Replace "operator/canned.php" with a controller

src/mibew/libs/classes/Mibew/Controller/CannedMessageController.php

@@ -0,0 +1,139 @@
+<?php
+/*
+ * Copyright 2005-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Mibew\Controller;
+
+use Mibew\Database;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Contains all actions which are related with canned messages.
+ */
+class CannedMessageController extends AbstractController
+{
+    /**
+     * Generate content for "canned_message" route.
+     *
+     * @param Request $request
+     * @return string Rendered page content
+     */
+    public function indexAction(Request $request)
+    {
+        set_csrf_token();
+
+        $operator = $request->attributes->get('_operator');
+        $page = array(
+            'errors' => array(),
+        );
+
+        // Get selected locale, if any.
+        $all_locales = get_available_locales();
+        $locales_with_label = array();
+        foreach ($all_locales as $id) {
+            $locales_with_label[] = array(
+                'id' => $id,
+                'name' => getlocal_($id, 'names')
+            );
+        }
+        $page['locales'] = $locales_with_label;
+
+        $lang = $request->query->get('lang');
+        $correct_locale = $lang
+            && preg_match("/^[\w-]{2,5}$/", $lang)
+            && in_array($lang, $all_locales);
+        if (!$correct_locale) {
+            $lang = in_array(CURRENT_LOCALE, $all_locales)
+                ? CURRENT_LOCALE
+                : $all_locales[0];
+        }
+
+        // Get selected group ID, if any.
+        $group_id = $request->query->get('group');
+        if ($group_id && preg_match("/^\d{0,8}$/", $group_id)) {
+            $group = group_by_id($group_id);
+            if (!$group) {
+                $page['errors'][] = getlocal('page.group.no_such');
+                $group_id = false;
+            }
+        } else {
+            $group_id = false;
+        }
+
+        $all_groups = in_isolation($operator)
+            ? get_all_groups_for_operator($operator)
+            : get_all_groups();
+        $page['groups'] = array();
+        $page['groups'][] = array(
+            'groupid' => '',
+            'vclocalname' => getlocal('page.gen_button.default_group'),
+            'level' => 0,
+        );
+        foreach ($all_groups as $g) {
+            $page['groups'][] = $g;
+        }
+
+        // Get messages and setup pagination
+        $canned_messages = load_canned_messages($lang, $group_id);
+        foreach ($canned_messages as &$message) {
+            $message['vctitle'] = $message['vctitle'];
+            $message['vcvalue'] = $message['vcvalue'];
+        }
+        unset($message);
+
+        $pagination = setup_pagination($canned_messages);
+        $page['pagination'] = $pagination['info'];
+        $page['pagination.items'] = $pagination['items'];
+
+        // Buil form values
+        $page['formlang'] = $lang;
+        $page['formgroup'] = $group_id;
+
+        // Set other needed page values and render the response
+        $page['title'] = getlocal('canned.title');
+        $page['menuid'] = 'canned';
+        $page = array_merge($page, prepare_menu($operator));
+
+        return $this->render('canned_message', $page);
+    }
+
+    /**
+     * Generate content for "canned_message_delete" route.
+     *
+     * @param Request $request
+     * @return string Rendered page content
+     */
+    public function deleteAction(Request $request)
+    {
+        // Check for CSRF attack
+        csrf_check_token($request);
+
+        // Remove message from the database.
+        $db = Database::getInstance();
+
+        $key = (int)$request->attributes->get('message_id');
+        $db->query("DELETE FROM {chatresponses} WHERE id = ?", array($key));
+
+        // Redirect user to canned messages list. Use only "lang" and "group"
+        // get params for the target URL.
+        $parameters = array_intersect_key(
+            $request->query->all(),
+            array_flip(array('lang', 'group'))
+        );
+
+        return $this->redirect($this->generateUrl('canned_message', $parameters));
+    }
+}

src/mibew/libs/routing.yml

@@ -12,6 +12,20 @@ widget_gateway:
     defaults: { _controller: Mibew\Controller\WidgetController::indexAction }
 
 # Operators' pages
+canned_message:
+    path: /operator/canned-message
+    defaults:
+        _controller: Mibew\Controller\CannedMessageController::indexAction
+        _access_check: Mibew\AccessControl\Check\LoggedInCheck
+
+canned_message_delete:
+    path: /operator/canned-message/{message_id}/delete
+    defaults:
+        _controller: Mibew\Controller\CannedMessageController::deleteAction
+        _access_check: Mibew\AccessControl\Check\LoggedInCheck
+    requirements:
+        message_id: \d+
+
 history:
     path: /operator/history
     defaults:

src/mibew/operator/canned.php

@@ -1,111 +0,0 @@
-<?php
-/*
- * Copyright 2005-2014 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// Import namespaces and classes of the core
-use Mibew\Database;
-use Mibew\Style\PageStyle;
-
-// Initialize libraries
-require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
-
-$operator = check_login();
-force_password($operator);
-csrf_check_token();
-
-$page = array(
-    'errors' => array(),
-);
-
-# locales
-
-$all_locales = get_available_locales();
-$locales_with_label = array();
-foreach ($all_locales as $id) {
-    $locales_with_label[] = array('id' => $id, 'name' => getlocal_($id, "names"));
-}
-$page['locales'] = $locales_with_label;
-
-$lang = verify_param("lang", "/^[\w-]{2,5}$/", "");
-if (!$lang || !in_array($lang, $all_locales)) {
-    $lang = in_array(CURRENT_LOCALE, $all_locales) ? CURRENT_LOCALE : $all_locales[0];
-}
-
-# groups
-
-$group_id = verify_param("group", "/^\d{0,8}$/", "");
-if ($group_id) {
-    $group = group_by_id($group_id);
-    if (!$group) {
-        $page['errors'][] = getlocal("page.group.no_such");
-        $group_id = "";
-    }
-}
-
-$all_groups = in_isolation($operator) ? get_all_groups_for_operator($operator) : get_all_groups();
-$page['groups'] = array();
-$page['groups'][] = array(
-    'groupid' => '',
-    'vclocalname' => getlocal("page.gen_button.default_group"),
-    'level' => 0,
-);
-foreach ($all_groups as $g) {
-    $page['groups'][] = $g;
-}
-
-# delete
-
-if (isset($_GET['act']) && $_GET['act'] == 'delete') {
-    $key = isset($_GET['key']) ? $_GET['key'] : "";
-
-    if (!preg_match("/^\d+$/", $key)) {
-        $page['errors'][] = "Wrong key";
-    }
-
-    if (count($page['errors']) == 0) {
-        $db = Database::getInstance();
-        $db->query("DELETE FROM {chatresponses} WHERE id = ?", array($key));
-        $redirect_to =  MIBEW_WEB_ROOT . "/operator/canned.php?lang="
-            . urlencode($lang) . "&group=" . intval($group_id);
-        header("Location: " . $redirect_to);
-        exit;
-    }
-}
-
-// Get messages and setup pagination
-
-$canned_messages = load_canned_messages($lang, $group_id);
-foreach ($canned_messages as &$message) {
-    $message['vctitle'] = $message['vctitle'];
-    $message['vcvalue'] = $message['vcvalue'];
-}
-unset($message);
-
-$pagination = setup_pagination($canned_messages);
-$page['pagination'] = $pagination['info'];
-$page['pagination.items'] = $pagination['items'];
-
-# form values
-
-$page['formlang'] = $lang;
-$page['formgroup'] = $group_id;
-$page['title'] = getlocal("canned.title");
-$page['menuid'] = "canned";
-
-$page = array_merge($page, prepare_menu($operator));
-
-$page_style = new PageStyle(PageStyle::getCurrentStyle());
-$page_style->render('canned', $page);

src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars

@@ -26,7 +26,7 @@
         <li>
             <h2>{{l10n "right.administration"}}</h2>
             <ul class="submenu">
-                <li{{#ifEqual menuid "canned"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/canned.php">{{l10n "menu.canned"}}</a></li>
+                <li{{#ifEqual menuid "canned"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/canned-message">{{l10n "menu.canned"}}</a></li>
                 {{#if showadmin}}
                     <li{{#ifEqual menuid "getcode"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/getcode.php">{{l10n "leftMenu.client_gen_button"}}</a></li>
                     <li{{#ifEqual menuid "operators"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/operators.php">{{l10n "leftMenu.client_agents"}}</a></li>

src/mibew/styles/pages/default/templates_src/server_side/canned_message.handlebars

@@ -9,7 +9,7 @@
 
         {{> _errors}}
 
-        <form name="cannedForm" method="get" action="{{mibewRoot}}/operator/canned.php">
+        <form name="cannedForm" method="get" action="{{mibewRoot}}/operator/canned-message">
             <div class="mform">
                 <div class="formtop">
                     <div class="formtopi"></div>
@@ -74,7 +74,7 @@
                         <td>
                             <a href="{{../mibewRoot}}/operator/cannededit.php?key={{id}}" target="_blank"
                                 onclick="this.newWindow = window.open('{{../mibewRoot}}/operator/cannededit.php?key={{id}}', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;">{{l10n "canned.actions.edit"}}</a>,
-                            <a href="{{../mibewRoot}}/operator/canned.php?act=delete&amp;key={{id}}&amp;lang={{../formlang}}&amp;group={{../formgroup}}{{csrfTokenInUrl}}">{{l10n "canned.actions.del"}}</a>
+                            <a href="{{../mibewRoot}}/operator/canned-message/{{id}}/delete?lang={{../formlang}}&amp;group={{../formgroup}}{{csrfTokenInUrl}}">{{l10n "canned.actions.del"}}</a>
                         </td>
                     </tr>
                 {{else}}

src/mibew/styles/pages/default/templates_src/server_side/index.handlebars

@@ -73,7 +73,7 @@
             <div class="dashitem">
                 <div class="dashitem-content">
                     <img src="{{stylePath}}/images/dash/canned.gif" alt=""/>
-                    <a href="{{mibewRoot}}/operator/canned.php">
+                    <a href="{{mibewRoot}}/operator/canned-message">
                         {{l10n "menu.canned"}}
                     </a>
                     {{l10n "canned.descr"}}