From 09b7c93821430effc5d1674d0df2a98cf08b400c Mon Sep 17 00:00:00 2001 From: "anthony.richard" Date: Mon, 13 Nov 2023 14:10:08 +0100 Subject: [PATCH] ajout validation dans admin controller --- Project/php/controller/AdminController.php | 121 ++++++++++++--------- 1 file changed, 70 insertions(+), 51 deletions(-) diff --git a/Project/php/controller/AdminController.php b/Project/php/controller/AdminController.php index d61df18..0b12251 100755 --- a/Project/php/controller/AdminController.php +++ b/Project/php/controller/AdminController.php @@ -2,6 +2,7 @@ namespace controller; +use config\Validation; use model\MdlAdmin; use Exception; @@ -12,7 +13,7 @@ class AdminController global $twig; try { - $action = $_REQUEST['action'] ?? null; + $action = Validation::val_action($_REQUEST['action']); switch($action) { case 'showAllUsers': @@ -76,102 +77,120 @@ class AdminController exit(0); } - /*public function Reinit() - { - global $twig; - - $dVue = [ - 'nom' => '', - 'age' => 0, - ]; - echo $twig->render('vuephp1.html', [ - 'dVue' => $dVue - ]); - }*/ - public function showAllUsers(): void { global $twig; $model = new MdlAdmin(); - $users = $model->showAllUsers(); + $users = $model->getAllUsers(); echo $twig->render('usersView.html', ['users' => $users]); } public function showAllAdmins(): void { global $twig; $model = new MdlAdmin(); - $users = $model->showAllAdmins(); + $users = $model->getAllAdmins(); echo $twig->render('usersView.html', ['users' => $users]); } public function showAllTeachers(): void { global $twig; $model = new MdlAdmin(); - $users = $model->showAllTeachers(); + $users = $model->getAllTeachers(); echo $twig->render('usersView.html', ['users' => $users]); } public function showAllStudents(): void { global $twig; $model = new MdlAdmin(); - $users = $model->showAllStudents(); + $users = $model->getAllStudents(); echo $twig->render('usersView.html', ['users' => $users]); } public function removeUser(): void { - $id = $_GET['id']; - $model = new MdlAdmin(); - $model->removeUser($id); - $this->showAllUsers(); + try { + $id = Validation::filter_int($_GET['id']); + $model = new MdlAdmin(); + $model->removeUser($id); + $this->showAllUsers(); + } + catch (Exception $e) { + throw new Exception("invalid user ID"); + } } public function showAllGroups(): void { global $twig; $model = new MdlAdmin(); - $groups = $model->showAllGroups(); + $groups = $model->getAllGroups(); $unassignedUsers = $model->getUnassignedUsers(); echo $twig->render('manageGroupView.html', ['groups' => $groups, 'unassignedUsers' => $unassignedUsers]); } public function showGroupDetails(): void { - global $twig; - $model = new MdlAdmin(); - $id = $_GET['selectedGroup']; - $groups = $model->showAllGroups(); - $users = $model->getUsersOfGroup($id); - $unassignedUsers = $model->getUnassignedUsers(); - echo $twig->render('manageGroupView.html', ['groups' => $groups, 'selectedGroup' => $id, 'users' => $users, 'unassignedUsers' => $unassignedUsers]); + try { + global $twig; + $selectedGroup = Validation::filter_int($_GET['selectedGroup'] ?? null); + $model = new MdlAdmin(); + $groups = $model->getAllGroups(); + $users = $model->getUsersOfGroup($selectedGroup); + $unassignedUsers = $model->getUnassignedUsers(); + echo $twig->render('manageGroupView.html', ['groups' => $groups, 'selectedGroup' => $selectedGroup, 'users' => $users, 'unassignedUsers' => $unassignedUsers]); + } + catch (Exception $e) { + throw new Exception("invalid group ID"); + } } public function removeUserFromGroup(): void { - $model = new MdlAdmin(); - $id = $_GET['id']; - $model->removeUserFromGroup($id); - $this->showGroupDetails(); + try { + $id = Validation::filter_int($_GET['id']); + $model = new MdlAdmin(); + $model->removeUserFromGroup($id); + $this->showGroupDetails(); + } + catch (Exception $e) { + throw new Exception("invalid group ID"); + } } public function removeGroup(): void { - $model = new MdlAdmin(); - $id = $_GET['selectedGroup']; - $model->removeGroup($id); - $this->showAllGroups(); + try { + $selectedGroup = Validation::filter_int($_GET['selectedGroup']); + $model = new MdlAdmin(); + $model->removeGroup($selectedGroup); + $this->showAllGroups(); + } + catch (Exception $e) { + throw new Exception("invalid group ID"); + } } public function addGroup(): void { - $model = new MdlAdmin(); - $num = $_GET['num']; - $year = $_GET['year']; - $sector = $_GET['sector']; - $groupID = $model->addGroup($num, $year, $sector); - $_GET['selectedGroup'] = $groupID; - $this->showGroupDetails(); + try { + $num = Validation::filter_int($_GET['num']); + $year = Validation::filter_int($_GET['year']); + $sector = Validation::filter_str_simple($_GET['sector']); + + $model = new MdlAdmin(); + $groupID = $model->addGroup($num, $year, $sector); + $_GET['selectedGroup'] = $groupID; + $this->showGroupDetails(); + } + catch (Exception $e) { + throw new Exception("invalid form"); + } } public function addUserToGroup(): void { - $model = new MdlAdmin(); - $user = $_GET['userID']; - $group = $_GET['groupID']; - $model->addUserToGroup($user, $group); - $_GET['selectedGroup'] = $group; - $this->showGroupDetails(); + try { + $user = Validation::filter_int($_GET['userID']); + $group = Validation::filter_int($_GET['groupID']); + $model = new MdlAdmin(); + $model->addUserToGroup($user, $group); + $_GET['selectedGroup'] = $group; + $this->showGroupDetails(); + } + catch (Exception $e) { + throw new Exception("invalid IDs"); + } } }