implemented another listener

Unfortunately Kdyby\Events behavior is not good at all. It's necessary to register presenter or components into container, but it's against generated factories behavior. It's quite a big security hole, because if you forgot to register these classes into container, event will NOT be called... :-(

app/components/PostForm.php

@@ -10,6 +10,7 @@
 class PostForm extends UI\Control {
 
 	public $onSave = [];
+	//public $onBeforeRestrictedFunctionality = [];
 
 	/** @var \App\Posts */
 	private $posts;
@@ -59,6 +60,7 @@ protected function createComponentPostForm() {
 	}
 
 	public function postFormSucceeded($form) {
+		//$this->onBeforeRestrictedFunctionality($this); //FIXME: must be registered in config, but it's against generated factories
 		if (!$this->editable()) {
 			$this->presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
 			$this->redirect('this');
@@ -96,4 +98,4 @@ private function editable() {
 		return $this->presenter->user->isAllowed('Admin', App\Authorizator::EDIT) ? TRUE : FALSE;
 	}
 
-}
+}

app/components/UserEditForm.php

@@ -11,6 +11,7 @@
 class UserEditForm extends UI\Control {
 
 	public $onSave = [];
+	//public $onBeforeRestrictedFunctionality = [];
 
 	private $users;
 	private $account;
@@ -61,6 +62,7 @@ protected function createComponentForm() {
 	}
 
 	public function formSucceeded(UI\Form $form) {
+		//$this->onBeforeRestrictedFunctionality($this); //FIXME: must be registered in config, but it's against generated factories
 		if (!$this->editable()) {
 			$this->presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
 			$this->redirect('this');
@@ -88,4 +90,4 @@ private function editable() {
 		return $this->presenter->user->isAllowed('Admin', App\Authorizator::EDIT) ? TRUE : FALSE;
 	}
 
-}
+}

app/config/config.neon

@@ -32,10 +32,18 @@ services:
 	- App\Tags(@doctrine.dao(Entity\Tag))
 	- App\Users(@doctrine.dao(Entity\User))
 	#- App\Xmlrpc
+
 	- PostFormFactory
 	- UserEditFormFactory
 
-	- PostsListener
+	#It should be here because of Kdyby\Events (?) --- security problem (if you forgot it) :-(
+	- App\AdminPresenter
+	-
+		class: PostsListener
+		tags: [kdyby.subscriber]
+	-
+		class: RestrictListener
+		tags: [kdyby.subscriber]
 
 extensions:
 	console: Kdyby\Console\DI\ConsoleExtension

app/listeners/RestrictListener.php

@@ -0,0 +1,29 @@
+<?php
+
+class RestrictListener extends Nette\Object implements Kdyby\Events\Subscriber {
+
+	public function getSubscribedEvents() {
+		return array(
+			'App\AdminPresenter::onBeforeRestrictedFunctionality' => 'adminEdit',
+			'Cntrl\PostForm::onBeforeRestrictedFunctionality' => 'controlEdit',
+			'Cntrl\UserEditForm::onBeforeRestrictedFunctionality' => 'controlEdit',
+		);
+	}
+
+	public function adminEdit(Nette\Application\UI\Presenter $presenter) {
+		if (!$presenter->user->isAllowed('Admin', App\Authorizator::EDIT)) {
+			$presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
+			$presenter->redirect('this');
+			return;
+		}
+	}
+
+	public function controlEdit(Nette\Application\UI\Control $control) {
+		if (!$control->presenter->user->isAllowed('Admin', App\Authorizator::EDIT)) {
+			$control->presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
+			$control->presenter->redirect('this');
+			return;
+		}
+	}
+
+}

app/presenters/AdminPresenter.php

@@ -10,6 +10,8 @@
 
 class AdminPresenter extends BasePresenter {
 
+	public $onBeforeRestrictedFunctionality = [];
+
 	/** @var Pictures @inject */
 	public $pictures;
 	/** @var Tags @inject */
@@ -117,11 +119,7 @@ protected function createComponentColor() {
 	 * @param $id
 	 */
 	public function colorSucceeded($button, $id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		$vals = $button->getForm()->getValues();
 		$newColor = preg_replace('<#>', '', $vals['color' . $id]);
 		if (ctype_xdigit($newColor) && (strlen($newColor) == 6 || strlen($newColor) == 3)) {
@@ -159,11 +157,7 @@ public function handleUpdate($title, $content, $tags) {
 	}
 
 	public function handleDelete($id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat (ani mazat) opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		try {
 			$this->posts->delete($this->posts->findOneBy(array('id' => $id)));
 			$this->flashMessage('Článek byl úspěšně smazán.', 'success');
@@ -174,11 +168,7 @@ public function handleDelete($id) {
 	}
 
 	public function handleDeleteTag($tag_id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat (ani mazat) opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		try {
 			$this->tags->delete($this->tags->findOneBy(array('id' => $tag_id)));
 			$this->flashMessage('Tag byl úspěšně smazán.', 'success');
@@ -189,11 +179,7 @@ public function handleDeleteTag($tag_id) {
 	}
 
 	public function handleDeleteUser($user_id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat (ani mazat) opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		try {
 			$this->users->delete($this->users->findOneBy(['id' => $user_id]));
 			$this->flashMessage('Uživatel byl úspěšně smazán.', 'success');
@@ -204,11 +190,7 @@ public function handleDeleteUser($user_id) {
 	}
 
 	public function handleRegenerate($tag_id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		try {
 			$tag = $this->tags->findOneBy(array('id' => $tag_id));
 			$tag->color = substr(md5(rand()), 0, 6); //Short and sweet
@@ -221,7 +203,7 @@ public function handleRegenerate($tag_id) {
 	}
 
 	public function handleUploadPicture() {
-		ob_start();
+		//ob_start();
 		$uploader = new \UploadHandler();
 		$uploader->allowedExtensions = array("jpeg", "jpg", "png", "gif", "iso");
 		$uploader->chunksFolder = __DIR__ . '/../../www/chunks';
@@ -249,11 +231,7 @@ public function handleUploadPicture() {
 	}
 
 	public function handleDeletePicture($id) {
-		if (!$this->editable()) {
-			$this->presenter->flashMessage('Myslím to vážně, editovat (ani mazat) opravdu **ne**můžete!', 'danger');
-			$this->redirect('this');
-			return;
-		}
+		$this->onBeforeRestrictedFunctionality($this);
 		$picture = $this->pictures->findOneBy(['id' => $id]);
 		@unlink(__DIR__ . '/../../www/uploads/' . $picture->uuid . DIRECTORY_SEPARATOR . $picture->name);
 		@rmdir(__DIR__ . '/../../www/uploads/' . $picture->uuid);
@@ -262,8 +240,4 @@ public function handleDeletePicture($id) {
 		$this->redirect('this');
 	}
 
-	private function editable() {
-		return $this->user->isAllowed('Admin', App\Authorizator::EDIT) ? TRUE : FALSE;
-	}
-
 }