Support foreign keys at connect; security fix

This commit is contained in:
Maxime Renou 2020-05-13 13:08:40 +02:00
parent 34cb9f8625
commit 771be10e9a
1 changed files with 12 additions and 8 deletions

View File

@ -192,7 +192,9 @@ class Connect
$user = $model::where('email', $model_data['email'])->first() ?? new $model; $user = $model::where('email', $model_data['email'])->first() ?? new $model;
} }
$user->fill($model_data); // TODO $model_data = $this->convertForeignKeys($model_data);
$user->fill($model_data);
if (in_array($model, $this->synchronized)) if (in_array($model, $this->synchronized))
$user->{$model::$connectColumnId} = $model_data['id']; $user->{$model::$connectColumnId} = $model_data['id'];
@ -323,16 +325,18 @@ class Connect
$model = $this->synchronized[$data['connectResourceType']]; $model = $this->synchronized[$data['connectResourceType']];
$method = $this->getEventMethod($data['connectEventType']); $method = $this->getEventMethod($data['connectEventType']);
if ($data['connectEventType'] != 'deleted') { $data = $data['connectResourceData'];
try {
$data = $this->get($data['connectResourceType'], $data['connectResourceData']['id']); try {
} catch (\Exception $e) { $data = $this->get($data['connectResourceType'], $data['connectResourceData']['id']);
if ($data['connectEventType'] == 'deleted') {
abort(403, "This resource still exists.");
}
} catch (\Exception $e) {
if ($data['connectEventType'] != 'deleted') {
abort(404, "Could not retrieve this resource."); abort(404, "Could not retrieve this resource.");
} }
} }
else {
$data = $data['connectResourceData'];
}
$data = $this->convertForeignKeys($data); $data = $this->convertForeignKeys($data);