EditDataAction.class.php 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940
  1. <?php
  2. class EditDataAction implements IAction {
  3. public function execute() {
  4. if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
  5. return array("error" => "Access not authorized");
  6. }
  7. $projectId = $_POST['project_id'] ?? $_GET['project_id'] ?? "";
  8. $bucket = $_POST['bucket'] ?? $_GET['bucket'] ?? "";
  9. $folder = $_POST['folder'] ?? $_GET['folder'] ?? "";
  10. $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
  11. //TODO: scrub inputs
  12. if(empty($projectId) || empty($bucket) || empty($folder) || empty($displayName)) {
  13. return array("error" => "One or more required fields missing: project_id, bucket, folder, display_name");
  14. }
  15. $db = SqliteDatabase::getSingleton();
  16. $sql = "UPDATE projects SET bucket = :bucket, folder = :folder, display_name = :display_name WHERE rowid = :project_id";
  17. $preparedQuery = $db->prepare($sql);
  18. $preparedQuery->bindValue(':bucket', $bucket);
  19. $preparedQuery->bindValue(':folder', $folder);
  20. $preparedQuery->bindValue(':display_name', $displayName);
  21. $preparedQuery->bindValue(':project_id', $projectId);
  22. try {
  23. $result = $preparedQuery->execute();
  24. $loggerData = array();
  25. $loggerData['display_name'] = $_SESSION['display_name'];
  26. $loggerData['user_id'] = $_SESSION['user_id'];
  27. $loggerData['project_id'] = $projectId;
  28. $loggerData['project_display_name'] = $displayName;
  29. SecurityLogger::action("edit-project", $loggerData, time());
  30. return array("status" => "success", "message" => "Updated project '" . $displayName . "' (".$projectId.").");
  31. }
  32. catch(Exception $e) {
  33. return array("error" => "Error when updating project '" . $displayName. "' (".$projectId."): invalid fields?" , "exception" => $e->getMessage());
  34. }
  35. }
  36. }