From e89aa824d280c13179cbdd68613f6553be9160f1 Mon Sep 17 00:00:00 2001
From: cgfhtw <christopher.gerbrich@technikum-wien.at>
Date: Wed, 6 Mar 2024 11:48:15 +0100
Subject: [PATCH] FHCAPI_Controller extends Auth_Controller + auth error
 handling in FhcApi

---
 application/core/FHCAPI_Controller.php | 109 ++++++++++---------------
 public/js/plugin/FhcApi.js             |  10 +++
 2 files changed, 52 insertions(+), 67 deletions(-)

diff --git a/application/core/FHCAPI_Controller.php b/application/core/FHCAPI_Controller.php
index e59740ded..ebb2f7978 100644
--- a/application/core/FHCAPI_Controller.php
+++ b/application/core/FHCAPI_Controller.php
@@ -5,7 +5,7 @@ if (!defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * Controller using JSON
  */
-class FHCAPI_Controller extends FHC_Controller
+class FHCAPI_Controller extends Auth_Controller
 {
 
 	/**
@@ -19,12 +19,13 @@ class FHCAPI_Controller extends FHC_Controller
 	/**
 	 * Error types
 	 */
-	const ERROR_TYPE_PHP = 'php'; // TODO(chris): php types from severity?
+	const ERROR_TYPE_PHP = 'php';
 	const ERROR_TYPE_EXCEPTION = 'exception';
 	const ERROR_TYPE_GENERAL = 'general';
 	const ERROR_TYPE_404 = '404';
 	const ERROR_TYPE_DB = 'db';
 	const ERROR_TYPE_VALIDATION = 'validation';
+	const ERROR_TYPE_AUTH = 'auth';
 
 	/**
 	 * Return Object
@@ -45,10 +46,6 @@ class FHCAPI_Controller extends FHC_Controller
 		if (is_cli())
 			show_404();
 
-		parent::__construct();
-		
-		$this->config->set_item('error_views_path', VIEWPATH.'errors'.DIRECTORY_SEPARATOR.'json'.DIRECTORY_SEPARATOR);
-
 		global $g_result;
 		$g_result = $this;
 
@@ -74,18 +71,14 @@ class FHCAPI_Controller extends FHC_Controller
 				}
 			}
 
-			#$this->returnObj['test'] = implode('/n', headers_list());
-
 			return json_encode($this->returnObj);
 		});
 
-		// Load libraries
-		$this->load->library('AuthLib');
-		$this->load->library('PermissionLib');
-
-		// Checks if the caller is allowed to access to this content
-		$this->_isAllowed($requiredPermissions);
+		// NOTE(chris): overwrite error_views_path before constructor
+		load_class('Config')->set_item('error_views_path', VIEWPATH.'errors'.DIRECTORY_SEPARATOR.'json'.DIRECTORY_SEPARATOR);
 
+		parent::__construct($requiredPermissions);
+		
 		// For JSON Requests (as opposed to multipart/form-data) get the $_POST variable from the input stream instead
 		if ($this->input->get_request_header('Content-Type', true) == 'application/json')
 			$_POST = json_decode($this->security->xss_clean($this->input->raw_input_stream), true);
@@ -136,15 +129,25 @@ class FHCAPI_Controller extends FHC_Controller
 		$this->returnObj['data'] = $data;
 	}
 
+	/**
+	 * @param string				$key
+	 * @param mixed					$value
+	 * @return void
+	 */
+	public function addMeta($key, $value)
+	{
+		if (!isset($this->returnObj['meta']))
+			$this->returnObj['meta'] = [];
+		$this->returnObj['meta'][$key] = $value;
+	}
+
 	/**
 	 * @param string				$status
 	 * @return void
 	 */
 	public function setStatus($status)
 	{
-		if (!isset($this->returnObj['meta']))
-			$this->returnObj['meta'] = [];
-		$this->returnObj['meta']['status'] = $status;
+		$this->addMeta('status', $status);
 	}
 
 
@@ -152,6 +155,17 @@ class FHCAPI_Controller extends FHC_Controller
 	// Handle Output object - Shortcut functions
 	// ---------------------------------------------------------------
 
+	/**
+	 * @param mixed					$data (optional)
+	 * @return void
+	 */
+	protected function terminateWithSuccess($data = null)
+	{
+		$this->setData($data);
+		$this->setStatus(self::STATUS_SUCCESS);
+		exit;
+	}
+
 	/**
 	 * @param array					$errors
 	 * @return void
@@ -164,17 +178,6 @@ class FHCAPI_Controller extends FHC_Controller
 		exit(EXIT_ERROR);
 	}
 
-	/**
-	 * @param mixed					$data (optional)
-	 * @return void
-	 */
-	protected function terminateWithSuccess($data = null)
-	{
-		$this->setData($data);
-		$this->setStatus(self::STATUS_SUCCESS);
-		exit;
-	}
-
 	/**
 	 * @param array					$error
 	 * @param string				$type (optional)
@@ -193,63 +196,35 @@ class FHCAPI_Controller extends FHC_Controller
 	 * @param string				$errortype
 	 * @return void
 	 */
-	protected function checkForErrors($result, $errortype = self::ERROR_TYPE_GENERAL)
+	protected function getDataOrTerminateWithError($result, $errortype = self::ERROR_TYPE_GENERAL)
 	{
-		// TODO(chris): IMPLEMENT!
 		if (isError($result)) {
 			$this->terminateWithError(getError($result), $errortype);
 		}
 		return $result->retval;
 	}
 
-	// TODO(chris): complete list
-
 
 	// ---------------------------------------------------------------
 	// Security
 	// ---------------------------------------------------------------
 
 	/**
-	 * Checks if the caller is allowed to access to this content with the given permissions
-	 * If it is not allowed will set the HTTP header with code 401
-	 * Wrapper for permissionlib->isEntitled
+	 * Outputs an error message and sets the HTTP Header.
+	 * This overwrites the default behaviour to output a json object.
 	 *
 	 * @param array					$requiredPermissions
 	 * @return void
 	 */
-	protected function _isAllowed($requiredPermissions)
+	protected function _outputAuthError($requiredPermissions)
 	{
-		// Checks if this user is entitled to access to this content
-		if (!$this->permissionlib->isEntitled($requiredPermissions, $this->router->method))
-		{
-			$this->output->set_status_header(isLogged() ? REST_Controller::HTTP_FORBIDDEN : REST_Controller::HTTP_UNAUTHORIZED);
+		$this->output->set_status_header(isLogged() ? REST_Controller::HTTP_FORBIDDEN : REST_Controller::HTTP_UNAUTHORIZED);
 
-			$this->addError([
-				'message' => 'You are not allowed to access to this content',
-				'controller' => $this->router->class,
-				'method' => $this->router->method,
-				'required_permissions' => $this->_rpsToString($requiredPermissions, $this->router->method)
-			]);
-			exit; // immediately terminate the execution
-		}
-	}
-
-	/**
-	 * Converts an array of permissions to a string that contains them as a comma separated list
-	 * Ex: "<permission 1>, <permission 2>, <permission 3>"
-	 *
-	 * @param array					$requiredPermissions
-	 * @param string				$method
-	 * @return void
-	 */
-	protected function _rpsToString($requiredPermissions, $method)
-	{
-		if (!isset($requiredPermissions[$method]))
-			return '';
-
-		if (!is_array($requiredPermissions[$method]))
-			return $requiredPermissions[$method];
-
-		return implode(', ', $requiredPermissions[$method]);
+		$this->addError([
+			'message' => 'You are not allowed to access to this content',
+			'controller' => $this->router->class,
+			'method' => $this->router->method,
+			'required_permissions' => $this->_rpsToString($requiredPermissions, $this->router->method)
+		], self::ERROR_TYPE_AUTH);
 	}
 }
diff --git a/public/js/plugin/FhcApi.js b/public/js/plugin/FhcApi.js
index bacd27d43..8d5c6a38f 100644
--- a/public/js/plugin/FhcApi.js
+++ b/public/js/plugin/FhcApi.js
@@ -250,6 +250,16 @@ export default {
 						message += 'Line Number: ' + error.line + '\n';
 
 					$fhcAlert.alertSystemError(message);
+				},
+				auth(error) {
+					const $fhcAlert = app.config.globalProperties.$fhcAlert;
+
+
+					var message = '';
+					message += 'Controller name: ' + error.controller + '\n';
+					message += 'Method name: ' + error.method + '\n';
+					message += 'Required permissions: ' + error.required_permissions
+					$fhcAlert.alertDefault('error', error.message, message);
 				}
 			}
 		};