Temporay added @NoCSRFRequired

7 files changed, 21 insertions, 32 deletions

diff --git a/lib/Controller/CommentController.php b/lib/Controller/CommentController.php
index 7767a819..082bbbb3 100644
--- a/lib/Controller/CommentController.php
+++ b/lib/Controller/CommentController.php
@@ -92,6 +92,7 @@ class CommentController extends Controller {
 	 * get
 	 * Read all comments of a poll based on the poll id and return list as array
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return DataResponse
 	 */
@@ -137,7 +138,6 @@ class CommentController extends Controller {
 	}
 
 	/**
-	 * write
 	 * Write a new comment to the db and returns the new comment as array
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
@@ -147,7 +147,6 @@ class CommentController extends Controller {
 	 * @return DataResponse
 	 */
 	public function write($pollId, $userId, $message) {
-		$this->logger->alert('write');
 		if (!\OC::$server->getUserSession()->isLoggedIn() && !$this->acl->getFoundByToken()) {
 			$this->logger->alert('not allowed ' . json_encode(\OC::$server->getUserSession()->isLoggedIn()));
 			return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
@@ -176,8 +175,6 @@ class CommentController extends Controller {
 			return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
 		}
 
-
-		$this->logger->alert('ok ' . json_encode($comment));
 		return new DataResponse($comment, Http::STATUS_OK);
 
 	}
@@ -209,6 +206,7 @@ class CommentController extends Controller {
 	/**
 	 * delete
 	 * Delete Comment
+	 * @NoCSRFRequired
 	 * @NoAdminRequired
 	 * @param int $pollId
 	 * @param string $message
diff --git a/lib/Controller/OptionController.php b/lib/Controller/OptionController.php
index e078fefa..4186bd0b 100644
--- a/lib/Controller/OptionController.php
+++ b/lib/Controller/OptionController.php
@@ -121,6 +121,7 @@ class OptionController extends Controller {
 	/**
 	 * Get all options of given poll
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return array Array of Option objects
 	 */
@@ -166,6 +167,7 @@ class OptionController extends Controller {
 	/**
 	 * Add a new Option to poll
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Option $option
 	 * @return DataResponse
 	 */
@@ -189,6 +191,7 @@ class OptionController extends Controller {
 	/**
 	 * Update poll option
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Option $option
 	 * @return DataResponse
 	 */
@@ -212,6 +215,7 @@ class OptionController extends Controller {
 	/**
 	 * Remove a single option
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Option $option
 	 * @return DataResponse
 	 */
@@ -239,6 +243,7 @@ class OptionController extends Controller {
 	/**
 	 * Set order by order of the given array
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Array $options
 	 * @return DataResponse
 	 */
diff --git a/lib/Controller/PollController.php b/lib/Controller/PollController.php
index 9b535fe0..b3494c4c 100644
--- a/lib/Controller/PollController.php
+++ b/lib/Controller/PollController.php
@@ -239,6 +239,7 @@
 	/**
 	 * delete
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Array $poll
 	 * @return DataResponse
 	 */
@@ -273,6 +274,7 @@
 	/**
 	 * deletePermanently
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Array $poll
 	 * @return DataResponse
 	 */
@@ -305,6 +307,7 @@
 	/**
 	 * write
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Array $poll
 	 * @return DataResponse
 	 */
@@ -360,6 +363,7 @@
 	/**
 	 * clone
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return DataResponse
 	 */
diff --git a/lib/Controller/ShareController.php b/lib/Controller/ShareController.php
index f763ff5b..15eee195 100644
--- a/lib/Controller/ShareController.php
+++ b/lib/Controller/ShareController.php
@@ -112,6 +112,7 @@ class ShareController extends Controller {
 	 * get
 	 * Read all shares of a poll based on the poll id and return list as array
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return DataResponse
 	 */
@@ -134,9 +135,9 @@ class ShareController extends Controller {
 	}
 
 	/**
-	 * write
 	 * Write a new share to the db and returns the new share as array
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param int $pollId
 	 * @param string $message
 	 * @return DataResponse
@@ -161,9 +162,7 @@ class ShareController extends Controller {
 
 		try {
 			$newShare = $this->mapper->insert($newShare);
-			// $this->logger->debug('Share inserted, sending out invitation mail now.');
 			$sendResult = $this->mailService->sendInvitationMail($newShare->getToken());
-			// $this->logger->debug('Sending result ' . json_encode($sendResult));
 
 			return new DataResponse([
 				'share' => $newShare,
@@ -179,9 +178,9 @@ class ShareController extends Controller {
 	/**
 	 * createPersonalShare
 	 * Write a new share to the db and returns the new share as array
-	 * or
 	 * @NoAdminRequired
 	 * @PublicPage
+	 * @NoCSRFRequired
 	 * @param int $pollId
 	 * @param string $message
 	 * @return DataResponse
@@ -212,7 +211,6 @@ class ShareController extends Controller {
 				$userShare->setPollId($publicShare->getPollId());
 				$userShare->setUserId($userName);
 				$userShare->setUserEmail('');
-				$this->logger->debug('Create share: ' . json_encode($userShare));
 				$userShare = $this->mapper->insert($userShare);
 				return new DataResponse($userShare, Http::STATUS_OK);
 
@@ -221,7 +219,6 @@ class ShareController extends Controller {
 				$publicShare->setType('external');
 				$publicShare->setUserId($userName);
 				$this->mapper->update($publicShare);
-				$this->logger->alert(json_encode($publicShare));
 				return new DataResponse($publicShare, Http::STATUS_OK);
 
 			} else {
@@ -238,6 +235,7 @@ class ShareController extends Controller {
 	 * remove
 	 * remove share
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param Share $share
 	 * @return DataResponse
 	 */
diff --git a/lib/Controller/SubscriptionController.php b/lib/Controller/SubscriptionController.php
index d4da1bcb..8a5bf445 100644
--- a/lib/Controller/SubscriptionController.php
+++ b/lib/Controller/SubscriptionController.php
@@ -68,6 +68,7 @@ class SubscriptionController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return DataResponse
 	 */
@@ -89,6 +90,7 @@ class SubscriptionController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 */
 	public function set($pollId, $subscribed) {
diff --git a/lib/Controller/SystemController.php b/lib/Controller/SystemController.php
index ad091d6e..86051bfb 100644
--- a/lib/Controller/SystemController.php
+++ b/lib/Controller/SystemController.php
@@ -94,6 +94,7 @@ class SystemController extends Controller {
 	/**
 	 * Get a list of NC users, groups and contacts
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param string $query
 	 * @param bool $getGroups - search in groups
 	 * @param bool $getUsers - search in site users
@@ -311,26 +312,4 @@ class SystemController extends Controller {
 			return $this->userId;
 		}
 	}
-
-
-
-	//
-	//
-	// /**
-	//  * Get some system informations
-	//  * @NoAdminRequired
-	//  * @return DataResponse
-	//  */
-	// public function getSystem() {
-	// 	$data = array();
-	//
-	// 	$data['system'] = [
-	// 		'versionArray' => \OCP\Util::getVersion(),
-	// 		'version' => implode('.', \OCP\Util::getVersion()),
-	// 		'vendor' => $this->getVendor(),
-	// 		'language' => $this->systemConfig->getUserValue($this->userId, 'core', 'lang')
-	// 	];
-	//
-	// 	return new DataResponse($data, Http::STATUS_OK);
-	// }
 }
diff --git a/lib/Controller/VoteController.php b/lib/Controller/VoteController.php
index 7ce4b423..ad8936bd 100644
--- a/lib/Controller/VoteController.php
+++ b/lib/Controller/VoteController.php
@@ -100,6 +100,7 @@ class VoteController extends Controller {
 	 * Get all votes of given poll
 	 * Read all votes of a poll based on the poll id and return list as array
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @return DataResponse
 	 */
@@ -129,6 +130,7 @@ class VoteController extends Controller {
 	/**
 	 * set
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $pollId
 	 * @param Array $option
 	 * @param string $userId
@@ -164,6 +166,7 @@ class VoteController extends Controller {
 	/**
 	 * delete
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 * @param integer $voteId
 	 * @param string $userId
 	 * @param integer $pollId