Source of file FrontendWorkflowForm.php
Size: 6,112 Bytes - Last Modified: 2021-12-23T10:27:27+00:00
/var/www/docs.ssmods.com/process/src/src/Forms/FrontendWorkflowForm.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 | <?php namespace Symbiote\AdvancedWorkflow\Forms; use SilverStripe\Forms\Form; use FormResponse; use SilverStripe\Control\Director; use SilverStripe\Control\HTTPResponse; use SilverStripe\Core\Convert; class FrontendWorkflowForm extends Form { public function httpSubmission($request) { $vars = $request->requestVars(); if (isset($funcName)) { Form::setFormAction($funcName); } // Populate the form $this->loadDataFrom($vars, true); // Protection against CSRF attacks $token = $this->getSecurityToken(); if (!$token->checkRequest($request)) { $this->httpError(400, _t( 'AdvancedWorkflowFrontendForm.SECURITYTOKENCHECK', "Security token doesn't match, possible CSRF attack." )); } // Determine the action button clicked $funcName = null; foreach ($vars as $paramName => $paramVal) { if (substr($paramName, 0, 7) == 'action_') { // Added for frontend workflow form - get / set transitionID on controller, // unset action and replace with doFrontEndAction action if (substr($paramName, 0, 18) == 'action_transition_') { $this->controller->transitionID = substr($paramName, strrpos($paramName, '_') +1); unset($vars['action_transition_' . $this->controller->transitionID]); $vars['action_doFrontEndAction'] = 'doFrontEndAction'; $paramName = 'action_doFrontEndAction'; $paramVal = 'doFrontEndAction'; } // Break off querystring arguments included in the action if (strpos($paramName, '?') !== false) { list($paramName, $paramVars) = explode('?', $paramName, 2); $newRequestParams = array(); parse_str($paramVars, $newRequestParams); $vars = array_merge((array)$vars, (array)$newRequestParams); } // Cleanup action_, _x and _y from image fields $funcName = preg_replace(array('/^action_/','/_x$|_y$/'), '', $paramName); break; } } // If the action wasnt' set, choose the default on the form. if (!isset($funcName) && $defaultAction = $this->defaultAction()) { $funcName = $defaultAction->actionName(); } if (isset($funcName)) { $this->setButtonClicked($funcName); } // Permission checks (first on controller, then falling back to form) if (// Ensure that the action is actually a button or method on the form, // and not just a method on the controller. $this->controller->hasMethod($funcName) && !$this->controller->checkAccessAction($funcName) // If a button exists, allow it on the controller && !$this->Actions()->fieldByName('action_' . $funcName) ) { return $this->httpError( 403, sprintf( _t( 'AdvancedWorkflowFrontendForm.ACTIONCONTROLLERCHECK', 'Action "%s" not allowed on controller (Class: %s)' ), $funcName, get_class($this->controller) ) ); } elseif ($this->hasMethod($funcName) && !$this->checkAccessAction($funcName) // No checks for button existence or $allowed_actions is performed - // all form methods are callable (e.g. the legacy "callfieldmethod()") ) { return $this->httpError( 403, sprintf(_t( 'AdvancedWorkflowFrontendForm.ACTIONFORMCHECK', 'Action "%s" not allowed on form (Name: "%s")' ), $funcName, $this->Name()) ); } if ($wfTransition = $this->controller->getCurrentTransition()) { $wfTransType = $wfTransition->Type; } else { $wfTransType = null; //ie. when a custom Form Action is defined in WorkflowAction } // Validate the form if (!$this->validate() && $wfTransType == 'Active') { if (Director::is_ajax()) { $acceptType = $request->getHeader('Accept'); if (strpos($acceptType, 'application/json') !== false) { // Send validation errors back as JSON with a flag at the start $response = new HTTPResponse(json_encode($this->validator->getErrors())); $response->addHeader('Content-Type', 'application/json'); } else { $this->setupFormErrors(); // Send the newly rendered form tag as HTML $response = new HTTPResponse($this->forTemplate()); $response->addHeader('Content-Type', 'text/html'); } return $response; } if ($this->getRedirectToFormOnValidationError()) { if ($pageURL = $request->getHeader('Referer')) { if (Director::is_site_url($pageURL)) { // Remove existing pragmas $pageURL = preg_replace('/(#.*)/', '', $pageURL); return Director::redirect($pageURL . '#' . $this->FormName()); } } } return $this->controller->redirectBack(); } // First, try a handler method on the controller (has been checked for allowed_actions above already) if ($this->controller->hasMethod($funcName)) { return $this->controller->$funcName($vars, $this, $request); // Otherwise, try a handler method on the form object. } elseif ($this->hasMethod($funcName)) { return $this->$funcName($vars, $this, $request); } return $this->httpError(404); } } |