Implement document creation

carlbennett · carlbennett · commit 1c076df9090c · 2016-08-01T01:40:05.000Z
diff --git a/src/controllers/Document/Create.php b/src/controllers/Document/Create.php
@@ -0,0 +1,128 @@
+<?php
+
+namespace BNETDocs\Controllers\Document;
+
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Common;
+use \BNETDocs\Libraries\Controller;
+use \BNETDocs\Libraries\DatabaseDriver;
+use \BNETDocs\Libraries\Document;
+use \BNETDocs\Libraries\Exceptions\UnspecifiedViewException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\Router;
+use \BNETDocs\Libraries\User;
+use \BNETDocs\Libraries\UserSession;
+use \BNETDocs\Models\Document\Create as DocumentCreateModel;
+use \BNETDocs\Views\Document\CreateHtml as DocumentCreateHtmlView;
+
+class Create extends Controller {
+
+  public function run(Router &$router) {
+    switch ($router->getRequestPathExtension()) {
+      case "htm": case "html": case "":
+        $view = new DocumentCreateHtmlView();
+      break;
+      default:
+        throw new UnspecifiedViewException();
+    }
+    $model                  = new DocumentCreateModel();
+    $model->csrf_id         = mt_rand();
+    $model->csrf_token      = CSRF::generate($model->csrf_id, 900); // 15 mins
+    $model->error           = null;
+    $model->user_session    = UserSession::load($router);
+    $model->user            = (isset($model->user_session) ?
+                               new User($model->user_session->user_id) : null);
+
+    $model->acl_allowed  = ($model->user &&
+      $model->user->getOptionsBitmask() & User::OPTION_ACL_DOCUMENT_CREATE
+    );
+
+    if ($router->getRequestMethod() == "POST") {
+      $this->handlePost($router, $model);
+    } else if ($router->getRequestMethod() == "GET") {
+      $model->markdown = true;
+    }
+
+    ob_start();
+    $view->render($model);
+    $router->setResponseCode(($model->acl_allowed ? 200 : 403));
+    $router->setResponseTTL(0);
+    $router->setResponseHeader("Content-Type", $view->getMimeType());
+    $router->setResponseContent(ob_get_contents());
+    ob_end_clean();
+  }
+
+  protected function handlePost(Router &$router, DocumentCreateModel &$model) {
+    if (!$model->acl_allowed) {
+      $model->error = "ACL_NOT_SET";
+      return;
+    }
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    $data       = $router->getRequestBodyArray();
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+    $title      = (isset($data["title"     ]) ? $data["title"     ] : null);
+    $markdown   = (isset($data["markdown"  ]) ? $data["markdown"  ] : null);
+    $content    = (isset($data["content"   ]) ? $data["content"   ] : null);
+    $publish    = (isset($data["publish"   ]) ? $data["publish"   ] : null);
+    $save       = (isset($data["save"      ]) ? $data["save"      ] : null);
+
+    $model->title    = $title;
+    $model->markdown = $markdown;
+    $model->content  = $content;
+
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+
+    if (empty($title)) {
+      $model->error = "EMPTY_TITLE";
+    } else if (empty($content)) {
+      $model->error = "EMPTY_CONTENT";
+    }
+
+    $options_bitmask = 0;
+    if ($markdown) $options_bitmask |= Document::OPTION_MARKDOWN;
+    if ($publish ) $options_bitmask |= Document::OPTION_PUBLISHED;
+
+    $user_id = $model->user_session->user_id;
+
+    try {
+
+      $success = Document::create(
+        $user_id, $options_bitmask, $title, $content
+      );
+
+    } catch (QueryException $e) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+
+    }
+
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      "document_created",
+      $user_id,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"           => $model->error,
+        "options_bitmask" => $options_bitmask,
+        "title"           => $title,
+        "content"         => $content,
+      ])
+    );
+  }
+
+}
diff --git a/src/controllers/News/Create.php b/src/controllers/News/Create.php
@@ -85,7 +85,7 @@ protected function handlePost(Router &$router, NewsCreateModel &$model) {
     $model->title    = $title;
     $model->markdown = $markdown;
     $model->content  = $content;
-    
+
     if (!$csrf_valid) {
       $model->error = "INVALID_CSRF";
       return;
diff --git a/src/libraries/Document.php b/src/libraries/Document.php
@@ -57,6 +57,61 @@ public function __construct($data) {
     }
   }
 
+  public static function create(
+    $user_id, $options_bitmask, $title, $content
+  ) {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    $successful = false;
+    try {
+      $stmt = Common::$database->prepare("
+        INSERT INTO `documents` (
+          `id`, `created_datetime`, `edited_datetime`, `edited_count`,
+          `user_id`, `options_bitmask`, `title`, `content`
+        ) VALUES (
+          NULL, NOW(), NULL, 0, :user_id, :options_bitmask, :title, :content
+        );
+      ");
+      $stmt->bindParam(":user_id", $user_id, PDO::PARAM_INT);
+      $stmt->bindParam(":options_bitmask", $options_bitmask, PDO::PARAM_INT);
+      $stmt->bindParam(":title", $title, PDO::PARAM_STR);
+      $stmt->bindParam(":content", $content, PDO::PARAM_STR);
+      $successful = $stmt->execute();
+      $stmt->closeCursor();
+      if ($successful) Common::$cache->delete("bnetdocs-documents");
+    } catch (PDOException $e) {
+      throw new QueryException("Cannot create document", $e);
+    } finally {
+      //Credits::getTopContributorsByDocuments(true); // Refresh statistics
+      return $successful;
+    }
+  }
+
+  public static function delete($id) {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    $successful = false;
+    try {
+      $stmt = Common::$database->prepare("
+        DELETE FROM `documents` WHERE `id` = :id LIMIT 1;
+      ");
+      $stmt->bindParam(":id", $id, PDO::PARAM_INT);
+      $successful = $stmt->execute();
+      $stmt->closeCursor();
+      if ($successful) {
+        Common::$cache->delete("bnetdocs-document-" . (int) $id);
+        Common::$cache->delete("bnetdocs-documents");
+      }
+    } catch (PDOException $e) {
+      throw new QueryException("Cannot delete document", $e);
+    } finally {
+      //Credits::getTopContributorsByNewsPosts(true); // Refresh statistics
+      return $successful;
+    }
+  }
+
   public static function getAllDocuments() {
     $cache_key = "bnetdocs-documents";
     $cache_val = Common::$cache->get($cache_key);
diff --git a/src/libraries/Router.php b/src/libraries/Router.php
@@ -5,6 +5,7 @@
 use \BNETDocs\Controllers\Attachment\Download as AttachmentDownloadController;
 use \BNETDocs\Controllers\Comment\Create as CommentCreateController;
 use \BNETDocs\Controllers\Credits as CreditsController;
+use \BNETDocs\Controllers\Document\Create as DocumentCreateController;
 use \BNETDocs\Controllers\Document\Edit as DocumentEditController;
 use \BNETDocs\Controllers\Document\Index as DocumentIndexController;
 use \BNETDocs\Controllers\Document\Popular as DocumentPopularController;
@@ -284,6 +285,9 @@ public function route(Pair &$redirect = null) {
           break;
           case "document":
             switch ($subpath) {
+              case "create":
+                $controller = new DocumentCreateController();
+              break;
               case "edit": case "edit.htm": case "edit.html":
                 $controller = new DocumentEditController();
               break;
diff --git a/src/models/Document/Create.php b/src/models/Document/Create.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace BNETDocs\Models\Document;
+
+use \BNETDocs\Libraries\Model;
+
+class Create extends Model {
+
+  public $acl_allowed;
+  public $content;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $markdown;
+  public $title;
+  public $user;
+  public $user_session;
+
+  public function __construct() {
+    parent::__construct();
+    $this->acl_allowed     = null;
+    $this->content         = null;
+    $this->csrf_id         = null;
+    $this->csrf_token      = null;
+    $this->error           = null;
+    $this->markdown        = null;
+    $this->title           = null;
+    $this->user            = null;
+    $this->user_session    = null;
+  }
+
+}
diff --git a/src/templates/Document/Create.phtml b/src/templates/Document/Create.phtml
@@ -0,0 +1,87 @@
+<?php
+namespace BNETDocs\Templates;
+
+use \BNETDocs\Libraries\Common;
+use \BNETDocs\Libraries\Pair;
+
+$title       = "Create Document";
+$description = "This form allows an individual to create a document.";
+
+$this->opengraph->attach(new Pair("url", "/document/create"));
+$this->opengraph->attach(new Pair("type", "article"));
+
+switch ($this->getContext()->error) {
+  case "ACL_NOT_SET":
+    $message = "You do not have the privilege to create documents.";
+    break;
+  case "INVALID_CSRF":
+    $message = "The Cross-Site Request Forgery token was invalid. Either the "
+      . "create document form expired, or this may have been a malicious "
+      . "attempt to create a document.";
+    break;
+  case "EMPTY_TITLE":
+    $message = "The title of the document is required.";
+    break;
+  case "EMPTY_CONTENT":
+    $message = "The content of the document is required.";
+    break;
+  case "INTERNAL_ERROR":
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $message = $this->getContext()->error;
+}
+
+$this->additional_css[] = "/a/forms.css";
+require("./header.inc.phtml");
+?>
+      <article>
+<?php if ($this->getContext()->error !== false) { ?>
+        <header>Create Document</header>
+<?php if (!empty($message)) { ?>
+        <section class="red"><p><?php echo $message; ?></p></section>
+<?php } ?>
+        <form method="POST" action="?">
+          <input type="hidden" name="csrf_id" value="<?php echo
+            htmlspecialchars($this->getContext()->csrf_id, ENT_HTML5, "UTF-8");
+          ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo
+            htmlspecialchars($this->getContext()->csrf_token, ENT_HTML5, "UTF-8");
+          ?>"/>
+          <section>
+            <label for="title">Title:</label><br/>
+            <input type="text" name="title" id="title" tabindex="1" required
+              autofocus="autofocus" value="<?php echo
+                htmlspecialchars($this->getContext()->title, ENT_HTML5, "UTF-8");
+              ?>"/>
+          </section>
+          <section>
+            <label for="content">Content:</label>
+            <span style="float:right;">
+              <label for="markdown" title="Use markdown or use raw HTML">Markdown</label>
+              <input type="checkbox" name="markdown" id="markdown" tabindex="3"
+                title="Use markdown or use raw HTML" value="1"<?php
+                  if ($this->getContext()->markdown)
+                    echo " checked=\"checked\"";
+                ?>/>
+            </span>
+            <textarea name="content" id="content" tabindex="2" required
+              style="height:200px;"><?php echo
+                htmlspecialchars($this->getContext()->content, ENT_HTML5, "UTF-8");
+              ?></textarea>
+          </section>
+          <section>
+            <input type="submit" name="publish" value="Publish" tabindex="4"/>
+            <input type="submit" name="save" value="Save as Draft" tabindex="5"/>
+          </section>
+        </form>
+<?php } else { ?>
+        <header class="green">Create Document</header>
+        <section class="green">
+          <p>Your document has been created.</p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } ?>
+      </article>
+<?php require("./footer.inc.phtml"); ?>
diff --git a/src/views/Document/CreateHtml.php b/src/views/Document/CreateHtml.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace BNETDocs\Views\Document;
+
+use \BNETDocs\Libraries\Common;
+use \BNETDocs\Libraries\Exceptions\IncorrectModelException;
+use \BNETDocs\Libraries\Model;
+use \BNETDocs\Libraries\Template;
+use \BNETDocs\Libraries\View;
+use \BNETDocs\Models\Document\Create as DocumentCreateModel;
+
+class CreateHtml extends View {
+
+  public function getMimeType() {
+    return "text/html;charset=utf-8";
+  }
+
+  public function render(Model &$model) {
+    if (!$model instanceof DocumentCreateModel) {
+      throw new IncorrectModelException();
+    }
+    (new Template($model, "Document/Create"))->render();
+  }
+
+}
