deleteArticle -> Autorisierungsprüfung
This commit is contained in:
@@ -40,15 +40,15 @@ interface ArticleManagerDAO
|
|||||||
public function updateArticle($id, $article, $author);
|
public function updateArticle($id, $article, $author);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Löscht einen Beitrag aus übergebener ID.
|
* Löscht einen Beitrag aus übergebener ID und dem Nutzer, der die Löschung ausführt.
|
||||||
* TODO: sollte auch die Autorisierung prüfen...
|
|
||||||
* @param $id
|
* @param $id
|
||||||
|
* @param $author
|
||||||
* @return void
|
* @return void
|
||||||
* @throws InternalServerErrorException
|
* @throws InternalServerErrorException
|
||||||
* @throws NotFoundException
|
* @throws NotFoundException
|
||||||
* @throws UnauthorizedAccessException
|
* @throws UnauthorizedAccessException
|
||||||
*/
|
*/
|
||||||
public function deleteArticle($id);
|
public function deleteArticle($id, $author);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Beitrag aufrufen.
|
* Beitrag aufrufen.
|
||||||
|
|||||||
@@ -147,9 +147,18 @@ class DatabaseArticleManager implements ArticleManagerDAO {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function deleteArticle($id)
|
public function deleteArticle($id, $author)
|
||||||
{
|
{
|
||||||
// TODO: Sollte auch die Autorisierung prüfen...
|
$article = getArticle($id);
|
||||||
|
if (empty($article)) {
|
||||||
|
throw new NotFoundException("not_found_article");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Berechtigungsprüfung:
|
||||||
|
if ($article->getAuthor() !== $author) {
|
||||||
|
throw new UnauthorizedAccessException("unauthorized_access");
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$db = $this->getConnection();
|
$db = $this->getConnection();
|
||||||
$sql = "DELETE FROM articles WHERE id = :id;";
|
$sql = "DELETE FROM articles WHERE id = :id;";
|
||||||
|
|||||||
@@ -102,9 +102,18 @@ class LocalArticleManager implements ArticleManagerDAO {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function deleteArticle($id)
|
public function deleteArticle($id, $author)
|
||||||
{
|
{
|
||||||
// TODO: Sollte auch die Autorisierung prüfen...
|
$article = getArticle($id);
|
||||||
|
if (empty($article)) {
|
||||||
|
throw new NotFoundException("not_found_article");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Berechtigungsprüfung:
|
||||||
|
if ($article->getAuthor() !== $author) {
|
||||||
|
throw new UnauthorizedAccessException("unauthorized_access");
|
||||||
|
}
|
||||||
|
|
||||||
$articles = $this->getAllArticles();
|
$articles = $this->getAllArticles();
|
||||||
$articleFound = false;
|
$articleFound = false;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user