refactor(dashboard): Replace security annotations with respective attributes

Signed-off-by: provokateurin <kate@provokateurin.de>

2 files changed, 16 insertions, 15 deletions

diff --git a/apps/dashboard/lib/Controller/DashboardApiController.php b/apps/dashboard/lib/Controller/DashboardApiController.php
index a9557965076..c3d91fd9d34 100644
--- a/apps/dashboard/lib/Controller/DashboardApiController.php
+++ b/apps/dashboard/lib/Controller/DashboardApiController.php
@@ -13,6 +13,8 @@ use OCA\Dashboard\ResponseDefinitions;
 use OCA\Dashboard\Service\DashboardService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\Dashboard\IAPIWidget;
@@ -67,9 +69,6 @@ class DashboardApiController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
 	 * Get the items for the widgets
 	 *
 	 * @param array<string, string> $sinceIds Array indexed by widget Ids, contains date/id from which we want the new items
@@ -80,6 +79,8 @@ class DashboardApiController extends OCSController {
 	 *
 	 * 200: Widget items returned
 	 */
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/widget-items')]
 	public function getWidgetItems(array $sinceIds = [], int $limit = 7, array $widgets = []): DataResponse {
 		$items = [];
@@ -96,9 +97,6 @@ class DashboardApiController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
 	 * Get the items for the widgets
 	 *
 	 * @param array<string, string> $sinceIds Array indexed by widget Ids, contains date/id from which we want the new items
@@ -109,6 +107,8 @@ class DashboardApiController extends OCSController {
 	 *
 	 * 200: Widget items returned
 	 */
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v2/widget-items')]
 	public function getWidgetItemsV2(array $sinceIds = [], int $limit = 7, array $widgets = []): DataResponse {
 		$items = [];
@@ -127,13 +127,12 @@ class DashboardApiController extends OCSController {
 	/**
 	 * Get the widgets
 	 *
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, array<string, DashboardWidget>, array{}>
 	 *
 	 * 200: Widgets returned
 	 */
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/widgets')]
 	public function getWidgets(): DataResponse {
 		$widgets = $this->dashboardManager->getWidgets();
@@ -180,11 +179,11 @@ class DashboardApiController extends OCSController {
 	/**
 	 * Get the layout
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse<Http::STATUS_OK, array{layout: list<string>}, array{}>
 	 *
 	 * 200: Layout returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v3/layout')]
 	public function getLayout(): DataResponse {
 		return new DataResponse(['layout' => $this->service->getLayout()]);
@@ -193,12 +192,12 @@ class DashboardApiController extends OCSController {
 	/**
 	 * Update the layout
 	 *
-	 * @NoAdminRequired
 	 * @param list<string> $layout The new layout
 	 * @return DataResponse<Http::STATUS_OK, array{layout: list<string>}, array{}>
 	 *
 	 * 200: Statuses updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'POST', url: '/api/v3/layout')]
 	public function updateLayout(array $layout): DataResponse {
 		$this->config->setUserValue($this->userId, 'dashboard', 'layout', implode(',', $layout));
@@ -208,11 +207,11 @@ class DashboardApiController extends OCSController {
 	/**
 	 * Get the statuses
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse<Http::STATUS_OK, array{statuses: list<string>}, array{}>
 	 *
 	 * 200: Statuses returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v3/statuses')]
 	public function getStatuses(): DataResponse {
 		return new DataResponse(['statuses' => $this->service->getStatuses()]);
@@ -221,12 +220,12 @@ class DashboardApiController extends OCSController {
 	/**
 	 * Update the statuses
 	 *
-	 * @NoAdminRequired
 	 * @param list<string> $statuses The new statuses
 	 * @return DataResponse<Http::STATUS_OK, array{statuses: list<string>}, array{}>
 	 *
 	 * 200: Statuses updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'POST', url: '/api/v3/statuses')]
 	public function updateStatuses(array $statuses): DataResponse {
 		$this->config->setUserValue($this->userId, 'dashboard', 'statuses', implode(',', $statuses));
diff --git a/apps/dashboard/lib/Controller/DashboardController.php b/apps/dashboard/lib/Controller/DashboardController.php
index ebd6fdd5ae7..69ddceadf17 100644
--- a/apps/dashboard/lib/Controller/DashboardController.php
+++ b/apps/dashboard/lib/Controller/DashboardController.php
@@ -12,6 +12,8 @@ use OCA\Dashboard\Service\DashboardService;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
@@ -41,10 +43,10 @@ class DashboardController extends Controller {
 	}
 
 	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
 	 * @return TemplateResponse
 	 */
+	#[NoCSRFRequired]
+	#[NoAdminRequired]
 	#[FrontpageRoute(verb: 'GET', url: '/')]
 	public function index(): TemplateResponse {
 		\OCP\Util::addStyle('dashboard', 'dashboard');