diff options
| author | provokateurin <kate@provokateurin.de> | 2024-07-25 13:24:59 +0200 |
|---|---|---|
| committer | provokateurin <kate@provokateurin.de> | 2024-07-26 07:30:45 +0200 |
| commit | c57c3c15734c153d541247cc5fca198cb0e4f7b6 (patch) | |
| tree | 2cccda08d45230601f8bb5f1e74b74195d826692 /core/Controller/AvatarController.php | |
| parent | 41f7fa6840a13cb2cb1c9d4ac1d3eca6012e22de (diff) | |
| download | nextcloud-server-c57c3c15734c153d541247cc5fca198cb0e4f7b6.tar.gz nextcloud-server-c57c3c15734c153d541247cc5fca198cb0e4f7b6.zip | |
refactor(core): Replace security annotations with respective attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'core/Controller/AvatarController.php')
| -rw-r--r-- | core/Controller/AvatarController.php | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php index dac2df37ac3..3126b2600d9 100644 --- a/core/Controller/AvatarController.php +++ b/core/Controller/AvatarController.php @@ -11,6 +11,9 @@ use OC\AppFramework\Utility\TimeFactory; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\FrontpageRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\FileDisplayResponse; use OCP\AppFramework\Http\JSONResponse; @@ -47,10 +50,7 @@ class AvatarController extends Controller { } /** - * @NoAdminRequired - * @NoCSRFRequired * @NoSameSiteCookieRequired - * @PublicPage * * Get the dark avatar * @@ -63,6 +63,8 @@ class AvatarController extends Controller { * 201: Avatar returned * 404: Avatar not found */ + #[NoCSRFRequired] + #[PublicPage] #[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}/dark')] public function getAvatarDark(string $userId, int $size, bool $guestFallback = false) { if ($size <= 64) { @@ -99,10 +101,7 @@ class AvatarController extends Controller { /** - * @NoAdminRequired - * @NoCSRFRequired * @NoSameSiteCookieRequired - * @PublicPage * * Get the avatar * @@ -115,6 +114,8 @@ class AvatarController extends Controller { * 201: Avatar returned * 404: Avatar not found */ + #[NoCSRFRequired] + #[PublicPage] #[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}')] public function getAvatar(string $userId, int $size, bool $guestFallback = false) { if ($size <= 64) { @@ -149,9 +150,7 @@ class AvatarController extends Controller { return $response; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'POST', url: '/avatar/')] public function postAvatar(?string $path = null): JSONResponse { $files = $this->request->getUploadedFile('files'); @@ -271,9 +270,7 @@ class AvatarController extends Controller { } } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'DELETE', url: '/avatar/')] public function deleteAvatar(): JSONResponse { try { @@ -287,10 +284,9 @@ class AvatarController extends Controller { } /** - * @NoAdminRequired - * * @return JSONResponse|DataDisplayResponse */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'GET', url: '/avatar/tmp')] public function getTmpAvatar() { $tmpAvatar = $this->cache->get('tmpAvatar'); @@ -315,9 +311,7 @@ class AvatarController extends Controller { return $resp; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'POST', url: '/avatar/cropped')] public function postCroppedAvatar(?array $crop = null): JSONResponse { if (is_null($crop)) { |