Yisroel Baum
acdf703d80
TextRepository gains findByUser; JsonTextRepository and the fake implement filtering by stored userId. TextController splits the list endpoint into getMyTexts (own) and getAllTexts (admin), and getText now requires the session user, returning 403 to non-owners while admins bypass.
143 lines
3.9 KiB
PHP
143 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace App\Text;
|
|
|
|
use App\User\User;
|
|
use App\Exceptions\BadRequestException;
|
|
use App\Text\TextRepository;
|
|
use App\Text\UseCases\CreateText;
|
|
use App\Text\UseCases\CreateTextRequest;
|
|
use Psr\Http\Message\ResponseInterface as Response;
|
|
use Psr\Http\Message\ServerRequestInterface as Request;
|
|
|
|
class TextController
|
|
{
|
|
public function __construct(
|
|
private TextRepository $textRepository,
|
|
) {}
|
|
|
|
public function getAllTexts(Response $response): Response
|
|
{
|
|
$texts = $this->textRepository->getAll();
|
|
|
|
$data = array_map(function ($text) {
|
|
return [
|
|
'id' => $text->getId(),
|
|
'name' => $text->getName(),
|
|
];
|
|
}, $texts);
|
|
|
|
$response->getBody()->write(json_encode($data));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
|
|
public function getMyTexts(
|
|
Request $request,
|
|
Response $response,
|
|
): Response {
|
|
$user = $request->getAttribute('user');
|
|
if (!$user instanceof User) {
|
|
return $this->errorResponse(
|
|
$response,
|
|
401,
|
|
'unauthenticated'
|
|
);
|
|
}
|
|
|
|
$texts = $this->textRepository->findByUser($user);
|
|
|
|
$data = array_map(function ($text) {
|
|
return [
|
|
'id' => $text->getId(),
|
|
'name' => $text->getName(),
|
|
];
|
|
}, $texts);
|
|
|
|
$response->getBody()->write(json_encode($data));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
|
|
public function getText(
|
|
Request $request,
|
|
Response $response,
|
|
int $textId,
|
|
): Response {
|
|
$user = $request->getAttribute('user');
|
|
if (!$user instanceof User) {
|
|
return $this->errorResponse(
|
|
$response,
|
|
401,
|
|
'unauthenticated'
|
|
);
|
|
}
|
|
|
|
$text = $this->textRepository->find($textId);
|
|
|
|
if ($text === null) {
|
|
return $response->withStatus(404);
|
|
}
|
|
|
|
if (
|
|
$text->getUser()->getId() !== $user->getId()
|
|
&& !$user->isAdmin()
|
|
) {
|
|
return $this->errorResponse(
|
|
$response,
|
|
403,
|
|
'forbidden'
|
|
);
|
|
}
|
|
|
|
$response->getBody()->write(json_encode([
|
|
'id' => $text->getId(),
|
|
'name' => $text->getName(),
|
|
]));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
|
|
public function createText(
|
|
Request $request,
|
|
Response $response,
|
|
CreateText $createTextUseCase,
|
|
): Response {
|
|
$data = $request->getParsedBody();
|
|
$name = $data['name'] ?? null;
|
|
$user = $request->getAttribute('user');
|
|
if (!$user instanceof User) {
|
|
return $this->errorResponse(
|
|
$response,
|
|
401,
|
|
'unauthenticated'
|
|
);
|
|
}
|
|
|
|
try {
|
|
$text = $createTextUseCase->execute(new CreateTextRequest(
|
|
name: $name,
|
|
user: $user,
|
|
));
|
|
} catch (BadRequestException $e) {
|
|
$response->getBody()->write(json_encode(['error' => $e->getMessage()]));
|
|
return $response->withStatus(400)->withHeader('Content-Type', 'application/json');
|
|
}
|
|
|
|
$response->getBody()->write(json_encode([
|
|
'id' => $text->getId(),
|
|
'name' => $text->getName(),
|
|
]));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
|
|
private function errorResponse(
|
|
Response $response,
|
|
int $status,
|
|
string $message,
|
|
): Response {
|
|
$response->getBody()->write(
|
|
json_encode(['error' => $message])
|
|
);
|
|
|
|
return $response->withStatus($status)
|
|
->withHeader('Content-Type', 'application/json');
|
|
}
|
|
}
|