Content Controller

[Midnight Modding]

What am I missing here? Function manage() in Content\Controller.php catches exceptions. When it checks the permission for the content item, in Content\Content.php, it throws an exception without catching it to show an error. So, if someone doesn't have permissions, it's going to throw an exception that isn't caught, ie no clean error message? canView() and can() only return bool, so no error() there. All of the first party apps I look at, they don't do anything other than call parent::manage(), so no error() there. Am i overlooking something? It's already odd to me that manage() catches all exceptions, to begin with. And I needed joins, so i just did my query before calling the parent, since the parent will have the cached row.

[Adriano Faria]

That's all you need:

class _view extends \IPS\Content\Controller
{
	/**
	 * [Content\Controller]	Class
	 */
	protected static $contentModel = 'IPS\links\Link';

	/**
	 * Execute
	 *
	 * @return	void
	 */
	public function execute()
	{
		try
		{
			$this->link = \IPS\links\Link::loadAndCheckPerms( \IPS\Request::i()->id );
			
			if ( !$this->link->canView( \IPS\Member::loggedIn() ) )
			{
				\IPS\Output::i()->error( 'node_error', '2LDVIEW/1', 404, '' );
			}
		}
		catch ( \OutOfRangeException $e )
		{
			\IPS\Output::i()->error( 'node_error', '2LDVIEW/2', 404, '' );
		}
		
		parent::execute();
	}

	/**
	 * View Link
	 *
	 * @return	void
	 */
	protected function manage()
	{
		/* Init */
		parent::manage();

		...
	}

 

[Midnight Modding]

But if we're going to do that why even have loadAndCheckPerms() and canView() called in the parent manage() to begin with? We're basically repeating the same checks.

And in Topic.php I see it does check canView() again (and only load() not loadAndCheckPerms(), but in gallery, calendar, etc.... it doesn't even check it, which is really confusing me.

Actually I do see the others check canView() in execute(). But regardless.... that is being checked twice, since manage() will call it via loadAndCheckPerms().

So is it only checked in the parent manage() just as a safeguard in case we forgot to do the check in our file, where it will just return us NULL?

[Midnight Modding]

I don't know if I should make another topic for this other thing, but when you make acp restriction keys, is it going to automatically check those if our do= is that key? I assume so.

[Adriano Faria]

You really should do what you’ve said here: 

Believe. 

[Midnight Modding]

Well, when I first posted, I didn't even notice that gallery did a canView() check in execute(), so that's what really got me thinking I was missing something. At this point, yeah I indeed should not worry over why and just keep moving on the coding.

[Midnight Modding]

Btw I can't do it like the example, anyway, because I forgot I have a join instead of a simple load(), so i guess I have to use constuctFromData() and catch underflow exceptions and then check canView(). In your example, canView() is being called 3 times, which I know it's no big deal, but just saying loadandCheckPerms() calls it, you are calling it a second time, and then parent::execute() calls it.

[bfarber]

When you call loadAndCheckPerms(), it loads the content item (which will throw an OutOfRangeException if it doesn't exist) and then it checks canView() against the content item (throwing OutOfRangeException if the user does not have permission to view).

The controller catches all LogicException instances (OutOfRangeException extends LogicException) and returns NULL.

The topic controller specifically grabs the value, tests for NULL, and then checks again, showing an error if appropriate. The primary reason the topic controller does most of this manually is so that it can show the forum-specific error message instead of a generic error message if you can't view. Gallery has the same consideration (there are per category error messages). Blog does not, and as such just does a general try/catch with loadAndCheckPerms() in the execute() method.