fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Refine default allowed methods

Browse source
This commit is contained in:
Kijin Sung 2020-10-27 21:38:26 +09:00
parent c9cf1a5bc5
commit c920f6dca4
2 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

20
common/framework/parsers/moduleactionparser.php
View file

@ -80,6 +80,7 @@ class ModuleActionParser extends BaseParser
{
// Parse permissions.
$action_name = trim($action['name']);
$action_type = trim($action['type']);
$permission = trim($action['permission']);
$permission_info = (object)['target' => '', 'check_var' => '', 'check_type' => ''];
if ($permission)
@ -93,7 +94,22 @@ class ModuleActionParser extends BaseParser
$route_attr = trim($action['route']);
$route_tags = $action->route ?: [];
$method_attr = trim($action['method']);
$methods = $method_attr ? explode('|', strtoupper($method_attr)) : (starts_with('proc', $action_name) ? ['POST'] : ['GET', 'POST']);
if ($method_attr)
{
$methods = explode('|', strtoupper($method_attr));
}
elseif ($action_type === 'controller' || starts_with('proc', $action_name))
{
$methods = ['POST'];
}
elseif ($action_type === 'view' || starts_with('disp', $action_name))
{
$methods = ['GET'];
}
else
{
$methods = ['GET', 'POST'];
}
$route_arg = [];
if ($route_attr || count($route_tags))
{
@ -117,7 +133,7 @@ class ModuleActionParser extends BaseParser
// Parse other information about this action.
$action_info = new \stdClass;
$action_info->type = trim($action['type']);
$action_info->type = $action_type;
$action_info->grant = trim($action['grant']) ?: 'guest';
$action_info->permission = $permission_info;
$action_info->ruleset = trim($action['ruleset']);

2
tests/_data/module/module.xml
View file

@ -12,7 +12,7 @@
<route route="$document_srl:int/comment/$comment_srl:int" priority="70" />
<route route="$document_srl:int/tag/$tag:word" priority="50" />
</action>
<action name="dispTestWrite" type="view" permission="view" standalone="false" meta-noindex="true" route="write" global_route="true" />
<action name="dispTestWrite" type="view" permission="view" method="GET" standalone="false" meta-noindex="true" route="write" global_route="true" />
<action name="procTestSubmitData" type="controller" standalone="false" check-csrf="false" ruleset="submitData" />
<action name="dispTestAdminIndex" type="view" admin_index="true" menu_name="test" menu_index="true" />
<action name="procTestAdminSubmitData" type="controller" permission="manager" check_var="module_srl" check_type="thisisatest" method="GET|POST" />