Skip to content

Commit

Permalink
Catch CSRF issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@JC5
JC5 committed Oct 23, 2021
1 parent 4d9c4a4 commit c2c8c42
Show file tree
Hide file tree
Showing 6 changed files with 76 additions and 46 deletions.
15 changes: 9 additions & 6 deletions app/Http/Controllers/Rule/CreateController.php
View file
Expand Up @@ -34,6 +34,7 @@
use FireflyIII\Support\Http\Controllers\RuleManagement;
use FireflyIII\Support\Search\SearchInterface;
use Illuminate\Contracts\View\Factory;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
Expand Down Expand Up @@ -237,15 +238,17 @@ public function createFromJournal(Request $request, TransactionJournal $journal)
/**
* @param Rule $rule
*
* @return RedirectResponse
* @return JsonResponse
*/
public function duplicate(Rule $rule): RedirectResponse
public function duplicate(Request $request): JsonResponse
{
$newRule = $this->ruleRepos->duplicate($rule);

session()->flash('success', trans('firefly.duplicated_rule', ['title' => $rule->title, 'newTitle' => $newRule->title]));
$ruleId = (int)$request->get('id');
$rule = $this->ruleRepos->find($ruleId);
if (null !== $rule) {
$this->ruleRepos->duplicate($rule);
}

return redirect(route('rules.index'));
return new JsonResponse(['OK']);
}

/**
Expand Down
56 changes: 26 additions & 30 deletions app/Http/Controllers/RuleGroup/EditController.php
View file
Expand Up @@ -28,6 +28,7 @@
use FireflyIII\Models\RuleGroup;
use FireflyIII\Repositories\RuleGroup\RuleGroupRepositoryInterface;
use Illuminate\Contracts\View\Factory;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
Expand Down Expand Up @@ -62,24 +63,38 @@ function ($request, $next) {
}

/**
* Move a rule group down.
* Move a rule group in either direction.
*
* @param RuleGroup $ruleGroup
* @param Request $request
*
* @return RedirectResponse|Redirector
* @return JsonResponse
*/
public function down(RuleGroup $ruleGroup)
public function moveGroup(Request $request): JsonResponse
{
$maxOrder = $this->repository->maxOrder();
$order = (int)$ruleGroup->order;
if ($order < $maxOrder) {
$newOrder = $order + 1;
$this->repository->setOrder($ruleGroup, $newOrder);
$groupId = (int)$request->get('id');
$ruleGroup= $this->repository->find($groupId);
if(null !== $ruleGroup) {
$direction = $request->get('direction');
if('down' === $direction) {
$maxOrder = $this->repository->maxOrder();
$order = (int)$ruleGroup->order;
if ($order < $maxOrder) {
$newOrder = $order + 1;
$this->repository->setOrder($ruleGroup, $newOrder);
}
}
if('up' === $direction) {
$order = (int)$ruleGroup->order;
if ($order > 1) {
$newOrder = $order - 1;
$this->repository->setOrder($ruleGroup, $newOrder);
}
}
}

return redirect(route('rules.index'));
return new JsonResponse(['OK']);
}


/**
* Edit a rule group.
*
Expand All @@ -106,25 +121,6 @@ public function edit(Request $request, RuleGroup $ruleGroup)
return prefixView('rules.rule-group.edit', compact('ruleGroup', 'subTitle'));
}

/**
* Move the rule group up.
*
* @param RuleGroup $ruleGroup
*
* @return RedirectResponse|Redirector
*
*/
public function up(RuleGroup $ruleGroup)
{
$order = (int)$ruleGroup->order;
if ($order > 1) {
$newOrder = $order - 1;
$this->repository->setOrder($ruleGroup, $newOrder);
}

return redirect(route('rules.index'));
}

/**
* Update the rule group.
*
Expand Down
3 changes: 0 additions & 3 deletions app/Repositories/RuleGroup/RuleGroupRepository.php
View file
Expand Up @@ -329,10 +329,8 @@ public function maxOrder(): int
*/
public function resetOrder(): bool
{
$this->user->ruleGroups()->where('active', false)->update(['order' => 0]);
$set = $this->user
->ruleGroups()
->where('active', true)
->whereNull('deleted_at')
->orderBy('order', 'ASC')
->orderBy('title', 'DESC')
Expand Down Expand Up @@ -363,7 +361,6 @@ public function resetRuleOrder(RuleGroup $ruleGroup): bool
{
$set = $ruleGroup->rules()
->orderBy('order', 'ASC')
->where('active', true)
->orderBy('title', 'DESC')
->orderBy('updated_at', 'DESC')
->get(['rules.*']);
Expand Down
29 changes: 29 additions & 0 deletions public/v1/js/ff/rules/index.js
View file
Expand Up @@ -59,6 +59,32 @@ function readCookie(name) {
return null;
}

function moveRuleGroup(e) {
let box = $(e.currentTarget);
var direction = box.data('direction');
var groupId = box.data('id');

$.post(moveRuleGroupUrl, {_token: token, direction: direction, id: groupId}).then(function () {
location.reload();
}).fail(function() {
alert('I failed :(');
});

return false;
}

function duplicateRule(e) {
let box = $(e.currentTarget);
var ruleId = box.data('id');
$.post(duplicateRuleUrl, {_token: token, id: ruleId}).then(function () {
location.reload();
}).fail(function() {
alert('I failed :(');
});

return false;
}


$(function () {
"use strict";
Expand All @@ -71,6 +97,9 @@ $(function () {
}
);

$('.move-group').click(moveRuleGroup);
$('.duplicate-rule').click(duplicateRule);

$('.rules-box').each(function (i, v) {
var box = $(v);
var groupId = box.data('group');
Expand Down
10 changes: 7 additions & 3 deletions resources/views/v1/rules/index.twig
View file
Expand Up @@ -45,11 +45,11 @@
class="fa fa-fw fa-power-off"></span> {{ trans('firefly.apply_rule_group_selection', {title: ruleGroup.title}) }}
</a></li>
{% if ruleGroup.order > 1 %}
<li><a href="{{ route('rule-groups.up',ruleGroup.id) }}"><span
<li><a href="#" class="move-group" data-direction="up" data-id="{{ ruleGroup.id }}"><span
class="fa fa-fw fa-arrow-up"></span> {{ 'move_rule_group_up'|_ }}</a></li>
{% endif %}
{% if ruleGroup.order < ruleGroups|length %}
<li><a href="{{ route('rule-groups.down',ruleGroup.id) }}"><span
<li><a href="#" class="move-group" data-direction="down" data-id="{{ ruleGroup.id }}"><span
class="fa fa-fw fa-arrow-down"></span> {{ 'move_rule_group_down'|_ }}
</a></li>
{% endif %}
Expand Down Expand Up @@ -105,7 +105,7 @@
{% endif %}

{# duplicate rule #}
<a href="{{ route('rules.duplicate',rule.id) }}" class="btn btn-default" title=" {{ trans('firefly.duplicate_rule', {title: rule.title}) }}"><span class="fa fa-fw fa-copy"></span></a>
<a href="#" class="btn btn-default duplicate-rule" data-id="{{ rule.id }}" title=" {{ trans('firefly.duplicate_rule', {title: rule.title}) }}"><span class="fa fa-fw fa-copy"></span></a>
</div>
</td>
<td class="markdown">
Expand Down Expand Up @@ -195,6 +195,10 @@

{% endblock %}
{% block scripts %}
<script type="text/javascript" nonce="{{ JS_NONCE }}">
var moveRuleGroupUrl = '{{ route('rule-groups.move') }}';
var duplicateRuleUrl = '{{ route('rules.duplicate') }}';
</script>
<script type="text/javascript" src="v1/js/lib/jquery-ui.min.js?v={{ FF_VERSION }}" nonce="{{ JS_NONCE }}"></script>
<script type="text/javascript" src="v1/js/ff/rules/index.js?v={{ FF_VERSION }}" nonce="{{ JS_NONCE }}"></script>
{% endblock %}
9 changes: 5 additions & 4 deletions routes/web.php
View file
Expand Up @@ -917,7 +917,7 @@ static function () {
Route::get('create-from-bill/{bill}', ['uses' => 'Rule\CreateController@createFromBill', 'as' => 'create-from-bill']);
Route::get('create-from-journal/{tj}', ['uses' => 'Rule\CreateController@createFromJournal', 'as' => 'create-from-journal']);
Route::post('store', ['uses' => 'Rule\CreateController@store', 'as' => 'store']);
Route::get('duplicate/{rule}', ['uses' => 'Rule\CreateController@duplicate', 'as' => 'duplicate']);
Route::post('duplicate', ['uses' => 'Rule\CreateController@duplicate', 'as' => 'duplicate']);

// delete controller
Route::get('delete/{rule}', ['uses' => 'Rule\DeleteController@delete', 'as' => 'delete']);
Expand Down Expand Up @@ -949,10 +949,11 @@ static function () {
Route::get('create', ['uses' => 'RuleGroup\CreateController@create', 'as' => 'create']);
Route::get('edit/{ruleGroup}', ['uses' => 'RuleGroup\EditController@edit', 'as' => 'edit']);
Route::get('delete/{ruleGroup}', ['uses' => 'RuleGroup\DeleteController@delete', 'as' => 'delete']);
Route::get('up/{ruleGroup}', ['uses' => 'RuleGroup\EditController@up', 'as' => 'up']);
Route::get('down/{ruleGroup}', ['uses' => 'RuleGroup\EditController@down', 'as' => 'down']);
Route::get('select/{ruleGroup}', ['uses' => 'RuleGroup\ExecutionController@selectTransactions', 'as' => 'select-transactions']);

// new route to move rule groups:
Route::post('move', ['uses' => 'RuleGroup\EditController@moveGroup', 'as' => 'move']);

Route::get('select/{ruleGroup}', ['uses' => 'RuleGroup\ExecutionController@selectTransactions', 'as' => 'select-transactions']);
Route::post('store', ['uses' => 'RuleGroup\CreateController@store', 'as' => 'store']);
Route::post('update/{ruleGroup}', ['uses' => 'RuleGroup\EditController@update', 'as' => 'update']);
Route::post('destroy/{ruleGroup}', ['uses' => 'RuleGroup\DeleteController@destroy', 'as' => 'destroy']);
Expand Down

0 comments on commit c2c8c42

Please sign in to comment.