added extra confirmation on deleting admin

MarioRadu · MarioRadu · commit 9bef76d1b6ae · 2024-07-25T10:39:52.000+03:00
Signed-off-by: MarioRadu &lt;magda_marior@yahoo.com&gt;
diff --git a/.laminas-ci/pre-run.sh b/.laminas-ci/pre-run.sh
@@ -12,6 +12,4 @@ if [[ ${COMMAND} =~ phpunit ]];then
   cp config/autoload/mail.local.php.dist config/autoload/mail.local.php
   cp config/autoload/local.test.php.dist config/autoload/local.test.php
 
-  echo 'running if'
-
 fi
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -16,4 +16,9 @@
             <code>init</code>
         </UndefinedInterfaceMethod>
     </file>
+    <file src="src/Admin/src/Form/AdminDeleteForm.php">
+        <UndefinedInterfaceMethod>
+            <code>init</code>
+        </UndefinedInterfaceMethod>
+    </file>
 </files>
diff --git a/public/js/app.js b/public/js/app.js
diff --git a/src/Admin/src/ConfigProvider.php b/src/Admin/src/ConfigProvider.php
@@ -13,6 +13,7 @@
 use Frontend\Admin\Entity\Admin;
 use Frontend\Admin\Entity\AdminInterface;
 use Frontend\Admin\Factory\AuthenticationServiceFactory;
+use Frontend\Admin\Form\AdminDeleteForm;
 use Frontend\Admin\Form\AdminForm;
 use Frontend\Admin\Form\ChangePasswordForm;
 use Frontend\Admin\Form\LoginForm;
@@ -79,6 +80,7 @@ public function getForms(): array
                 'factories'  => [
                     LoginForm::class          => ElementFactory::class,
                     ChangePasswordForm::class => ElementFactory::class,
+                    AdminDeleteForm::class    => ElementFactory::class,
                 ],
                 'aliases'    => [],
                 'delegators' => [],
diff --git a/src/Admin/src/Controller/AdminController.php b/src/Admin/src/Controller/AdminController.php
@@ -15,6 +15,7 @@
 use Frontend\Admin\Entity\AdminIdentity;
 use Frontend\Admin\Entity\AdminLogin;
 use Frontend\Admin\Form\AccountForm;
+use Frontend\Admin\Form\AdminDeleteForm;
 use Frontend\Admin\Form\AdminForm;
 use Frontend\Admin\Form\ChangePasswordForm;
 use Frontend\Admin\Form\LoginForm;
@@ -161,6 +162,13 @@ public function editAction(): ResponseInterface
 
     public function deleteAction(): ResponseInterface
     {
+        if (! $this->isPost()) {
+            return new JsonResponse(
+                ['message' => Message::METHOD_NOT_ALLOWED],
+                StatusCodeInterface::STATUS_METHOD_NOT_ALLOWED
+            );
+        }
+
         $uuid = $this->getAttribute('uuid');
         if (empty($uuid)) {
             return new JsonResponse(
@@ -169,9 +177,17 @@ public function deleteAction(): ResponseInterface
             );
         }
 
+        $form = new AdminDeleteForm();
+        $form->setData($this->getPostParams());
+        if (! $form->isValid()) {
+            return new JsonResponse(
+                ['message' => $this->forms->getMessages($form)],
+                StatusCodeInterface::STATUS_BAD_REQUEST
+            );
+        }
+
         /** @var Admin $admin */
         $admin = $this->adminService->getAdminRepository()->findOneBy(['uuid' => $uuid]);
-
         try {
             $this->adminService->getAdminRepository()->deleteAdmin($admin);
             return new JsonResponse(['message' => Message::ADMIN_DELETED_SUCCESSFULLY]);
@@ -200,7 +216,9 @@ public function listAction(): ResponseInterface
     public function manageAction(): ResponseInterface
     {
         return new HtmlResponse(
-            $this->template->render('admin::list')
+            $this->template->render('admin::list', [
+                'form' => new AdminDeleteForm(),
+            ])
         );
     }
 
diff --git a/src/Admin/src/Form/AdminDeleteForm.php b/src/Admin/src/Form/AdminDeleteForm.php
@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Frontend\Admin\Form;
+
+use Frontend\Admin\InputFilter\AdminDeleteInputFilter;
+use Laminas\Form\Form;
+use Laminas\Form\FormInterface;
+use Laminas\InputFilter\InputFilterInterface;
+
+/** @template-extends Form<FormInterface> */
+class AdminDeleteForm extends Form
+{
+    protected InputFilterInterface $inputFilter;
+
+    public function __construct(?string $name = null, array $options = [])
+    {
+        parent::__construct($name, $options);
+
+        $this->init();
+
+        $this->inputFilter = new AdminDeleteInputFilter();
+        $this->inputFilter->init();
+    }
+
+    public function init(): void
+    {
+        $this->add([
+            'name'       => 'confirmation',
+            'type'       => 'checkbox',
+            'options'    => [
+                'label'           => 'Confirmation',
+                'checked_value'   => 'yes',
+                'unchecked_value' => 'no',
+            ],
+            'attributes' => [
+                'value' => 'no',
+                'id'    => 'confirmation',
+                'class' => 'form-check-input',
+            ],
+        ]);
+
+        $this->add([
+            'name'       => 'close',
+            'type'       => 'button',
+            'options'    => [
+                'label' => 'Close',
+            ],
+            'attributes' => [
+                'class'           => 'btn btn-default',
+                'data-bs-dismiss' => 'modal',
+                'role'            => 'button',
+            ],
+        ]);
+
+        $this->add([
+            'name'       => 'submit',
+            'type'       => 'submit',
+            'attributes' => [
+                'class' => 'btn btn-danger',
+                'id'    => 'modalDeleteBtn',
+                'value' => 'Delete',
+            ],
+        ]);
+    }
+
+    public function getInputFilter(): InputFilterInterface
+    {
+        return $this->inputFilter;
+    }
+
+    public function setInputFilter(InputFilterInterface $inputFilter): void
+    {
+        $this->inputFilter = $inputFilter;
+        $this->inputFilter->init();
+    }
+}
diff --git a/src/Admin/src/InputFilter/AdminDeleteInputFilter.php b/src/Admin/src/InputFilter/AdminDeleteInputFilter.php
@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Frontend\Admin\InputFilter;
+
+use Laminas\InputFilter\Input;
+use Laminas\InputFilter\InputFilter;
+use Laminas\Validator\InArray;
+use Laminas\Validator\NotEmpty;
+
+/**  @extends InputFilter<object> */
+class AdminDeleteInputFilter extends InputFilter
+{
+    public function init(): void
+    {
+        $confirmation = new Input('confirmation');
+        $confirmation->setRequired(true);
+        $confirmation->getValidatorChain()->attachByName(NotEmpty::class, [
+            'break_chain_on_failure' => true,
+            'message'                => 'Please confirm admin deletion.',
+        ]);
+
+        $confirmation->getValidatorChain()->attachByName(InArray::class, [
+            'haystack'               => [
+                'yes',
+            ],
+            'break_chain_on_failure' => true,
+            'message'                => 'Please confirm the admin deletion.',
+        ]);
+
+        $this->add($confirmation);
+    }
+}
diff --git a/src/Admin/templates/admin/list.html.twig b/src/Admin/templates/admin/list.html.twig
@@ -68,19 +68,33 @@
     <div class="modal fade" tabindex="-1" role="dialog" id="deleteFormModal" aria-labelledby="deleteFormModal">
         <div class="modal-dialog" role="document">
             <div class="modal-content">
+                {% set dummy = form.prepare() %}
+                {% set dummy = form.setAttribute('id', 'deleteAdminForm') %}
+                {{ form().openTag(form) | raw }}
                 <div class="modal-header">
                     <h4 class="modal-title" id="deleteFormModalTitle">Confirm Delete</h4>
                     <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close">
                     </button>
                 </div>
                 <div class="modal-body">
-                    <div class="modal-form"></div>
-                    <div class="modal-messages"></div>
+                        <div class="modal-form">
+                            <p>Are you sure you want to delete <span id="adminIdentity"></span>?</p>
+                            <div class="form-check">
+                                {% set element = form.get('confirmation') %}
+                                {{ formElement(element) }}
+                                <label class="form-check-label" for="confirmation">Yes</label>
+                            </div>
+                        </div>
+                        <div class="modal-messages"></div>
                 </div>
                 <div class="modal-footer">
-                    <button type="button" class="btn btn-default" data-bs-dismiss="modal">Close</button>
-                    <button type="button" class="btn btn-danger" id="modalDeleteBtn">Delete</button>
+                    {% set element = form.get('close') %}
+                    {{ formElement(element) }}
+
+                    {% set element = form.get('submit') %}
+                    {{ formElement(element) }}
                 </div>
+                {{ form().closeTag() | raw }}
             </div>
         </div>
     </div>
diff --git a/src/App/assets/js/components/_admin.js b/src/App/assets/js/components/_admin.js
@@ -54,7 +54,6 @@ $(document).ready(() => {
             });
     });
 
-
     $(document).on('click', '#adminEditBtn', () => {
         const selections = $("#bsTable").bootstrapTable('getSelections');
         if (selections.length !== 1) {
@@ -77,16 +76,18 @@ $(document).ready(() => {
             return;
         }
 
-        adminDeleteModal.find('.modal-form').html(`Are you sure you want to delete <b>${selections[0].identity}?</b>`);
+        adminDeleteModal.find('#adminIdentity').html(`<b>${selections[0].identity}</b>`);
         adminDeleteModal.modal('show');
     });
 
-    $(document).on('click', '#modalDeleteBtn', () => {
+    $("#deleteAdminForm").on('submit', (e) => {
+        e.preventDefault();
         const selections = $("#bsTable").bootstrapTable('getSelections');
-        const messages = adminDeleteModal.find('.modal-messages');
-        request('GET', `/admin/delete/${selections[0].uuid}`)
+        const form = $('#deleteAdminForm');
+        const messages = $(form).find('.modal-messages');
+        messages.html('');
+        request('POST', `/admin/delete/${selections[0].uuid}`, new FormData(form.get(0)))
             .then(data => {
-                messages.html('');
                 messages.append(
                     $('<div>').prop({
                         innerHTML: data.message,
@@ -97,17 +98,22 @@ $(document).ready(() => {
                 bsTable.bootstrapTable('refresh');
                 setTimeout(function () {
                     adminDeleteModal.modal('hide');
+                    messages.html('');
                 },1500);
             }).catch(error => {
-                messages.append(
-                    $('<div>').prop({
-                        innerHTML: error.cause,
-                        className: 'alert alert-danger',
-                        role: "alert"
-                    })
-                );
-            }).finally(() => {
-                adminDeleteModal.modal('show');
-            });
+            messages.append(
+                $('<div>').prop({
+                    innerHTML: error.cause,
+                    className: 'alert alert-danger',
+                    role: "alert"
+                })
+            );
+        }).finally(() => {
+            adminDeleteModal.modal('show');
+        });
+    });
+
+    adminDeleteModal.on('show.bs.modal', 'hidden.bs.modal', function () {
+        adminDeleteModal.find('#confirmation').prop('checked', false);
     });
 });
diff --git a/src/Setting/src/Controller/SettingController.php b/src/Setting/src/Controller/SettingController.php
@@ -42,12 +42,6 @@ public function __construct(
 
     public function storeSettingAction(): JsonResponse
     {
-        $this->denyRequest(
-            ! $this->isPost(),
-            Message::METHOD_NOT_ALLOWED,
-            StatusCodeInterface::STATUS_METHOD_NOT_ALLOWED
-        );
-
         $data       = json_decode($this->getRequest()->getBody()->getContents(), true);
         $identifier = $this->getRequest()->getAttribute('identifier');
         $value      = $data['value'] ?? null;
@@ -96,12 +90,6 @@ public function storeSettingAction(): JsonResponse
 
     public function getSettingAction(): JsonResponse
     {
-        $this->denyRequest(
-            ! $this->isGet(),
-            Message::METHOD_NOT_ALLOWED,
-            StatusCodeInterface::STATUS_METHOD_NOT_ALLOWED
-        );
-
         $identifier  = $this->getRequest()->getAttribute('identifier');
         $inputFilter = new SettingInputFilter();
         $inputFilter->setData([
