diff --git a/Web/Models/Entities/Traits/TOwnable.php b/Web/Models/Entities/Traits/TOwnable.php index 4c6c9c94..9dc9ce2a 100644 --- a/Web/Models/Entities/Traits/TOwnable.php +++ b/Web/Models/Entities/Traits/TOwnable.php @@ -6,7 +6,7 @@ trait TOwnable { function canBeModifiedBy(User $user): bool { - if(is_callable([$this, "isCreatedBySystem"])) + if(method_exists($this, "isCreatedBySystem")) if($this->isCreatedBySystem()) return false; diff --git a/Web/Presenters/NotesPresenter.php b/Web/Presenters/NotesPresenter.php index 11c2e835..7dba6c65 100644 --- a/Web/Presenters/NotesPresenter.php +++ b/Web/Presenters/NotesPresenter.php @@ -54,6 +54,10 @@ final class NotesPresenter extends OpenVKPresenter $this->notFound(); if($_SERVER["REQUEST_METHOD"] === "POST") { + if(empty($this->postParam("name"))) { + $this->flashFail("err", tr("error"), tr("error_segmentation")); + } + $note = new Note; $note->setOwner($this->user->id); $note->setCreated(time()); @@ -64,4 +68,22 @@ final class NotesPresenter extends OpenVKPresenter $this->redirect("/note" . $this->user->id . "_" . $note->getId()); } } + + function renderDelete(int $owner, int $id): void + { + $this->assertUserLoggedIn(); + $this->willExecuteWriteAction(); + $this->assertNoCSRF(); + + $note = $this->notes->get($id); + if(!$note) $this->notFound(); + if($note->getOwner()->getId() . "_" . $note->getId() !== $owner . "_" . $id || $note->isDeleted()) $this->notFound(); + if(is_null($this->user) || !$note->canBeModifiedBy($this->user->identity)) + $this->flashFail("err", "Ошибка доступа", "Недостаточно прав для модификации данного ресурса."); + + $name = $note->getName(); + $note->delete(); + $this->flash("succ", "Заметка удалена", "Заметка \"$name\" была успешно удалена."); + $this->redirect("/notes" . $this->user->id); + } } diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php index 9e842255..15438bdd 100644 --- a/Web/Presenters/PhotosPresenter.php +++ b/Web/Presenters/PhotosPresenter.php @@ -68,6 +68,9 @@ final class PhotosPresenter extends OpenVKPresenter } if($_SERVER["REQUEST_METHOD"] === "POST") { + if(empty($this->postParam("name"))) { + $this->flashFail("err", tr("error"), tr("error_segmentation")); + } $album = new Album; $album->setOwner(isset($club) ? $club->getId() * -1 : $this->user->id); $album->setName($this->postParam("name")); diff --git a/Web/Presenters/templates/Notes/View.xml b/Web/Presenters/templates/Notes/View.xml index 9d712393..c2da6188 100644 --- a/Web/Presenters/templates/Notes/View.xml +++ b/Web/Presenters/templates/Notes/View.xml @@ -39,11 +39,19 @@