liquid_feedback_frontend

changeset 1817:757a87af4c83

find changesets by author, revision, files, or words in the commit message
Added validation hook for profile updates
author bsw
date Mon Dec 13 11:57:35 2021 +0100 (2021-12-13)
parents baa87c3780ad
children 2d4136357989
files app/main/api/profile.lua app/main/member/_action/update.lua app/main/member/edit.lua
line diff
     1.1 --- a/app/main/api/profile.lua	Fri Dec 03 10:31:51 2021 +0100
     1.2 +++ b/app/main/api/profile.lua	Mon Dec 13 11:57:35 2021 +0100
     1.3 @@ -17,6 +17,12 @@
     1.4        if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then
     1.5          return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected")
     1.6        end
     1.7 +      if field.validate_func then
     1.8 +        local success = field.validate_func(field, fields)
     1.9 +        if not success then
    1.10 +          return util.api_error(403, "Forbidden", "validation_failure", "Request could not be validated")
    1.11 +        end
    1.12 +      end
    1.13        profile.profile[field.id] = value
    1.14      end
    1.15    end

     2.1 --- a/app/main/member/_action/update.lua	Fri Dec 03 10:31:51 2021 +0100
     2.2 +++ b/app/main/member/_action/update.lua	Mon Dec 13 11:57:35 2021 +0100
     2.3 @@ -1,7 +1,7 @@
     2.4  local profile = app.session.member.profile
     2.5  
     2.6  for i, field in ipairs(config.member_profile_fields) do
     2.7 -  if not util.is_profile_field_locked(app.session.member, field.id) then
     2.8 +  if not util.is_profile_field_locked(app.session.member, field.id) and not field.validate_func then
     2.9      local value = param.get(field.id)
    2.10      if value == "" then 
    2.11        value = null

     3.1 --- a/app/main/member/edit.lua	Fri Dec 03 10:31:51 2021 +0100
     3.2 +++ b/app/main/member/edit.lua	Mon Dec 13 11:57:35 2021 +0100
     3.3 @@ -32,7 +32,7 @@
     3.4                  ui.container{
     3.5                    attr = { class = "mdl-textfield mdl-js-textfield mdl-textfield--floating-label" },
     3.6                    content = function()
     3.7 -                    ui.tag{ tag = "input", attr = { class = "mdl-textfield__input", name = field.id, id = "input_" .. field.id, readonly = config.locked_profile_fields[field.id], value = profile and profile.profile and profile.profile[field.id] or nil } }
     3.8 +                    ui.tag{ tag = "input", attr = { class = "mdl-textfield__input", name = field.id, id = "input_" .. field.id, readonly = field.validate_func and "readonly" or nil, value = profile and profile.profile and profile.profile[field.id] or nil } }
     3.9                      ui.tag{ tag = "label", attr = { class = "mdl-textfield__label", ["for"] = "input_" .. field.id }, content = field.name }
    3.10                  end }
    3.11                  slot.put("<br />")

Impressum / About Us