From 0f13c0428c4639137176a0768f327cacde13f626 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 22 Jan 2015 15:47:16 +0100
Subject: [PATCH] Controller: Introduce method assertHttpMethod()

We have actions where only certain HTTP methods, e.g. POST are allowed but they are not restricted yet.
Controller::assertHttpMethod() takes a number of allowed HTTP methods and responds with HTTP 405 in case
the current request's method is not one of the given methods.
---
 .../Icinga/Web/Controller/ActionController.php   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/library/Icinga/Web/Controller/ActionController.php b/library/Icinga/Web/Controller/ActionController.php
index cc4af4432..ba75d366f 100644
--- a/library/Icinga/Web/Controller/ActionController.php
+++ b/library/Icinga/Web/Controller/ActionController.php
@@ -146,6 +146,22 @@ class ActionController extends Zend_Controller_Action
         return $this;
     }
 
+    /**
+     * Respond with HTTP 405 if the current request's method is not one of the given methods
+     *
+     * @param   string $httpMethod                  Unlimited number of allowed HTTP methods
+     *
+     * @throws  \Zend_Controller_Action_Exception   If the request method is not one of the given methods
+     */
+    public function assertHttpMethod($httpMethod)
+    {
+        $httpMethods = array_flip(array_map('strtoupper', func_get_args()));
+        if (! isset($httpMethods[$this->getRequest()->getMethod()])) {
+            $this->getResponse()->setHeader('Allow', implode(', ', array_keys($httpMethods)));
+            throw new \Zend_Controller_Action_Exception($this->translate('Method Not Allowed'), 405);
+        }
+    }
+
     /**
      * Return restriction information for an eventually authenticated user
      *