AllowedFor wip

dg · dg · commit f41dfbe16565 · 2022-05-17T21:37:04.000+02:00
diff --git a/src/Application/Attributes/AllowedFor.php b/src/Application/Attributes/AllowedFor.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nette\Application\Attributes;
+
+use Attribute;
+
+
+#[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
+class AllowedFor
+{
+	public function __construct(
+		public ?bool $httpGet = null,
+		public ?bool $httpPost = null,
+		public ?bool $forward = null,
+		public ?array $actions = null,
+		public ?bool $crossOrigin = null,
+	) {
+	}
+}
diff --git a/src/Application/UI/Component.php b/src/Application/UI/Component.php
@@ -132,6 +132,13 @@ public function checkRequirements($element): void
 		) {
 			$this->getPresenter()->detectedCsrf();
 		}
+
+		if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {
+			$method = strtolower($this->getPresenter()->getRequest()->getMethod());
+			if (empty($attrs[0]->newInstance()->$method)) {
+				throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");
+			}
+		}
 	}
 
 

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,13 @@ public function checkRequirements($element): void`
`132`	`132`	`) {`
`133`	`133`	`$this->getPresenter()->detectedCsrf();`
`134`	`134`	`}`
	`135`	`+`
	`136`	`+ if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {`
	`137`	`+ $method = strtolower($this->getPresenter()->getRequest()->getMethod());`
	`138`	`+ if (empty($attrs[0]->newInstance()->$method)) {`
	`139`	`+ throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");`
	`140`	`+ }`
	`141`	`+ }`
`135`	`142`	`}`
`136`	`143`
`137`	`144`