-
Notifications
You must be signed in to change notification settings - Fork 985
Commit
Dev: using Throw error for invalid id
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,15 +29,17 @@ public function getNotificationAsJSON($notId) | |
{ | ||
$this->checkPermission(); | ||
|
||
if((string)(int)$notId!==(string)$notId) { | ||
throw new CHttpException(403,gT("Invalid notification id")); | ||
} | ||
$not = Notification::model()->findByPk($notId); | ||
|
||
if ($not) | ||
{ | ||
if ($not) { | ||
header('Content-type: application/json'); | ||
echo json_encode(array('result' => $not->getAttributes())); | ||
} | ||
else | ||
{ | ||
echo json_encode(array('error' => 'Found no notification with id ' . $notId)); | ||
} else { | ||
throw new CHttpException(404,printf(gT("Notification %s not found"),$notId)); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Shnoulle
Author
Collaborator
|
||
//echo json_encode(array('error' => 'Found no notification with id ' . $notId)); | ||
} | ||
} | ||
|
||
|
@@ -50,15 +52,19 @@ public function getNotificationAsJSON($notId) | |
public function notificationRead($notId) | ||
{ | ||
$this->checkPermission(); | ||
|
||
if((string)(int)$notId!==(string)$notId) { | ||
throw new CHttpException(403,gT("Invalid notification id")); | ||
} | ||
try | ||
{ | ||
$not = Notification::model()->findByPk($notId); | ||
$result = $not->markAsRead(); | ||
header('Content-type: application/json'); | ||
echo json_encode(array('result' => $result)); | ||
} | ||
catch (Exception $ex) | ||
{ | ||
header('Content-type: application/json'); | ||
echo json_encode(array('error' => $ex->getMessage())); | ||
} | ||
|
||
|
@@ -85,13 +91,14 @@ public function actionGetMenuWidget($surveyId = null, $showLoader = false) | |
public function clearAllNotifications($surveyId = null) | ||
{ | ||
Notification::model()->deleteAll( | ||
'entity = \'user\' AND entity_id = ' . Yii::app()->user->id | ||
'entity = :entity AND entity_id = :entity_id' , | ||
array(":entity"=>'user',":entity_id"=>Yii::app()->user->id) | ||
); | ||
|
||
if (is_int($surveyId)) | ||
{ | ||
if (is_int($surveyId)) { | ||
Notification::model()->deleteAll( | ||
'entity = \'survey\' AND entity_id = ' . $surveyId | ||
'entity = :entity AND entity_id = :entity_id', | ||
array(":entity"=>'survey',":entity_id"=>$surveyId) | ||
); | ||
} | ||
} | ||
|
@@ -103,9 +110,8 @@ public function clearAllNotifications($surveyId = null) | |
protected function checkPermission() | ||
{ | ||
// Abort if user is not logged in | ||
if(Yii::app()->user->isGuest) | ||
{ | ||
die('No permission'); | ||
if(Yii::app()->user->isGuest) { | ||
throw new CHttpException(401); | ||
} | ||
} | ||
|
||
|
@@ -128,10 +134,13 @@ public static function getMenuWidget($surveyId = null, $showLoader = false) | |
$data = array(); | ||
$data['surveyId'] = $surveyId; | ||
$data['showLoader'] = $showLoader; | ||
$data['clearAllNotificationsUrl'] = Yii::app()->createUrl('admin/notification', array( | ||
$params=array( | ||
'sa' => 'clearAllNotifications', | ||
'surveyId' => $surveyId | ||
)); | ||
); | ||
if($surveyId) { | ||
$params['surveyId'] = $surveyId; | ||
} | ||
$data['clearAllNotificationsUrl'] = Yii::app()->createUrl('admin/notification', $params); | ||
$data['updateUrl'] = Notification::getUpdateUrl($surveyId); | ||
$data['nrOfNewNotifications'] = Notification::countNewNotifications($surveyId); | ||
$data['nrOfNotifications'] = Notification::countNotifications($surveyId); | ||
|
Why not cast
$notId
to integer instead?