Immanuel
/
skouter
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Skouter mortgage estimates. Web application with view written in PHP and Vue, but controller and models in Go.
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
176 Incheckningar
1 Gren
11 MiB
 
 
 
 
 
 
Träd: eb91253e97
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'eb91253e97'
${ noResults }
skouter/grav-admin/user/plugins/flex-objects/classes/Controllers/MediaController.php

676 lines
22 KiB
Blame Historik 

  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. namespace Grav\Plugin\FlexObjects\Controllers;

  6. 

  7. use Exception;

  8. use Grav\Common\Debugger;

  9. use Grav\Common\Page\Interfaces\PageInterface;

  10. use Grav\Common\Page\Medium\Medium;

  11. use Grav\Common\Page\Medium\MediumFactory;

  12. use Grav\Common\Utils;

  13. use Grav\Framework\Flex\FlexObject;

  14. use Grav\Framework\Flex\Interfaces\FlexAuthorizeInterface;

  15. use Grav\Framework\Flex\Interfaces\FlexObjectInterface;

  16. use Grav\Framework\Media\Interfaces\MediaInterface;

  17. use LogicException;

  18. use Psr\Http\Message\ResponseInterface;

  19. use Psr\Http\Message\UploadedFileInterface;

  20. use RocketTheme\Toolbox\Event\Event;

  21. use RuntimeException;

  22. use function is_array;

  23. use function is_string;

  24. 

  25. /**

  26.  * Class MediaController

  27.  * @package Grav\Plugin\FlexObjects\Controllers

  28.  */

  29. class MediaController extends AbstractController

  30. {

  31.     /**

  32.      * @return ResponseInterface

  33.      */

  34.     public function taskMediaUpload(): ResponseInterface

  35.     {

  36.         $this->checkAuthorization('media.create');

  37. 

  38.         $object = $this->getObject();

  39.         if (null === $object) {

  40.             throw new RuntimeException('Not Found', 404);

  41.         }

  42. 

  43.         if (!method_exists($object, 'checkUploadedMediaFile')) {

  44.             throw new RuntimeException('Not Found', 404);

  45.         }

  46. 

  47.         // Get updated object from Form Flash.

  48.         $flash = $this->getFormFlash($object);

  49.         if ($flash->exists()) {

  50.             $object = $flash->getObject() ?? $object;

  51.             $object->update([], $flash->getFilesByFields());

  52.         }

  53. 

  54.         // Get field for the uploaded media.

  55.         $field = $this->getPost('name', 'undefined');

  56.         if ($field === 'undefined') {

  57.             $field = null;

  58.         }

  59. 

  60.         $request = $this->getRequest();

  61.         $files = $request->getUploadedFiles();

  62.         if ($field && isset($files['data'])) {

  63.             $files = $files['data'];

  64.             $parts = explode('.', $field);

  65.             $last = array_pop($parts);

  66.             foreach ($parts as $name) {

  67.                 if (!is_array($files[$name])) {

  68.                     throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);

  69.                 }

  70.                 $files = $files[$name];

  71.             }

  72.             $file = $files[$last] ?? null;

  73. 

  74.         } else {

  75.             // Legacy call with name being the filename instead of field name.

  76.             $file = $files['file'] ?? null;

  77.             $field = null;

  78.         }

  79. 

  80.         /** @var UploadedFileInterface $file */

  81.         if (is_array($file)) {

  82.             $file = reset($file);

  83.         }

  84. 

  85.         if (!$file instanceof UploadedFileInterface) {

  86.             throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);

  87.         }

  88. 

  89.         $filename = $file->getClientFilename();

  90. 

  91.         $object->checkUploadedMediaFile($file, $filename, $field);

  92. 

  93.         try {

  94.             // TODO: This only merges main level data, but is good for ordering (for now).

  95.             $data = $flash->getData() ?? [];

  96.             $data = array_replace($data, (array)$this->getPost('data'));

  97. 

  98.             $crop = $this->getPost('crop');

  99.             if (is_string($crop)) {

  100.                 $crop = json_decode($crop, true, 512, JSON_THROW_ON_ERROR);

  101.             }

  102. 

  103.             $flash->setData($data);

  104.             $flash->addUploadedFile($file, $field, $crop);

  105.             $flash->save();

  106.         } catch (Exception $e) {

  107.             throw new RuntimeException($e->getMessage(), $e->getCode(), $e);

  108.         }

  109. 

  110.         // Include exif metadata into the response if configured to do so

  111.         $metadata = [];

  112.         $include_metadata = $this->grav['config']->get('system.media.auto_metadata_exif', false);

  113.         if ($include_metadata) {

  114.             $medium = MediumFactory::fromUploadedFile($file);

  115. 

  116.             $media = $object->getMedia();

  117.             $media->add($filename, $medium);

  118. 

  119.             $basename = str_replace(['@3x', '@2x'], '', Utils::pathinfo($filename, PATHINFO_BASENAME));

  120.             if (isset($media[$basename])) {

  121.                 $metadata = $media[$basename]->metadata() ?: [];

  122.             }

  123.         }

  124. 

  125.         $response = [

  126.             'code'    => 200,

  127.             'status'  => 'success',

  128.             'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),

  129.             'filename' => htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'),

  130.             'metadata' => $metadata

  131.         ];

  132. 

  133.         return $this->createJsonResponse($response);

  134.     }

  135. 

  136.     /**

  137.      * @return ResponseInterface

  138.      */

  139.     public function taskMediaUploadMeta(): ResponseInterface

  140.     {

  141.         try {

  142.             $this->checkAuthorization('media.create');

  143. 

  144.             $object = $this->getObject();

  145.             if (null === $object) {

  146.                 throw new RuntimeException('Not Found', 404);

  147.             }

  148. 

  149.             if (!method_exists($object, 'getMediaField')) {

  150.                 throw new RuntimeException('Not Found', 404);

  151.             }

  152. 

  153.             $object->refresh();

  154. 

  155.             // Get updated object from Form Flash.

  156.             $flash = $this->getFormFlash($object);

  157.             if ($flash->exists()) {

  158.                 $object = $flash->getObject() ?? $object;

  159.                 $object->update([], $flash->getFilesByFields());

  160.             }

  161. 

  162.             // Get field and data for the uploaded media.

  163.             $field = (string)$this->getPost('field');

  164.             $media = $object->getMediaField($field);

  165.             if (!$media) {

  166.                 throw new RuntimeException('Media field not found: ' . $field, 404);

  167.             }

  168. 

  169.             $data = $this->getPost('data');

  170.             if (is_string($data)) {

  171.                 $data = json_decode($data, true);

  172.             }

  173. 

  174.             $filename = Utils::basename($data['name'] ?? '');

  175. 

  176.             // Update field.

  177.             $files = $object->getNestedProperty($field, []);

  178.             // FIXME: Do we want to save something into the field as well?

  179.             $files[$filename] = [];

  180.             $object->setNestedProperty($field, $files);

  181. 

  182.             $info = [

  183.                 'modified' => $data['modified'] ?? null,

  184.                 'size' => $data['size'] ?? null,

  185.                 'mime' => $data['mime'] ?? null,

  186.                 'width' => $data['width'] ?? null,

  187.                 'height' => $data['height'] ?? null,

  188.                 'duration' => $data['duration'] ?? null,

  189.                 'orientation' => $data['orientation'] ?? null,

  190.                 'meta' => array_filter($data, static function ($val) { return $val !== null; })

  191.             ];

  192.             $info = array_filter($info, static function ($val) { return $val !== null; });

  193. 

  194.             // As the file may not be saved locally, we need to update the index.

  195.             $media->updateIndex([$filename => $info]);

  196. 

  197.             $object->save();

  198.             $flash->save();

  199. 

  200.             $response = [

  201.                 'code' => 200,

  202.                 'status' => 'success',

  203.                 'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),

  204.                 'field' => $field,

  205.                 'filename' => $filename,

  206.                 'metadata' => $data

  207.             ];

  208.         } catch (\Exception $e) {

  209.             /** @var Debugger $debugger */

  210.             $debugger = $this->grav['debugger'];

  211.             $debugger->addException($e);

  212. 

  213.             return $this->createJsonErrorResponse($e);

  214.         }

  215. 

  216.         return $this->createJsonResponse($response);

  217.     }

  218. 

  219.     /**

  220.      * @return ResponseInterface

  221.      */

  222.     public function taskMediaReorder(): ResponseInterface

  223.     {

  224.         try {

  225.             $this->checkAuthorization('media.update');

  226. 

  227.             $object = $this->getObject();

  228.             if (null === $object) {

  229.                 throw new RuntimeException('Not Found', 404);

  230.             }

  231. 

  232.             if (!method_exists($object, 'getMediaField')) {

  233.                 throw new RuntimeException('Not Found', 404);

  234.             }

  235. 

  236.             $object->refresh();

  237. 

  238.             // Get updated object from Form Flash.

  239.             $flash = $this->getFormFlash($object);

  240.             if ($flash->exists()) {

  241.                 $object = $flash->getObject() ?? $object;

  242.                 $object->update([], $flash->getFilesByFields());

  243.             }

  244. 

  245.             // Get field and data for the uploaded media.

  246.             $field = (string)$this->getPost('field');

  247.             $media = $object->getMediaField($field);

  248.             if (!$media) {

  249.                 throw new RuntimeException('Media field not found: ' . $field, 404);

  250.             }

  251. 

  252.             // Create id => filename map from all files in the media.

  253.             $map = [];

  254.             foreach ($media as $name => $medium) {

  255.                 $id = $medium->get('meta.id');

  256.                 if ($id) {

  257.                     $map[$id] = $name;

  258.                 }

  259.             }

  260. 

  261.             // Get reorder list and reorder the map.

  262.             $data = $this->getPost('data');

  263.             if (is_string($data)) {

  264.                 $data = json_decode($data, true);

  265.             }

  266.             $data = array_fill_keys($data, null);

  267.             $map = array_filter(array_merge($data, $map), static function($val) { return $val !== null; });

  268. 

  269.             // Reorder the files.

  270.             $files = $object->getNestedProperty($field, []);

  271.             $map = array_fill_keys($map, null);

  272.             $files = array_filter(array_merge($map, $files), static function($val) { return $val !== null; });

  273. 

  274.             // Update field.

  275.             $object->setNestedProperty($field, $files);

  276.             $object->save();

  277.             $flash->save();

  278. 

  279.             $response = [

  280.                 'code' => 200,

  281.                 'status' => 'success',

  282.                 'message' => $this->translate('PLUGIN_ADMIN.FIELD_REORDER_SUCCESSFUL'),

  283.                 'field' => $field,

  284.                 'ordering' => array_keys($files)

  285.             ];

  286.         } catch (\Exception $e) {

  287.             /** @var Debugger $debugger */

  288.             $debugger = $this->grav['debugger'];

  289.             $debugger->addException($e);

  290. 

  291.             $ex = new RuntimeException($this->translate('PLUGIN_ADMIN.FIELD_REORDER_FAILED', $field), $e->getCode(), $e);

  292.             return $this->createJsonErrorResponse($ex);

  293.         }

  294. 

  295.         return $this->createJsonResponse($response);

  296.     }

  297. 

  298.     /**

  299.      * @return ResponseInterface

  300.      */

  301.     public function taskMediaDelete(): ResponseInterface

  302.     {

  303.         $this->checkAuthorization('media.delete');

  304. 

  305.         /** @var FlexObjectInterface|null $object */

  306.         $object = $this->getObject();

  307.         if (!$object) {

  308.             throw new RuntimeException('Not Found', 404);

  309.         }

  310. 

  311.         $filename = $this->getPost('filename');

  312. 

  313.         // Handle bad filenames.

  314.         if (!Utils::checkFilename($filename)) {

  315.             throw new RuntimeException($this->translate('PLUGIN_ADMIN.NO_FILE_FOUND'), 400);

  316.         }

  317. 

  318.         try {

  319.             $field = $this->getPost('name');

  320.             $flash = $this->getFormFlash($object);

  321.             $flash->removeFile($filename, $field);

  322.             $flash->save();

  323.         } catch (Exception $e) {

  324.             throw new RuntimeException($e->getMessage(), $e->getCode(), $e);

  325.         }

  326. 

  327.         $response = [

  328.             'code'    => 200,

  329.             'status'  => 'success',

  330.             'message' => $this->translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')

  331.         ];

  332. 

  333.         return $this->createJsonResponse($response);

  334.     }

  335. 

  336.     /**

  337.      * Used in pagemedia field.

  338.      *

  339.      * @return ResponseInterface

  340.      */

  341.     public function taskMediaCopy(): ResponseInterface

  342.     {

  343.         $this->checkAuthorization('media.create');

  344. 

  345.         /** @var FlexObjectInterface|null $object */

  346.         $object = $this->getObject();

  347.         if (!$object) {

  348.             throw new RuntimeException('Not Found', 404);

  349.         }

  350. 

  351.         if (!method_exists($object, 'uploadMediaFile')) {

  352.             throw new RuntimeException('Not Found', 404);

  353.         }

  354. 

  355.         $request = $this->getRequest();

  356.         $files = $request->getUploadedFiles();

  357. 

  358.         $file = $files['file'] ?? null;

  359.         if (!$file instanceof UploadedFileInterface) {

  360.             throw new RuntimeException($this->translate('PLUGIN_ADMIN.INVALID_PARAMETERS'), 400);

  361.         }

  362. 

  363.         $post = $request->getParsedBody();

  364.         $filename = $post['name'] ?? $file->getClientFilename();

  365. 

  366.         // Upload media right away.

  367.         $object->uploadMediaFile($file, $filename);

  368. 

  369.         // Include exif metadata into the response if configured to do so

  370.         $metadata = [];

  371.         $include_metadata = $this->grav['config']->get('system.media.auto_metadata_exif', false);

  372.         if ($include_metadata) {

  373.             $basename = str_replace(['@3x', '@2x'], '', Utils::pathinfo($filename, PATHINFO_BASENAME));

  374.             $media = $object->getMedia();

  375.             if (isset($media[$basename])) {

  376.                 $metadata = $media[$basename]->metadata() ?: [];

  377.             }

  378.         }

  379. 

  380.         if ($object instanceof PageInterface) {

  381.             // Backwards compatibility to existing plugins.

  382.             // DEPRECATED: page

  383.             $this->grav->fireEvent('onAdminAfterAddMedia', new Event(['object' => $object, 'page' => $object]));

  384.         }

  385. 

  386.         $response = [

  387.             'code'    => 200,

  388.             'status'  => 'success',

  389.             'message' => $this->translate('PLUGIN_ADMIN.FILE_UPLOADED_SUCCESSFULLY'),

  390.             'filename' => htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'),

  391.             'metadata' => $metadata

  392.         ];

  393. 

  394.         return $this->createJsonResponse($response);

  395.     }

  396. 

  397. 

  398.     /**

  399.      * Used in pagemedia field.

  400.      *

  401.      * @return ResponseInterface

  402.      */

  403.     public function taskMediaRemove(): ResponseInterface

  404.     {

  405.         $this->checkAuthorization('media.delete');

  406. 

  407.         /** @var FlexObjectInterface|null $object */

  408.         $object = $this->getObject();

  409.         if (!$object) {

  410.             throw new RuntimeException('Not Found', 404);

  411.         }

  412. 

  413.         if (!method_exists($object, 'deleteMediaFile')) {

  414.             throw new RuntimeException('Not Found', 404);

  415.         }

  416. 

  417.         $field = $this->getPost('field');

  418.         $filename = $this->getPost('filename');

  419. 

  420.         // Handle bad filenames.

  421.         if (!Utils::checkFilename($filename)) {

  422.             throw new RuntimeException($this->translate('PLUGIN_ADMIN.NO_FILE_FOUND'), 400);

  423.         }

  424. 

  425.         $object->deleteMediaFile($filename, $field);

  426.         if ($field) {

  427.             $order = $object->getNestedProperty($field);

  428.             unset($order[$filename]);

  429.             $object->setNestedProperty($field, $order);

  430.             $object->save();

  431.         }

  432. 

  433.         if ($object instanceof PageInterface) {

  434.             // Backwards compatibility to existing plugins.

  435.             // DEPRECATED: page

  436.             $this->grav->fireEvent('onAdminAfterDelMedia', new Event(['object' => $object, 'page' => $object, 'media' => $object->getMedia(), 'filename' => $filename]));

  437.         }

  438. 

  439.         $response = [

  440.             'code'    => 200,

  441.             'status'  => 'success',

  442.             'message' => $this->translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')

  443.         ];

  444. 

  445.         return $this->createJsonResponse($response);

  446.     }

  447. 

  448.     /**

  449.      * @return ResponseInterface

  450.      */

  451.     public function actionMediaList(): ResponseInterface

  452.     {

  453.         $this->checkAuthorization('media.list');

  454. 

  455.         /** @var MediaInterface|FlexObjectInterface $object */

  456.         $object = $this->getObject();

  457.         if (!$object) {

  458.             throw new RuntimeException('Not Found', 404);

  459.         }

  460. 

  461.         // Get updated object from Form Flash.

  462.         $flash = $this->getFormFlash($object);

  463.         if ($flash->exists()) {

  464.             $object = $flash->getObject() ?? $object;

  465.             $object->update([], $flash->getFilesByFields());

  466.         }

  467. 

  468.         $media = $object->getMedia();

  469.         $media_list = [];

  470. 

  471.         /**

  472.          * @var string $name

  473.          * @var Medium $medium

  474.          */

  475.         foreach ($media->all() as $name => $medium) {

  476.             $media_list[$name] = [

  477.                 'url' => $medium->display($medium->get('extension') === 'svg' ? 'source' : 'thumbnail')->cropZoom(400, 300)->url(),

  478.                 'size' => $medium->get('size'),

  479.                 'metadata' => $medium->metadata() ?: [],

  480.                 'original' => $medium->higherQualityAlternative()->get('filename')

  481.             ];

  482.         }

  483. 

  484.         $response = [

  485.             'code' => 200,

  486.             'status' => 'success',

  487.             'results' => $media_list

  488.         ];

  489. 

  490.         return $this->createJsonResponse($response);

  491.     }

  492. 

  493.     /**

  494.      * Used by the filepicker field to get a list of files in a folder.

  495.      *

  496.      * @return ResponseInterface

  497.      */

  498.     protected function actionMediaPicker(): ResponseInterface

  499.     {

  500.         $this->checkAuthorization('media.list');

  501. 

  502.         /** @var FlexObject $object */

  503.         $object = $this->getObject();

  504.         if (!$object || !\is_callable([$object, 'getFieldSettings'])) {

  505.             throw new RuntimeException('Not Found', 404);

  506.         }

  507. 

  508.         // Get updated object from Form Flash.

  509.         $flash = $this->getFormFlash($object);

  510.         if ($flash->exists()) {

  511.             $object = $flash->getObject() ?? $object;

  512.             $object->update([], $flash->getFilesByFields());

  513.         }

  514. 

  515.         $name = $this->getPost('name');

  516.         $settings = $name ? $object->getFieldSettings($name) : null;

  517.         if (empty($settings['media_picker_field'])) {

  518.             throw new RuntimeException('Not Found', 404);

  519.         }

  520. 

  521.         $media = $object->getMediaField($name);

  522. 

  523.         $available_files = [];

  524.         $metadata = [];

  525.         $thumbs = [];

  526. 

  527.         /**

  528.          * @var string $name

  529.          * @var Medium $medium

  530.          */

  531.         foreach ($media->all() as $name => $medium) {

  532.             $available_files[] = $name;

  533. 

  534.             if (isset($settings['include_metadata'])) {

  535.                 $img_metadata = $medium->metadata();

  536.                 if ($img_metadata) {

  537.                     $metadata[$name] = $img_metadata;

  538.                 }

  539.             }

  540. 

  541.         }

  542. 

  543.         // Peak in the flashObject for optimistic filepicker updates

  544.         $pending_files = [];

  545.         $sessionField = base64_encode($this->grav['uri']->url());

  546.         $flash = $this->getSession()->getFlashObject('files-upload');

  547.         $folder = $media->getPath() ?: null;

  548. 

  549.         if ($flash && isset($flash[$sessionField])) {

  550.             foreach ($flash[$sessionField] as $field => $data) {

  551.                 foreach ($data as $file) {

  552.                     $test = \dirname($file['path']);

  553.                     if ($test === $folder) {

  554.                         $pending_files[] = $file['name'];

  555.                     }

  556.                 }

  557.             }

  558.         }

  559. 

  560.         $this->getSession()->setFlashObject('files-upload', $flash);

  561. 

  562.         // Handle Accepted file types

  563.         // Accept can only be file extensions (.pdf|.jpg)

  564.         if (isset($settings['accept'])) {

  565.             $available_files = array_filter($available_files, function ($file) use ($settings) {

  566.                 return $this->filterAcceptedFiles($file, $settings);

  567.             });

  568. 

  569.             $pending_files = array_filter($pending_files, function ($file) use ($settings) {

  570.                 return $this->filterAcceptedFiles($file, $settings);

  571.             });

  572.         }

  573. 

  574.         if (isset($settings['deny'])) {

  575.             $available_files = array_filter($available_files, function ($file) use ($settings) {

  576.                 return $this->filterDeniedFiles($file, $settings);

  577.             });

  578. 

  579.             $pending_files = array_filter($pending_files, function ($file) use ($settings) {

  580.                 return $this->filterDeniedFiles($file, $settings);

  581.             });

  582.         }

  583. 

  584.         // Generate thumbs if needed

  585.         if (isset($settings['preview_images']) && $settings['preview_images'] === true) {

  586.             foreach ($available_files as $filename) {

  587.                 $thumbs[$filename] = $media[$filename]->zoomCrop(100,100)->url();

  588.             }

  589.         }

  590. 

  591.         $response = [

  592.             'code' => 200,

  593.             'status' => 'success',

  594.             'files' => array_values($available_files),

  595.             'pending' => array_values($pending_files),

  596.             'folder' => $folder,

  597.             'metadata' => $metadata,

  598.             'thumbs' => $thumbs

  599.         ];

  600. 

  601.         return $this->createJsonResponse($response);

  602.     }

  603. 

  604.     /**

  605.      * @param string $file

  606.      * @param array $settings

  607.      * @return false|int

  608.      */

  609.     protected function filterAcceptedFiles(string $file, array $settings)

  610.     {

  611.         $valid = false;

  612. 

  613.         foreach ((array)$settings['accept'] as $type) {

  614.             $find = str_replace('*', '.*', $type);

  615.             $valid |= preg_match('#' . $find . '$#i', $file);

  616.         }

  617. 

  618.         return $valid;

  619.     }

  620. 

  621.     /**

  622.      * @param string $file

  623.      * @param array $settings

  624.      * @return false|int

  625.      */

  626.     protected function filterDeniedFiles(string $file, array $settings)

  627.     {

  628.         $valid = true;

  629. 

  630.         foreach ((array)$settings['deny'] as $type) {

  631.             $find = str_replace('*', '.*', $type);

  632.             $valid = !preg_match('#' . $find . '$#i', $file);

  633.         }

  634. 

  635.         return $valid;

  636.     }

  637. 

  638.     /**

  639.      * @param string $action

  640.      * @return void

  641.      * @throws LogicException

  642.      * @throws RuntimeException

  643.      */

  644.     protected function checkAuthorization(string $action): void

  645.     {

  646.         $object = $this->getObject();

  647.         if (!$object) {

  648.             throw new RuntimeException('Not Found', 404);

  649.         }

  650. 

  651.         // If object does not have ACL support ignore ACL checks.

  652.         if (!$object instanceof FlexAuthorizeInterface) {

  653.             return;

  654.         }

  655. 

  656.         switch ($action) {

  657.             case 'media.list':

  658.                 $action = 'read';

  659.                 break;

  660. 

  661.             case 'media.create':

  662.             case 'media.update':

  663.             case 'media.delete':

  664.                 $action = $object->exists() ? 'update' : 'create';

  665.                 break;

  666. 

  667.             default:

  668.                 throw new LogicException(sprintf('Unsupported authorize action %s', $action), 500);

  669.         }

  670. 

  671.         if (!$object->isAuthorized($action, null, $this->user)) {

  672.             throw new RuntimeException('Forbidden', 403);

  673.         }

  674.     }

  675. }