mirror of
https://github.com/nextcloud/server.git
synced 2026-04-28 17:48:40 -04:00
Merge pull request #46746 from nextcloud/refactor/dashboard/security-attributes
This commit is contained in:
Kate
GitHub
commit
c7315a0e83
2 changed files with 16 additions and 15 deletions
|
|
@ -13,6 +13,8 @@ use OCA\Dashboard\ResponseDefinitions;
|
|||
use OCA\Dashboard\Service\DashboardService;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\Dashboard\IAPIWidget;
|
||||
|
|
@ -67,9 +69,6 @@ class DashboardApiController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get the items for the widgets
|
||||
*
|
||||
* @param array<string, string> $sinceIds Array indexed by widget Ids, contains date/id from which we want the new items
|
||||
|
|
@ -80,6 +79,8 @@ class DashboardApiController extends OCSController {
|
|||
*
|
||||
* 200: Widget items returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/api/v1/widget-items')]
|
||||
public function getWidgetItems(array $sinceIds = [], int $limit = 7, array $widgets = []): DataResponse {
|
||||
$items = [];
|
||||
|
|
@ -96,9 +97,6 @@ class DashboardApiController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get the items for the widgets
|
||||
*
|
||||
* @param array<string, string> $sinceIds Array indexed by widget Ids, contains date/id from which we want the new items
|
||||
|
|
@ -109,6 +107,8 @@ class DashboardApiController extends OCSController {
|
|||
*
|
||||
* 200: Widget items returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/api/v2/widget-items')]
|
||||
public function getWidgetItemsV2(array $sinceIds = [], int $limit = 7, array $widgets = []): DataResponse {
|
||||
$items = [];
|
||||
|
|
@ -127,13 +127,12 @@ class DashboardApiController extends OCSController {
|
|||
/**
|
||||
* Get the widgets
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array<string, DashboardWidget>, array{}>
|
||||
*
|
||||
* 200: Widgets returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/api/v1/widgets')]
|
||||
public function getWidgets(): DataResponse {
|
||||
$widgets = $this->dashboardManager->getWidgets();
|
||||
|
|
@ -180,11 +179,11 @@ class DashboardApiController extends OCSController {
|
|||
/**
|
||||
* Get the layout
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @return DataResponse<Http::STATUS_OK, array{layout: list<string>}, array{}>
|
||||
*
|
||||
* 200: Layout returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/api/v3/layout')]
|
||||
public function getLayout(): DataResponse {
|
||||
return new DataResponse(['layout' => $this->service->getLayout()]);
|
||||
|
|
@ -193,12 +192,12 @@ class DashboardApiController extends OCSController {
|
|||
/**
|
||||
* Update the layout
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @param list<string> $layout The new layout
|
||||
* @return DataResponse<Http::STATUS_OK, array{layout: list<string>}, array{}>
|
||||
*
|
||||
* 200: Statuses updated successfully
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/api/v3/layout')]
|
||||
public function updateLayout(array $layout): DataResponse {
|
||||
$this->config->setUserValue($this->userId, 'dashboard', 'layout', implode(',', $layout));
|
||||
|
|
@ -208,11 +207,11 @@ class DashboardApiController extends OCSController {
|
|||
/**
|
||||
* Get the statuses
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @return DataResponse<Http::STATUS_OK, array{statuses: list<string>}, array{}>
|
||||
*
|
||||
* 200: Statuses returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/api/v3/statuses')]
|
||||
public function getStatuses(): DataResponse {
|
||||
return new DataResponse(['statuses' => $this->service->getStatuses()]);
|
||||
|
|
@ -221,12 +220,12 @@ class DashboardApiController extends OCSController {
|
|||
/**
|
||||
* Update the statuses
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @param list<string> $statuses The new statuses
|
||||
* @return DataResponse<Http::STATUS_OK, array{statuses: list<string>}, array{}>
|
||||
*
|
||||
* 200: Statuses updated successfully
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/api/v3/statuses')]
|
||||
public function updateStatuses(array $statuses): DataResponse {
|
||||
$this->config->setUserValue($this->userId, 'dashboard', 'statuses', implode(',', $statuses));
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ use OCA\Dashboard\Service\DashboardService;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Services\IInitialState;
|
||||
|
|
@ -41,10 +43,10 @@ class DashboardController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @NoAdminRequired
|
||||
* @return TemplateResponse
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/')]
|
||||
public function index(): TemplateResponse {
|
||||
\OCP\Util::addStyle('dashboard', 'dashboard');
|
||||
|
|
|
|||
Loading…
Reference in a new issue