# HG changeset patch # User bsw # Date 1639393055 -3600 # Node ID 757a87af4c8350a81773503dceaf533669deced1 # Parent baa87c3780ad473936ae4c4953f031f8c1085d77 Added validation hook for profile updates diff -r baa87c3780ad -r 757a87af4c83 app/main/api/profile.lua --- a/app/main/api/profile.lua Fri Dec 03 10:31:51 2021 +0100 +++ b/app/main/api/profile.lua Mon Dec 13 11:57:35 2021 +0100 @@ -17,6 +17,12 @@ if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected") end + if field.validate_func then + local success = field.validate_func(field, fields) + if not success then + return util.api_error(403, "Forbidden", "validation_failure", "Request could not be validated") + end + end profile.profile[field.id] = value end end diff -r baa87c3780ad -r 757a87af4c83 app/main/member/_action/update.lua --- a/app/main/member/_action/update.lua Fri Dec 03 10:31:51 2021 +0100 +++ b/app/main/member/_action/update.lua Mon Dec 13 11:57:35 2021 +0100 @@ -1,7 +1,7 @@ local profile = app.session.member.profile for i, field in ipairs(config.member_profile_fields) do - if not util.is_profile_field_locked(app.session.member, field.id) then + if not util.is_profile_field_locked(app.session.member, field.id) and not field.validate_func then local value = param.get(field.id) if value == "" then value = null diff -r baa87c3780ad -r 757a87af4c83 app/main/member/edit.lua --- a/app/main/member/edit.lua Fri Dec 03 10:31:51 2021 +0100 +++ b/app/main/member/edit.lua Mon Dec 13 11:57:35 2021 +0100 @@ -32,7 +32,7 @@ ui.container{ attr = { class = "mdl-textfield mdl-js-textfield mdl-textfield--floating-label" }, content = function() - ui.tag{ tag = "input", attr = { class = "mdl-textfield__input", name = field.id, id = "input_" .. field.id, readonly = config.locked_profile_fields[field.id], value = profile and profile.profile and profile.profile[field.id] or nil } } + ui.tag{ tag = "input", attr = { class = "mdl-textfield__input", name = field.id, id = "input_" .. field.id, readonly = field.validate_func and "readonly" or nil, value = profile and profile.profile and profile.profile[field.id] or nil } } ui.tag{ tag = "label", attr = { class = "mdl-textfield__label", ["for"] = "input_" .. field.id }, content = field.name } end } slot.put("
")