Rewrite SaveEventCategories to be more robust and avoid security issues

fantasycalendar · Mar 4, 2024 · 5b650a5 · 5b650a5
1 parent ee37577
commit 5b650a5
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 27 deletions.
diff --git a/app/Jobs/SaveCalendarEvents.php b/app/Jobs/SaveCalendarEvents.php
@@ -9,6 +9,7 @@
 use Mews\Purifier\Facades\Purifier;
 
 use App\Models\CalendarEvent;
+use Illuminate\Support\Collection;
 
 class SaveCalendarEvents
 {
@@ -18,13 +19,13 @@ class SaveCalendarEvents
      * @return void
      */
     public function __construct(
-        public $events = [],
-        public $categoryIds = [],
-        public $calendarId = null,
+        public array $events,
+        public Collection $categoryIds,
+        public int $calendarId,
     ) {
     }
 
-    public static function dispatchSync($events, $categoryIds, $calendarId)
+    public static function dispatchSync(array $events, Collection $categoryIds, int $calendarId)
     {
         return (new static($events, $categoryIds, $calendarId))->handle();
     }
@@ -73,10 +74,10 @@ private function resolveCategoryId($value)
         }
 
         if (!is_numeric($value)) {
-            return Arr::get($this->categoryIds, $value, null);
+            return $this->categoryIds->get($value);
         }
 
-        if (in_array($value, $this->categoryIds)) {
+        if ($this->categoryIds->contains($value)) {
             return $value;
         }
 

diff --git a/app/Jobs/SaveEventCategories.php b/app/Jobs/SaveEventCategories.php
@@ -2,6 +2,7 @@
 
 namespace App\Jobs;
 
+use App\Models\Calendar;
 use App\Models\EventCategory;
 
 class SaveEventCategories
@@ -11,11 +12,13 @@ class SaveEventCategories
      *
      * @return void
      */
-    public function __construct(public $categories, public $calendarId)
-    {
+    public function __construct(
+        public array $categories,
+        public int $calendarId,
+    ) {
     }
 
-    public static function dispatchSync($categories, $calendarId)
+    public static function dispatchSync(array $categories = [], int $calendarId)
     {
         return (new static($categories, $calendarId))->handle();
     }
@@ -27,28 +30,43 @@ public static function dispatchSync($categories, $calendarId)
      */
     public function handle()
     {
-        $categoryids = [];
+        $calendar = Calendar::find($this->calendarId);
+        $existingCategories = $calendar->event_categories()
+            ->pluck('id', 'id');
+
+        // The end result of this is an array of category IDs
+        // - The key is the category ID from the request, which can either be:
+        //     - A string, which means it's a new category
+        //     - A number, which means it's an existing category
+        //
+        //  The value is the category ID in the database, whether we created or updated
+        $categoryIds = collect($this->categories)
+            ->sortBy('sort_by')
+            ->mapWithKeys(function ($event, $sortBy) use ($calendar, $existingCategories) {
+                $event['sort_by'] = $sortBy;
+
+                // This category has an ID, so we just need to update it
+                if (array_key_exists('id', $event) && $existingCategories->has($event['id'])) {
+                    $calendar->event_categories()
+                        ->where('id', $event['id'])
+                        ->update($event);
+
+                    return [$event['id'] => $event['id']];
+                }
 
-        foreach ($this->categories as $sort_by => $category) {
-            $category['sort_by'] = $sort_by;
+                // Otherwise, we need to create a new category
+                $stringid = $event['id'];
 
-            if (array_key_exists('id', $category) && is_numeric($category['id'])) {
-                $categoryids[] = $category['id'];
-                $category['category_settings'] = json_encode($category['category_settings']);
-                $category['event_settings'] = json_encode($category['event_settings']);
-                EventCategory::where('id', $category['id'])->update($category);
-            } else {
-                $category['calendar_id'] = $this->calendarId;
-                $stringid = $category['id'];
-                unset($category['id']);
+                $event = $calendar->event_categories()
+                    ->create($event);
 
-                $category = EventCategory::Create($category);
+                return [$stringid => $event->id];
+            });
 
-                $categoryids[$stringid] = $category->id;
-            }
-        }
-        EventCategory::where('calendar_id', $this->calendarId)->whereNotIn('id', $categoryids)->delete();
+        $calendar->event_categories()
+            ->whereNotIn('id', $categoryIds)
+            ->delete();
 
-        return $categoryids;
+        return $categoryIds;
     }
 }