add validation to user/update ・ d9f4d1f ・ Gitprep

+67 -59

templates/auto/_admin/user/update.html.ep

@@ -5,74 +5,82 @@
   my $user_id = param('id');
   
   my $errors;
-  if ($op eq 'update') {
-  
-    # Parameters
-    my $id = param('id');
-    my $name = param('name');
-    my $email = param('email');
-    
-    # Validator
-    my $vc = app->vc;
-    
-    # Validation result
-    my $validation = $vc->validation;
-    
-    # "id" check
-    if (!(defined $id && length $id)) {
-      $validation->add_failed(id => 'User id is empty.');
-    }
+  if (lc $self->req->method eq 'post') {
+    if ($op eq 'update') {
     
-    # "name" check
-    $name //= '';
-    
-    # "email" check
-    if (!(defined $email && length $email)) {
-      $validation->add_failed(email => "Mail must be not empty");
-    }
-    elsif ($email !~ /\@/) {
-      $validation->add_failed(email => "Invalid mail address");
-    }
-    else {
-      my $where = app->dbi->where;
-      my $clause = [
-        'and',
-        ':email{=}',
-        ':id{<>}'
-      ];
-      my $param = {
-        email => $email,
-        id => $user_id
-      };
-      $where->clause($clause);
-      $where->param($param);
+      # Parameters
+      my $id = param('id');
+      my $name = param('name');
+      my $email = param('email');
+      
+      # Validator
+      my $vc = app->vc;
       
-      my $row = app->dbi->model('user')->select(where => $where)->one;
-      if ($row) {
-        $validation->add_failed(email => "Mail $email already exists");
+      # Validation result
+      my $validation = $vc->validation;
+      
+      # "id" check
+      if (!(defined $id && length $id)) {
+        $validation->add_failed(id => 'User id is empty.');
+      }
+      elsif (length $name > 300) {
+        $validation->add_failed(id => 'User id is too long.');
       }
-    }
-    
-    if ($validation->is_valid) {
       
-      # Encrypt password
-      my $params = {};
-      $params->{name} = $name;
-      $params->{email} = $email;
+      # "name" check
+      $name //= '';
       
-      # Update user
-      eval { app->dbi->model('user')->update($params, where => {id => $id}) };
-      if (my $e = $@) {
-        app->log->error(url_for . ": $e");
-        $errors = ['Internal Error'];
+      # "email" check
+      if (!(defined $email && length $email)) {
+        $validation->add_failed(email => "Mail must be not empty");
+      }
+      elsif (length $email > 300) {
+        $validation->add_failed(email => "Mail is too long");
+      }
+      elsif ($email !~ /\@/) {
+        $validation->add_failed(email => "Invalid mail address");
       }
       else {
-        $self->flash(success => 1);
-        $self->flash(id => $id);
-        $self->redirect_to(url_for->query(id => $id));
+        my $where = app->dbi->where;
+        my $clause = [
+          'and',
+          ':email{=}',
+          ':id{<>}'
+        ];
+        my $param = {
+          email => $email,
+          id => $user_id
+        };
+        $where->clause($clause);
+        $where->param($param);
+        
+        my $row = app->dbi->model('user')->select(where => $where)->one;
+        if ($row) {
+          $validation->add_failed(email => "Mail $email already exists");
+        }
+      }
+      
+      if ($validation->is_valid) {
+        
+        # Encrypt password
+        my $params = {};
+        $params->{name} = $name;
+        $params->{email} = $email;
+        
+        # Update user
+        eval { app->dbi->model('user')->update($params, where => {id => $id}) };
+        if (my $e = $@) {
+          app->log->error(url_for . ": $e");
+          $errors = ['Internal Error'];
+        }
+        else {
+          $self->flash(success => 1);
+          $self->flash(id => $id);
+          $self->redirect_to(url_for->query(id => $id));
+        }
       }
+      else { $errors = $validation->messages }
     }
-    else { $errors = $validation->messages }
   }
   
   my $user = app->dbi->model('user')->select(

...	...	@@ -5,74 +5,82 @@
5	5	my $user_id = param('id');
6	6
7	7	my $errors;
8		- if ($op eq 'update') {
9		-
10		- # Parameters
11		- my $id = param('id');
12		- my $name = param('name');
13		- my $email = param('email');
14		-
15		- # Validator
16		- my $vc = app->vc;
17		-
18		- # Validation result
19		- my $validation = $vc->validation;
20		-
21		- # "id" check
22		- if (!(defined $id && length $id)) {
23		- $validation->add_failed(id => 'User id is empty.');
24		- }
	8	+ if (lc $self->req->method eq 'post') {
	9	+ if ($op eq 'update') {
25	10
26		- # "name" check
27		- $name //= '';
28		-
29		- # "email" check
30		- if (!(defined $email && length $email)) {
31		- $validation->add_failed(email => "Mail must be not empty");
32		- }
33		- elsif ($email !~ /\@/) {
34		- $validation->add_failed(email => "Invalid mail address");
35		- }
36		- else {
37		- my $where = app->dbi->where;
38		- my $clause = [
39		- 'and',
40		- ':email{=}',
41		- ':id{<>}'
42		- ];
43		- my $param = {
44		- email => $email,
45		- id => $user_id
46		- };
47		- $where->clause($clause);
48		- $where->param($param);
	11	+ # Parameters
	12	+ my $id = param('id');
	13	+ my $name = param('name');
	14	+ my $email = param('email');
	15	+
	16	+ # Validator
	17	+ my $vc = app->vc;
49	18
50		- my $row = app->dbi->model('user')->select(where => $where)->one;
51		- if ($row) {
52		- $validation->add_failed(email => "Mail $email already exists");
	19	+ # Validation result
	20	+ my $validation = $vc->validation;
	21	+
	22	+ # "id" check
	23	+ if (!(defined $id && length $id)) {
	24	+ $validation->add_failed(id => 'User id is empty.');
	25	+ }
	26	+ elsif (length $name > 300) {
	27	+ $validation->add_failed(id => 'User id is too long.');
53	28	}
54		- }
55		-
56		- if ($validation->is_valid) {
57	29
58		- # Encrypt password
59		- my $params = {};
60		- $params->{name} = $name;
61		- $params->{email} = $email;
	30	+ # "name" check
	31	+ $name //= '';
62	32
63		- # Update user
64		- eval { app->dbi->model('user')->update($params, where => {id => $id}) };
65		- if (my $e = $@) {
66		- app->log->error(url_for . ": $e");
67		- $errors = ['Internal Error'];
	33	+ # "email" check
	34	+ if (!(defined $email && length $email)) {
	35	+ $validation->add_failed(email => "Mail must be not empty");
	36	+ }
	37	+ elsif (length $email > 300) {
	38	+ $validation->add_failed(email => "Mail is too long");
	39	+ }
	40	+ elsif ($email !~ /\@/) {
	41	+ $validation->add_failed(email => "Invalid mail address");
68	42	}
69	43	else {
70		- $self->flash(success => 1);
71		- $self->flash(id => $id);
72		- $self->redirect_to(url_for->query(id => $id));
	44	+ my $where = app->dbi->where;
	45	+ my $clause = [
	46	+ 'and',
	47	+ ':email{=}',
	48	+ ':id{<>}'
	49	+ ];
	50	+ my $param = {
	51	+ email => $email,
	52	+ id => $user_id
	53	+ };
	54	+ $where->clause($clause);
	55	+ $where->param($param);
	56	+
	57	+ my $row = app->dbi->model('user')->select(where => $where)->one;
	58	+ if ($row) {
	59	+ $validation->add_failed(email => "Mail $email already exists");
	60	+ }
	61	+ }
	62	+
	63	+ if ($validation->is_valid) {
	64	+
	65	+ # Encrypt password
	66	+ my $params = {};
	67	+ $params->{name} = $name;
	68	+ $params->{email} = $email;
	69	+
	70	+ # Update user
	71	+ eval { app->dbi->model('user')->update($params, where => {id => $id}) };
	72	+ if (my $e = $@) {
	73	+ app->log->error(url_for . ": $e");
	74	+ $errors = ['Internal Error'];
	75	+ }
	76	+ else {
	77	+ $self->flash(success => 1);
	78	+ $self->flash(id => $id);
	79	+ $self->redirect_to(url_for->query(id => $id));
	80	+ }
73	81	}
	82	+ else { $errors = $validation->messages }
74	83	}
75		- else { $errors = $validation->messages }
76	84	}
77	85
78	86	my $user = app->dbi->model('user')->select(