YForm Search :: YForm 4.x fix (#63)

* YForm 4.x fix adding: edit perms adding: csrf * Unnötigen Code entfernt
tbaddade · Jun 20, 2022 · 07f23a8 · 07f23a8
1 parent 42b0ba6
commit 07f23a8
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/lib/Watson/Workflows/YForm/YFormSearch.php b/lib/Watson/Workflows/YForm/YFormSearch.php
@@ -63,14 +63,18 @@ public function registerPageParams()
     public function fire(Command $command)
     {
         $result = new Result();
-
         $tables = \rex_yform_manager_table::getAll();
+        $yform = \rex_addon::get('yform');
+        $yperm_suffix = '';
+        if (version_compare($yform->getVersion(), '4.0.0-beta1', '>=')) {
+            $yperm_suffix = '_edit';
+        }
 
         if (count($tables)) {
             $results = [];
             $viewFields = ['title', 'titel', 'name', 'lastname', 'last_name', 'surname'];
             foreach ($tables as $table) {
-                if ($table->isActive() && \rex::getUser()->getComplexPerm('yform_manager_table')->hasPerm($table->getTableName())) {
+                if ($table->isActive() && \rex::getUser()->getComplexPerm('yform_manager_table' . $yperm_suffix)->hasPerm($table->getTableName())) {
                     $fields = $table->getValueFields();
 
                     foreach ($fields as $fieldName => $field) {
@@ -84,18 +88,18 @@ public function fire(Command $command)
                         $selectFields = 'id';
                         foreach ($viewFields as $viewField) {
                             if (isset($fields[$viewField])) {
-                                $selectFields .= ', '.$viewField.' AS name';
+                                $selectFields .= ', ' . $viewField . ' AS name';
                                 break;
                             }
                         }
                         $searchFields = array_keys($fields);
                         $orderByField = $table->getSortFieldName();
 
                         $query = '
-                                SELECT      '.$selectFields.'
-                                FROM        '.$table.'
-                                WHERE       '.$command->getSqlWhere($searchFields).'
-                                ORDER BY    '.$orderByField;
+                                SELECT      ' . $selectFields . '
+                                FROM        ' . $table . '
+                                WHERE       ' . $command->getSqlWhere($searchFields) . '
+                                ORDER BY    ' . $orderByField;
 
                         $results[$table->getTableName()] = $this->getDatabaseResults($query);
                     }
@@ -107,15 +111,19 @@ public function fire(Command $command)
                     $counter = 0;
 
                     foreach ($items as $item) {
-                        $url = Watson::getUrl(['page' => 'yform/manager/data_edit', 'table_name' => $tableName, 'data_id' => $item['id'], 'func' => 'edit']);
+
+                        $_csrf_params = \rex_csrf_token::factory('table_field-' . $tableName)->getUrlParams();
+
+                        $url = Watson::getUrl(['page' => 'yform/manager/data_edit', 'table_name' => $tableName, 'data_id' => $item['id'], 'func' => 'edit', '_csrf_token' => $_csrf_params['_csrf_token']]);
+
                         ++$counter;
                         $entry = new ResultEntry();
                         if ($counter == 1) {
-                            $entry->setLegend(Watson::translate('watson_yform_legend').' :: '.$tableName);
+                            $entry->setLegend(Watson::translate('watson_yform_legend') . ' :: ' . $tableName);
                         }
 
                         if (isset($item['name'])) {
-                            $entry->setValue($item['name'], '('.$item['id'].')');
+                            $entry->setValue($item['name'], '(' . $item['id'] . ')');
                         } else {
                             $entry->setValue($item['id']);
                         }