You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/developer/software_and_system_design/router.md
+20-40Lines changed: 20 additions & 40 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,44 +30,36 @@ While most routes in Submitty are specific to one course, there are places that
30
30
For those routes, it is simple to set up a route.
31
31
32
32
```php
33
-
/**
34
-
* @Route("/home")
35
-
*/
33
+
#[Route("/home")]
36
34
public function showHomepage() {...}
37
35
```
38
36
39
37
#### Route with Course Information
40
38
41
-
A majority of links in Submitty require course information to return correct contents. Therefore, it is necessary for the router to know which `(term, course)` tuple is requested. It is needed to prepend the route with `/courses/{_term}/{_course}`. The course information will be loaded automatically before calling the function.
39
+
A majority of links in Submitty require course information to return correct contents. Therefore, it is necessary for the router to know which `(semester, course)` tuple is requested. It is needed to prepend the route with `/courses/{_semester}/{_course}`. The course information will be loaded automatically before calling the function.
public function showHomeworkPage($gradeable_id) {...}
61
55
```
62
56
63
-
Note that `{_term}` and `{_course}` are actually special cases of parameters that are automatically processed by the router.
57
+
Note that `{_semester}` and `{_course}` are actually special cases of parameters that are automatically processed by the router.
64
58
65
59
Also, note that parameters in the `GET` query are passed to the function too without the need for explicit definition as long as parameter names are the same.
66
60
67
61
```php
68
-
/**
69
-
* @Route("/authentication/login")
70
-
*/
62
+
#[Route("/authentication/login")]
71
63
public function loginForm($old = null) {...}
72
64
```
73
65
@@ -78,16 +70,12 @@ The value of `$old` will be set to `Submitty` if you go to `/authentication/logi
78
70
In some cases, you may want routes to match number-only parameters, or those not starting with certain words. This could be done by adding a `requirements` field in the route definition.
@@ -98,27 +86,23 @@ To prevent [cross-site request forgery](https://en.wikipedia.org/wiki/Cross-site
98
86
Note that, by default, the `methods` of routes are set to be `ALL`, which means the route accepts all kind of requests. Therefore, in some cases one route may be masked by another. If you have two routes with the same name, please specify the `methods` of both.
Access control can be enforced easily via `@AccessControl` annotation. Please add `use app\libraries\routers\AccessControl` to the file before using it.
95
+
Access control can be enforced easily via `#[AccessControl(...)]` annotation. Please add `use app\libraries\routers\AccessControl` to the file before using it.
110
96
111
97
For example, the following route will only allow instructor access.
public function modifyCourseMaterialsFilePermission($filename, $checked)
119
103
```
120
104
121
-
For more examples about `@AccessControl`, please read [the documentation in the code](https://github.com/Submitty/Submitty/blob/master/site/app/libraries/routers/AccessControl.php).
105
+
For more examples about `#[AccessControl(...)]`, please read [the documentation in the code](https://github.com/Submitty/Submitty/blob/master/site/app/libraries/routers/AccessControl.php).
122
106
123
107
#### Route for API
124
108
@@ -130,20 +114,16 @@ Any route that uses the `/api` goes through a slightly different authentication
130
114
For example, the following route is the API for list of courses:
public function showHomeworkPage($gradeable_id, $gradeable_version = null) {...}
102
94
```
103
95
104
96
The above example allows users to optionally include a
105
97
gradeable_version in the URL while still calling the same function.
106
98
107
99
#### Access Control
108
100
109
-
The router can also restrict certain users by pattern matching against the user's access group. This can be done by adding the "\@AccessControl" annotation and giving a specific role. The following roles can be used
101
+
The router can also restrict certain users by pattern matching against the user's access group. This can be done by adding the `#[AccessControl(...)]` annotation and giving a specific role. The following roles can be used
*Note* You can restrict users by permission and role at the same time by using both parameters : `@AccessControl(role="STUDENT", permission="gradeable.submit.everyone")`
133
+
*Note* You can restrict users by permission and role at the same time by using both parameters : `#[AccessControl(role="STUDENT", permission="gradeable.submit.everyone")]`
146
134
147
135
148
136
Certain controllers can have every function restricted to a certain
149
137
role, for example the controllers under `site/app/controllers/admin`.
150
138
You can annotate access across an entire class at once to prevent writing the same thing over every function.
151
139
152
140
```php
153
-
/**
154
-
* Class AdminGradeableController
155
-
* @AccessControl(role="INSTRUCTOR")
156
-
*/
157
-
class AdminGradeableController extends AbstractController {
141
+
#[AccessControl(role: "INSTRUCTOR")]
142
+
class AdminGradeableController extends AbstractController {...}
158
143
```
159
144
160
145
Every function within `AdminGradeableController.php` will share this
@@ -173,11 +158,9 @@ behave very similarly as well.
173
158
174
159
API routes always start with `/api/`. The following are examples of valid API routes.
0 commit comments