mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-09-04 03:43:07 +00:00
Catch CSRF issues
This commit is contained in:
James Cole
@@ -34,6 +34,7 @@ use FireflyIII\Support\Http\Controllers\ModelInformation;
|
||||
use FireflyIII\Support\Http\Controllers\RuleManagement;
|
||||
use FireflyIII\Support\Search\SearchInterface;
|
||||
use Illuminate\Contracts\View\Factory;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Redirector;
|
||||
@@ -237,15 +238,17 @@ class CreateController extends Controller
|
||||
/**
|
||||
* @param Rule $rule
|
||||
*
|
||||
* @return RedirectResponse
|
||||
* @return JsonResponse
|
||||
*/
|
||||
public function duplicate(Rule $rule): RedirectResponse
|
||||
public function duplicate(Request $request): JsonResponse
|
||||
{
|
||||
$newRule = $this->ruleRepos->duplicate($rule);
|
||||
$ruleId = (int)$request->get('id');
|
||||
$rule = $this->ruleRepos->find($ruleId);
|
||||
if (null !== $rule) {
|
||||
$this->ruleRepos->duplicate($rule);
|
||||
}
|
||||
|
||||
session()->flash('success', trans('firefly.duplicated_rule', ['title' => $rule->title, 'newTitle' => $newRule->title]));
|
||||
|
||||
return redirect(route('rules.index'));
|
||||
return new JsonResponse(['OK']);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -28,6 +28,7 @@ use FireflyIII\Http\Requests\RuleGroupFormRequest;
|
||||
use FireflyIII\Models\RuleGroup;
|
||||
use FireflyIII\Repositories\RuleGroup\RuleGroupRepositoryInterface;
|
||||
use Illuminate\Contracts\View\Factory;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Redirector;
|
||||
@@ -62,24 +63,38 @@ class EditController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* Move a rule group down.
|
||||
* Move a rule group in either direction.
|
||||
*
|
||||
* @param RuleGroup $ruleGroup
|
||||
* @param Request $request
|
||||
*
|
||||
* @return RedirectResponse|Redirector
|
||||
* @return JsonResponse
|
||||
*/
|
||||
public function down(RuleGroup $ruleGroup)
|
||||
public function moveGroup(Request $request): JsonResponse
|
||||
{
|
||||
$maxOrder = $this->repository->maxOrder();
|
||||
$order = (int)$ruleGroup->order;
|
||||
if ($order < $maxOrder) {
|
||||
$newOrder = $order + 1;
|
||||
$this->repository->setOrder($ruleGroup, $newOrder);
|
||||
$groupId = (int)$request->get('id');
|
||||
$ruleGroup= $this->repository->find($groupId);
|
||||
if(null !== $ruleGroup) {
|
||||
$direction = $request->get('direction');
|
||||
if('down' === $direction) {
|
||||
$maxOrder = $this->repository->maxOrder();
|
||||
$order = (int)$ruleGroup->order;
|
||||
if ($order < $maxOrder) {
|
||||
$newOrder = $order + 1;
|
||||
$this->repository->setOrder($ruleGroup, $newOrder);
|
||||
}
|
||||
}
|
||||
if('up' === $direction) {
|
||||
$order = (int)$ruleGroup->order;
|
||||
if ($order > 1) {
|
||||
$newOrder = $order - 1;
|
||||
$this->repository->setOrder($ruleGroup, $newOrder);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return redirect(route('rules.index'));
|
||||
return new JsonResponse(['OK']);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Edit a rule group.
|
||||
*
|
||||
@@ -106,25 +121,6 @@ class EditController extends Controller
|
||||
return prefixView('rules.rule-group.edit', compact('ruleGroup', 'subTitle'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Move the rule group up.
|
||||
*
|
||||
* @param RuleGroup $ruleGroup
|
||||
*
|
||||
* @return RedirectResponse|Redirector
|
||||
*
|
||||
*/
|
||||
public function up(RuleGroup $ruleGroup)
|
||||
{
|
||||
$order = (int)$ruleGroup->order;
|
||||
if ($order > 1) {
|
||||
$newOrder = $order - 1;
|
||||
$this->repository->setOrder($ruleGroup, $newOrder);
|
||||
}
|
||||
|
||||
return redirect(route('rules.index'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the rule group.
|
||||
*
|
||||
|
||||
@@ -329,10 +329,8 @@ class RuleGroupRepository implements RuleGroupRepositoryInterface
|
||||
*/
|
||||
public function resetOrder(): bool
|
||||
{
|
||||
$this->user->ruleGroups()->where('active', false)->update(['order' => 0]);
|
||||
$set = $this->user
|
||||
->ruleGroups()
|
||||
->where('active', true)
|
||||
->whereNull('deleted_at')
|
||||
->orderBy('order', 'ASC')
|
||||
->orderBy('title', 'DESC')
|
||||
@@ -363,7 +361,6 @@ class RuleGroupRepository implements RuleGroupRepositoryInterface
|
||||
{
|
||||
$set = $ruleGroup->rules()
|
||||
->orderBy('order', 'ASC')
|
||||
->where('active', true)
|
||||
->orderBy('title', 'DESC')
|
||||
->orderBy('updated_at', 'DESC')
|
||||
->get(['rules.*']);
|
||||
|
||||
Reference in New Issue
Block a user