class reloadAnyResponse extends PluginBase {
*/
public function beforeQuestionRender()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->reloadedSrid) {
$hiddenInput = CHtml::hiddenField('reloadAnyResponseSrid',$this->reloadedSrid);
$this->getEvent()->set("answers",$this->getEvent()->get("answers").$hiddenInput);
......@@ -911,6 +962,9 @@ class reloadAnyResponse extends PluginBase {
*/
public function afterSurveyDeleteSurveySession()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$surveyId = $this->getEvent()->get('surveyId');
$responseId = $this->getEvent()->get('responseId');
if(!empty($surveyId) && !empty($responseId)) {
......@@ -921,6 +975,9 @@ class reloadAnyResponse extends PluginBase {
/** @inheritdoc **/
public function newDirectRequest()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
if($this->getEvent()->get('target') != get_class($this)) {
return;
}
......@@ -936,8 +993,9 @@ class reloadAnyResponse extends PluginBase {
* @param integer $surveyId
* @return void
*/
public function actionOnClearAll($surveyId)
private function actionOnClearAll($surveyId)
{
$srid = \reloadAnyResponse\Utilities::getCurrentSrid($surveyId);
\reloadAnyResponse\models\surveySession::model()->deleteByPk(array('sid'=>$surveyId,'srid'=>$srid));
......@@ -966,8 +1024,16 @@ class reloadAnyResponse extends PluginBase {
$this->subscribe('getPluginTwigPath', 'clearAllAction');
}
/**
* Do the clear all action in twig event
* Thei function is registred in beforeSurveypage
*/
public function clearAllAction()
{
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$this->unsubscribe('getPluginTwigPath');
$surveyId = $this->surveyId;
$action = $this->_getCurrentSetting('clearAllAction', $surveyId);
......@@ -1124,6 +1190,9 @@ class reloadAnyResponse extends PluginBase {
* @see event afterPluginLoad
*/
public function setConfigInAfterPluginLoad(){
if (!$this->getEvent()) {
throw new CHttpException(403);
}
$this->_createDb();
if(!empty(Yii::app()->getConfig('surveysessiontime_limit')) ) {
/* Allow to force surveysessiontime_limit in config.php , to do : show it to admin */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment