Merge pull request #1933 from splitbrain/actionrefactor

Action Dispatch Refactoring

_test/tests/inc/Action/general.test.php

+<?php
+
+use dokuwiki\Action\AbstractAclAction;
+use dokuwiki\Action\AbstractUserAction;
+use dokuwiki\Action\Exception\ActionAclRequiredException;
+use dokuwiki\Action\Exception\ActionDisabledException;
+use dokuwiki\Action\Exception\ActionUserRequiredException;
+
+class action_general extends DokuWikiTest {
+
+    public function dataProvider() {
+        return array(
+            array('Login', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Logout', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Search', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Recent', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Profile', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('ProfileDelete', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Index', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Sitemap', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Denied', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Register', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Resendpwd', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Backlink', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+
+            array('Revert', AUTH_ADMIN, array('exists' => true, 'ismanager' => false)),
+            array('Revert', AUTH_EDIT, array('exists' => true, 'ismanager' => true)),
+
+            array('Admin', AUTH_ADMIN, array('exists' => true, 'ismanager' => false)),
+            array('Admin', AUTH_READ, array('exists' => true, 'ismanager' => true)), // let in, check later again
+
+            array('Check', AUTH_READ, array('exists' => true, 'ismanager' => false)), // sensible?
+            array('Diff', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Show', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Subscribe', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Locked', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Source', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Export', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Media', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Revisions', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+
+            array('Draftdel', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
+
+            // aliases
+            array('Cancel', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+            array('Recover', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
+
+            // EDITING existing page
+            array('Save', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
+            array('Conflict', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
+            array('Draft', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
+            //the edit function will check again and do a source show
+            //when no AUTH_EDIT available:
+            array('Edit', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+            array('Preview', AUTH_READ, array('exists' => true, 'ismanager' => false)),
+
+            // EDITING new page
+            array('Save', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
+            array('Conflict', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
+            array('Draft', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
+            array('Edit', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
+            array('Preview', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
+        );
+    }
+
+    /**
+     * @dataProvider dataProvider
+     * @param $name
+     * @param $expected
+     * @param $info
+     */
+    public function testMinimumPermissions($name, $expected, $info) {
+        global $INFO;
+        $INFO = $info;
+
+        $classname = 'dokuwiki\\Action\\' . $name;
+        /** @var \dokuwiki\Action\AbstractAction $class */
+        $class = new $classname();
+
+        $this->assertSame($expected, $class->minimumPermission());
+    }
+
+    /**
+     * All actions should handle the disableactions setting
+     *
+     * @dataProvider dataProvider
+     * @param $name
+     */
+    public function testBaseClassActionOkPermission($name) {
+        $this->assertTrue(true); // mark as not risky
+        if($name == 'Show') return; // disabling show does not work
+
+        $classname = 'dokuwiki\\Action\\' . $name;
+        /** @var \dokuwiki\Action\AbstractAction $class */
+        $class = new $classname();
+
+        global $conf;
+        $conf['useacl'] = 1;
+        $conf['subscribers'] = 1;
+        $conf['disableactions'] = '';
+        $_SERVER['REMOTE_USER'] = 'someone';
+
+        try {
+            \dokuwiki\ActionRouter::getInstance(true)->checkAction($class);
+        } catch(\Exception $e) {
+            $this->assertNotSame(ActionDisabledException::class, get_class($e));
+        }
+
+        $conf['disableactions'] = $class->getActionName();
+
+        try {
+            \dokuwiki\ActionRouter::getInstance(true)->checkAction($class);
+        } catch(\Exception $e) {
+            $this->assertSame(ActionDisabledException::class, get_class($e), $e);
+        }
+    }
+
+    /**
+     * Actions inheriting from AbstractAclAction should have an ACL enabled check
+     *
+     * @dataProvider dataProvider
+     * @param $name
+     */
+    public function testBaseClassAclPermission($name) {
+        $classname = 'dokuwiki\\Action\\' . $name;
+        /** @var \dokuwiki\Action\AbstractAction $class */
+        $class = new $classname();
+        $this->assertTrue(true); // mark as not risky
+        if(!is_a($class, AbstractAclAction::class)) return;
+
+        global $conf;
+        $conf['useacl'] = 1;
+        $conf['subscribers'] = 1;
+
+        try {
+            $class->checkPermissions();
+        } catch(\Exception $e) {
+            $this->assertNotSame(ActionAclRequiredException::class, get_class($e));
+        }
+
+        $conf['useacl'] = 0;
+
+        try {
+            $class->checkPermissions();
+        } catch(\Exception $e) {
+            $this->assertSame(ActionAclRequiredException::class, get_class($e));
+        }
+    }
+
+    /**
+     * Actions inheriting from AbstractUserAction should have user check
+     *
+     * @dataProvider dataProvider
+     * @param $name
+     */
+    public function testBaseClassUserPermission($name) {
+        $classname = 'dokuwiki\\Action\\' . $name;
+        /** @var \dokuwiki\Action\AbstractAction $class */
+        $class = new $classname();
+        $this->assertTrue(true); // mark as not risky
+        if(!is_a($class, AbstractUserAction::class)) return;
+
+        global $conf;
+        $conf['useacl'] = 1;
+        $conf['subscribers'] = 1;
+        $_SERVER['REMOTE_USER'] = 'test';
+
+        try {
+            $class->checkPermissions();
+        } catch(\Exception $e) {
+            $this->assertNotSame(ActionUserRequiredException::class, get_class($e));
+        }
+
+        unset($_SERVER['REMOTE_USER']);
+
+        try {
+            $class->checkPermissions();
+        } catch(\Exception $e) {
+            $this->assertSame(ActionUserRequiredException::class, get_class($e));
+        }
+    }
+}

inc/Action/AbstractAclAction.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionAclRequiredException;
+
+/**
+ * Class AbstractAclAction
+ *
+ * An action that requires the ACL subsystem to be enabled (eg. useacl=1)
+ *
+ * @package dokuwiki\Action
+ */
+abstract class AbstractAclAction extends AbstractAction {
+
+    /** @inheritdoc */
+    public function checkPermissions() {
+        parent::checkPermissions();
+        global $conf;
+        global $auth;
+        if(!$conf['useacl']) throw new ActionAclRequiredException();
+        if(!$auth) throw new ActionAclRequiredException();
+    }
+
+}

inc/Action/AbstractAction.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionDisabledException;
+use dokuwiki\Action\Exception\ActionException;
+use dokuwiki\Action\Exception\FatalException;
+
+/**
+ * Class AbstractAction
+ *
+ * Base class for all actions
+ *
+ * @package dokuwiki\Action
+ */
+abstract class AbstractAction {
+
+    /** @var string holds the name of the action (lowercase class name, no namespace) */
+    protected $actionname;
+
+    /**
+     * AbstractAction constructor.
+     *
+     * @param string $actionname the name of this action (see getActionName() for caveats)
+     */
+    public function __construct($actionname = '') {
+        if($actionname !== '') {
+            $this->actionname = $actionname;
+        } else {
+            // http://stackoverflow.com/a/27457689/172068
+            $this->actionname = strtolower(substr(strrchr(get_class($this), '\\'), 1));
+        }
+    }
+
+    /**
+     * Return the minimum permission needed
+     *
+     * This needs to return one of the AUTH_* constants. It will be checked against
+     * the current user and page after checkPermissions() ran through. If it fails,
+     * the user will be shown the Denied action.
+     *
+     * @return int
+     */
+    abstract public function minimumPermission();
+
+    /**
+     * Check permissions are correct to run this action
+     *
+     * @throws ActionException
+     * @return void
+     */
+    public function checkPermissions() {
+    }
+
+    /**
+     * Process data
+     *
+     * This runs before any output is sent to the browser.
+     *
+     * Throw an Exception if a different action should be run after this step.
+     *
+     * @throws ActionException
+     * @return void
+     */
+    public function preProcess() {
+    }
+
+    /**
+     * Output whatever content is wanted within tpl_content();
+     *
+     * @fixme we may want to return a Ui class here
+     */
+    public function tplContent() {
+        throw new FatalException('No content for Action ' . $this->actionname);
+    }
+
+    /**
+     * Returns the name of this action
+     *
+     * This is usually the lowercased class name, but may differ for some actions.
+     * eg. the export_ modes or for the Plugin action.
+     *
+     * @return string
+     */
+    public function getActionName() {
+        return $this->actionname;
+    }
+}

inc/Action/AbstractAliasAction.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\FatalException;
+
+/**
+ * Class AbstractAliasAction
+ *
+ * An action that is an alias for another action. Skips the minimumPermission check
+ *
+ * Be sure to implement preProcess() and throw an ActionAbort exception
+ * with the proper action.
+ *
+ * @package dokuwiki\Action
+ */
+abstract class AbstractAliasAction extends AbstractAction {
+
+    /** @inheritdoc */
+    function minimumPermission() {
+        return AUTH_NONE;
+    }
+
+    public function preProcess() {
+        throw new FatalException('Alias Actions need to implement preProcess to load the aliased action');
+    }
+
+}

inc/Action/AbstractUserAction.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionUserRequiredException;
+
+/**
+ * Class AbstractUserAction
+ *
+ * An action that requires a logged in user
+ *
+ * @package dokuwiki\Action
+ */
+abstract class AbstractUserAction extends AbstractAclAction {
+
+    /** @inheritdoc */
+    public function checkPermissions() {
+        parent::checkPermissions();
+        global $INPUT;
+        if(!$INPUT->server->str('REMOTE_USER')) {
+            throw new ActionUserRequiredException();
+        }
+    }
+
+}

inc/Action/Admin.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionException;
+
+/**
+ * Class Admin
+ *
+ * Action to show the admin interface or admin plugins
+ *
+ * @package dokuwiki\Action
+ */
+class Admin extends AbstractUserAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        global $INFO;
+
+        if($INFO['ismanager']) {
+            return AUTH_READ; // let in check later
+        } else {
+            return AUTH_ADMIN;
+        }
+    }
+
+    public function checkPermissions() {
+        parent::checkPermissions();
+
+        global $INFO;
+        if(!$INFO['ismanager']) {
+            throw new ActionException('denied');
+        }
+    }
+
+    public function preProcess() {
+        global $INPUT;
+        global $INFO;
+
+        // retrieve admin plugin name from $_REQUEST['page']
+        if(($page = $INPUT->str('page', '', true)) != '') {
+            /** @var $plugin \DokuWiki_Admin_Plugin */
+            if($plugin = plugin_getRequestAdminPlugin()) { // FIXME this method does also permission checking
+                if($plugin->forAdminOnly() && !$INFO['isadmin']) {
+                    throw new ActionException('denied');
+                }
+                $plugin->handle();
+            }
+        }
+    }
+
+    public function tplContent() {
+        tpl_admin();
+    }
+
+}

inc/Action/Backlink.php

+<?php
+
+namespace dokuwiki\Action;
+
+/**
+ * Class Backlink
+ *
+ * Shows which pages link to the current page
+ *
+ * @package dokuwiki\Action
+ */
+class Backlink extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        return AUTH_NONE;
+    }
+
+    /** @inheritdoc */
+    public function tplContent() {
+        html_backlinks();
+    }
+
+}

inc/Action/Cancel.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionAbort;
+
+/**
+ * Class Cancel
+ *
+ * Alias for show. Aborts editing
+ *
+ * @package dokuwiki\Action
+ */
+class Cancel extends AbstractAliasAction {
+
+    public function preProcess() {
+        // continue with draftdel -> redirect -> show
+        throw new ActionAbort('draftdel');
+    }
+
+}

inc/Action/Check.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionAbort;
+
+/**
+ * Class Check
+ *
+ * Adds some debugging info before aborting to show
+ *
+ * @package dokuwiki\Action
+ */
+class Check extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        return AUTH_READ;
+    }
+
+    public function preProcess() {
+        check();
+        throw new ActionAbort();
+    }
+
+}

inc/Action/Conflict.php

+<?php
+
+namespace dokuwiki\Action;
+
+/**
+ * Class Conflict
+ *
+ * Show the conflict resolution screen
+ *
+ * @package dokuwiki\Action
+ */
+class Conflict extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        global $INFO;
+        if($INFO['exists']) {
+            return AUTH_EDIT;
+        } else {
+            return AUTH_CREATE;
+        }
+    }
+
+    public function tplContent() {
+        global $PRE;
+        global $TEXT;
+        global $SUF;
+        global $SUM;
+
+        html_conflict(con($PRE, $TEXT, $SUF), $SUM);
+        html_diff(con($PRE, $TEXT, $SUF), false);
+    }
+
+}

inc/Action/Denied.php

+<?php
+
+namespace dokuwiki\Action;
+
+/**
+ * Class Denied
+ *
+ * Show the access denied screen
+ *
+ * @package dokuwiki\Action
+ */
+class Denied extends AbstractAclAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        return AUTH_NONE;
+    }
+
+    public function tplContent() {
+        html_denied();
+    }
+
+}

inc/Action/Diff.php

+<?php
+
+namespace dokuwiki\Action;
+
+/**
+ * Class Diff
+ *
+ * Show the differences between two revisions
+ *
+ * @package dokuwiki\Action
+ */
+class Diff extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        return AUTH_READ;
+    }
+
+    /** @inheritdoc */
+    public function preProcess() {
+        global $INPUT;
+
+        // store the selected diff type in cookie
+        $difftype = $INPUT->str('difftype');
+        if(!empty($difftype)) {
+            set_doku_pref('difftype', $difftype);
+        }
+    }
+
+    /** @inheritdoc */
+    public function tplContent() {
+        html_diff();
+    }
+
+}

inc/Action/Draft.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionException;
+
+/**
+ * Class Draft
+ *
+ * Screen to see and recover a draft
+ *
+ * @package dokuwiki\Action
+ * @fixme combine with Recover?
+ */
+class Draft extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        global $INFO;
+        if($INFO['exists']) {
+            return AUTH_EDIT;
+        } else {
+            return AUTH_CREATE;
+        }
+    }
+
+    /** @inheritdoc */
+    public function checkPermissions() {
+        parent::checkPermissions();
+        global $INFO;
+        if(!file_exists($INFO['draft'])) throw new ActionException('edit');
+    }
+
+    /** @inheritdoc */
+    public function tplContent() {
+        html_draft();
+    }
+
+}

inc/Action/Draftdel.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionAbort;
+
+/**
+ * Class Draftdel
+ *
+ * Delete a draft
+ *
+ * @package dokuwiki\Action
+ */
+class Draftdel extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        return AUTH_EDIT;
+    }
+
+    /**
+     * Delete an existing draft if any
+     *
+     * Reads draft information from $INFO. Redirects to show, afterwards.
+     *
+     * @throws ActionAbort
+     */
+    public function preProcess() {
+        global $INFO;
+        @unlink($INFO['draft']);
+        $INFO['draft'] = null;
+
+        throw new ActionAbort('redirect');
+    }
+
+}

inc/Action/Edit.php

+<?php
+
+namespace dokuwiki\Action;
+
+use dokuwiki\Action\Exception\ActionAbort;
+
+/**
+ * Class Edit
+ *
+ * Handle editing
+ *
+ * @package dokuwiki\Action
+ */
+class Edit extends AbstractAction {
+
+    /** @inheritdoc */
+    public function minimumPermission() {
+        global $INFO;
+        if($INFO['exists']) {
+            return AUTH_READ; // we check again below
+        } else {
+            return AUTH_CREATE;
+        }
+    }
+
+    /**
+     * @inheritdoc falls back to 'source' if page not writable
+     */
+    public function checkPermissions() {
+        parent::checkPermissions();
+        global $INFO;
+
+        // no edit permission? view source
+        if($INFO['exists'] && !$INFO['writable']) {
+            throw new ActionAbort('source');
+        }
+    }
+
+    /** @inheritdoc */
+    public function preProcess() {
+        global $ID;
+        global $INFO;
+
+        global $TEXT;
+        global $RANGE;
+        global $PRE;
+        global $SUF;
+        global $REV;
+        global $SUM;
+        global $lang;
+        global $DATE;
+
+        if(!isset($TEXT)) {
+            if($INFO['exists']) {
+                if($RANGE) {
+                    list($PRE, $TEXT, $SUF) = rawWikiSlices($RANGE, $ID, $REV);
+                } else {
+                    $TEXT = rawWiki($ID, $REV);
+                }
+            } else {
+                $TEXT = pageTemplate($ID);
+            }
+        }
+
+        //set summary default
+        if(!$SUM) {
+            if($REV) {
+                $SUM = sprintf($lang['restored'], dformat($REV));
+            } elseif(!$INFO['exists']) {
+                $SUM = $lang['created'];
+            }
+        }
+
+        // Use the date of the newest revision, not of the revision we edit
+        // This is used for conflict detection
+        if(!$DATE) $DATE = @filemtime(wikiFN($ID));
+
+        //check if locked by anyone - if not lock for my self
+        $lockedby = checklock($ID);
+        if($lockedby) {
+            throw new ActionAbort('locked');
+        };
+        lock($ID);
+    }
+
+    /** @inheritdoc */
+    public function tplContent() {
+        html_edit();
+    }
+
+}

inc/Action/Exception/ActionAbort.php

+<?php
+
+namespace dokuwiki\Action\Exception;
+
+/**
+ * Class ActionAbort
+ *
+ * Strictly speaking not an Exception but an expected execution path. Used to
+ * signal when one action is done and another should take over.
+ *
+ * If you want to signal the same but under some error condition use ActionException
+ * or one of it's decendants.
+ *
+ * The message will NOT be shown to the enduser
+ *
+ * @package dokuwiki\Action\Exception
+ */
+class ActionAbort extends ActionException {
+
+}

inc/Action/Exception/ActionAclRequiredException.php

+<?php
+
+namespace dokuwiki\Action\Exception;
+
+/**
+ * Class ActionAclRequiredException
+ *
+ * Thrown by AbstractACLAction when an action requires that the ACL subsystem is
+ * enabled but it isn't. You should not use it
+ *
+ * The message will NOT be shown to the enduser
+ *
+ * @package dokuwiki\Action\Exception
+ */
+class ActionAclRequiredException extends ActionException {
+
+}

inc/Action/Exception/ActionDisabledException.php

+<?php
+
+namespace dokuwiki\Action\Exception;
+
+/**
+ * Class ActionDisabledException
+ *
+ * Thrown when the requested action has been disabled. Eg. through the 'disableactions'
+ * config setting. You should probably not use it.
+ *
+ * The message will NOT be shown to the enduser, but a generic information will be shown.
+ *
+ * @package dokuwiki\Action\Exception
+ */
+class ActionDisabledException extends ActionException {
+
+}

inc/Action/Exception/ActionException.php

+<?php
+
+namespace dokuwiki\Action\Exception;
+
+/**
+ * Class ActionException
+ *
+ * This exception and its subclasses signal that the current action should be
+ * aborted and a different action should be used instead. The new action can
+ * be given as parameter in the constructor. Defaults to 'show'
+ *
+ * The message will NOT be shown to the enduser
+ *
+ * @package dokuwiki\Action\Exception
+ */
+class ActionException extends \Exception {
+
+    /** @var string the new action */
+    protected $newaction;
+
+    /** @var bool should the exception's message be shown to the user? */
+    protected $displayToUser = false;
+
+    /**
+     * ActionException constructor.
+     *
+     * When no new action is given 'show' is assumed. For requests that originated in a POST,
+     * a 'redirect' is used which will cause a redirect to the 'show' action.
+     *
+     * @param string|null $newaction the action that should be used next
+     * @param string $message optional message, will not be shown except for some dub classes
+     */
+    public function __construct($newaction = null, $message = '') {
+        global $INPUT;
+        parent::__construct($message);
+        if(is_null($newaction)) {
+            if(strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post') {
+                $newaction = 'redirect';
+            } else {
+                $newaction = 'show';
+            }
+        }
+
+        $this->newaction = $newaction;
+    }
+
+    /**
+     * Returns the action to use next
+     *
+     * @return string
+     */
+    public function getNewAction() {
+        return $this->newaction;
+    }
+
+    /**
+     * Should this Exception's message be shown to the user?
+     *
+     * @param null|bool $set when null is given, the current setting is not changed
+     * @return bool
+     */
+    public function displayToUser($set = null) {
+        if(!is_null($set)) $this->displayToUser = $set;
+        return $set;
+    }
+}

inc/Action/Exception/ActionUserRequiredException.php

+<?php
+
+namespace dokuwiki\Action\Exception;
+
+/**
+ * Class ActionUserRequiredException
+ *
+ * Thrown by AbstractUserAction when an action requires that a user is logged
+ * in but it isn't. You should not use it.
+ *
+ * The message will NOT be shown to the enduser
+ *
+ * @package dokuwiki\Action\Exception
+ */
+class ActionUserRequiredException extends ActionException {
+
+}