From 86c33859dbb59f6e9cd3b335e7805a4d2150cd3a Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 27 Aug 2021 20:10:08 +0900
Subject: [PATCH] Clean up access modifiers and grant processing in Board API;
 fix #1780

---
 modules/board/board.api.php | 192 +++++++++++++++++++++---------------
 1 file changed, 115 insertions(+), 77 deletions(-)

diff --git a/modules/board/board.api.php b/modules/board/board.api.php
index 4ee1fde01..49eb68310 100644
--- a/modules/board/board.api.php
+++ b/modules/board/board.api.php
@@ -7,33 +7,29 @@
  * @brief  board module View Action에 대한 API 처리
  **/
 
-class boardAPI extends board {
-
-/* do not use dispBoardContent .
-	function dispBoardContent(&$oModule) {
-	}
-*/
-
+class boardAPI extends board
+{
 	/**
 	 * @brief notice list
 	 **/
-	function dispBoardNoticeList(&$oModule) {
-		 $oModule->add('notice_list',$this->arrangeContentList(Context::get('notice_list')));
+	public function dispBoardNoticeList($oModule)
+	{
+		$oModule->add('notice_list', $this->_arrangeContentList(Context::get('notice_list'), $oModule->grant));
 	}
 
-
 	/**
 	 * @brief content list
 	 **/
-	function dispBoardContentList(&$oModule) {
+	public function dispBoardContentList($oModule)
+	{
 		$api_type = Context::get('api_type');
-		$document_list = $this->arrangeContentList(Context::get('document_list'));
+		$document_list = $this->_arrangeContentList(Context::get('document_list'), $oModule->grant);
 
-		if($api_type =='summary')
+		if($api_type === 'summary')
 		{
 			$content_cut_size = Context::get('content_cut_size');
-			$content_cut_size = $content_cut_size?$content_cut_size:50;
-			foreach($document_list as $k=>$v)
+			$content_cut_size = $content_cut_size ?: 50;
+			foreach($document_list as $k => $v)
 			{
 				$oDocument = new documentItem();
 				$oDocument->setAttribute($v, false);
@@ -42,40 +38,41 @@ class boardAPI extends board {
 			}
 		}
 
-		$oModule->add('document_list',$document_list);
-		$oModule->add('page_navigation',Context::get('page_navigation'));
+		$oModule->add('document_list' ,$document_list);
+		$oModule->add('page_navigation', Context::get('page_navigation'));
 	}
 
-
 	/**
 	 * @brief category list
 	 **/
-	function dispBoardCategoryList(&$oModule) {
-		$oModule->add('category_list',Context::get('category_list'));
+	public function dispBoardCategoryList($oModule)
+	{
+		$oModule->add('category_list', Context::get('category_list'));
 	}
 
 	/**
 	 * @brief board content view
 	 **/
-	function dispBoardContentView(&$oModule) {
+	public function dispBoardContentView($oModule)
+	{
 		$oDocument = Context::get('oDocument');
-		$extra_vars = $oDocument->getExtraVars();
 		if($oDocument->isGranted())
 		{
-			$oDocument->add('extra_vars',$this->arrangeExtraVars($extra_vars));
+			$extra_vars = $oDocument->getExtraVars() ?: [];
+			$oDocument->add('extra_vars', $this->_arrangeExtraVars($extra_vars));
 		}
-		$oModule->add('oDocument',$this->arrangeContent($oDocument));
+		$oModule->add('oDocument', $this->_arrangeContent($oDocument, $oModule->grant));
 	}
 
-
 	/**
 	 * @brief contents file list
 	 **/
-	function dispBoardContentFileList(&$oModule) {
+	public function dispBoardContentFileList($oModule)
+	{
 		$oDocument = Context::get('oDocument');
 		if($oDocument->isAccessible())
 		{
-			$oModule->add('file_list', $this->arrangeFile(Context::get('file_list')));
+			$oModule->add('file_list', $this->_arrangeFiles(Context::get('file_list') ?: []));
 		}
 		else
 		{
@@ -83,37 +80,59 @@ class boardAPI extends board {
 		}
 	}
 
-
 	/**
 	 * @brief tag list
 	 **/
-	function dispBoardTagList(&$oModule) {
-		$oModule->add('tag_list',Context::get('tag_list'));
+	public function dispBoardTagList($oModule)
+	{
+		$oModule->add('tag_list', Context::get('tag_list') ?: []);
 	}
 
 	/**
 	 * @brief comments list
 	 **/
-	function dispBoardContentCommentList(&$oModule) {
-		$oModule->add('comment_list',$this->arrangeComment(Context::get('comment_list')));
+	public function dispBoardContentCommentList($oModule)
+	{
+		$comment_list = Context::get('comment_list');
+		if (!is_array($comment_list))
+		{
+			$comment_list = [];
+		}
+		$oModule->add('comment_list', $this->_arrangeComments($comment_list));
 	}
 
-	function arrangeContentList($content_list) {
+	/**
+	 * Apply _arrangeContent to a list of documents.
+	 * 
+	 * @param array $content_list
+	 * @param object $grant
+	 * @return array
+	 */
+	protected function _arrangeContentList($content_list, $grant): array
+	{
 		$output = array();
-		if(count($content_list)) {
-			foreach($content_list as $key => $val) $output[] = $this->arrangeContent($val);
+		foreach($content_list ?: [] as $val)
+		{
+			$output[] = $this->_arrangeContent($val, $grant);
 		}
 		return $output;
 	}
 
-
-	function arrangeContent($content) {
-		$oBoardView = getView('board');
+	/**
+	 * Clean up document info so that only some fields are exposed.
+	 * 
+	 * @param object $content
+	 * @param object $grant
+	 * @return stdClass
+	 */
+	protected function _arrangeContent($content, $grant): stdClass
+	{
 		$output = new stdClass;
-		if($content){
+		if($content)
+		{
 			$output = $content->gets('document_srl','category_srl','member_srl','nick_name','is_notice','lang_code','title','title_bold','title_color','content','tags','readed_count','voted_count','blamed_count','comment_count','uploaded_count','regdate','last_update','extra_vars','status','comment_status','notify_message');
 
-			if(!$oBoardView->grant->view)
+			if(!$grant->view)
 			{
 				unset($output->content);
 				unset($output->tags);
@@ -133,61 +152,80 @@ class boardAPI extends board {
 			$t_height = Context::get('thumbnail_height');
 			$t_type   = Context::get('thumbnail_type');
 
-			if ($t_width && $t_height && $t_type && $content->thumbnailExists($t_width, $t_height, $t_type)) {
+			if ($t_width && $t_height && $t_type && $content->thumbnailExists($t_width, $t_height, $t_type))
+			{
 				$output->thumbnail_src = $content->getThumbnail($t_width, $t_height, $t_type);
 			}
 		}
 		return $output;
 	}
 
-	function arrangeComment($comment_list) {
+	/**
+	 * Clean up comment info so that only some fields are exposed.
+	 * 
+	 * @param array $comment_list
+	 * @return array
+	 */
+	protected function _arrangeComments(array $comment_list): array
+	{
 		$output = array();
-		if(count($comment_list) > 0 ) {
-			foreach($comment_list as $key => $val){
-				$item = null;
-				$item = $val->gets('comment_srl','parent_srl','document_srl','depth','member_srl','nick_name','content','is_secret','voted_count','blamed_count','uploaded_count','regdate','last_update','notify_message');
-				if(!$val->isAccessible())
-				{
-					$item->content = Context::getLang('msg_is_secret');
-					$item->member_srl = 0;
-				}
-				if($item->member_srl < 0)
-				{
-					$item->member_srl = 0;
-				}
-				$output[] = $item;
+		foreach($comment_list ?: [] as $val)
+		{
+			$item = null;
+			$item = $val->gets('comment_srl','parent_srl','document_srl','depth','member_srl','nick_name','content','is_secret','voted_count','blamed_count','uploaded_count','regdate','last_update','notify_message');
+
+			if(!$val->isAccessible())
+			{
+				$item->content = Context::getLang('msg_is_secret');
+				$item->member_srl = 0;
 			}
+			if($item->member_srl < 0)
+			{
+				$item->member_srl = 0;
+			}
+			$output[] = $item;
 		}
 		return $output;
 	}
 
-
-	function arrangeFile($file_list) {
+	/**
+	 * Clean up file info so that only some fields are exposed.
+	 * 
+	 * @param array $file_list
+	 * @return array
+	 */
+	protected function _arrangeFiles(array $file_list): array
+	{
 		$output = array();
-		if(count($file_list) > 0) {
-			foreach($file_list as $key => $val){
-				$item = new stdClass;
-				$item->download_count = $val->download_count;
-				$item->source_filename = $val->source_filename;
-				$item->file_size = $val->file_size;
-				$item->regdate = $val->regdate;
-				$output[] = $item;
-			}
+		foreach ($file_list ?: [] as $val)
+		{
+			$item = new stdClass;
+			$item->download_count = $val->download_count;
+			$item->source_filename = $val->source_filename;
+			$item->file_size = $val->file_size;
+			$item->regdate = $val->regdate;
+			$output[] = $item;
 		}
 		return $output;
 	}
 
-	function arrangeExtraVars($list) {
+	/**
+	 * Clean up extra vars so that only some fields are exposed.
+	 * 
+	 * @param array $extra_var_list
+	 * @return array
+	 */
+	protected function _arrangeExtraVars(array $extra_var_list): array
+	{
 		$output = array();
-		if(count($list)) {
-			foreach($list as $key => $val){
-				$item = new stdClass;
-				$item->name = $val->name;
-				$item->type = $val->type;
-				$item->desc = $val->desc;
-				$item->value = $val->value;
-				$output[] = $item;
-			}
+		foreach ($extra_var_list ?: [] as $val)
+		{
+			$item = new stdClass;
+			$item->name = $val->name;
+			$item->type = $val->type;
+			$item->desc = $val->desc;
+			$item->value = $val->value;
+			$output[] = $item;
 		}
 		return $output;
 	}