diff --git a/developer_manual/app_development/tutorial.rst b/developer_manual/app_development/tutorial.rst index 7e2374309..22de45de2 100644 --- a/developer_manual/app_development/tutorial.rst +++ b/developer_manual/app_development/tutorial.rst @@ -83,7 +83,7 @@ On the client side we can call these URLs with the following jQuery code: // handle failure }); -On the server side we need to register a callback that is executed once the request comes in. The callback itself will be a method on a :doc:`controller ` and the controller will be connected to the URL with a :doc:`route `. The controller and route for the page are already set up in **notestutorial/appinfo/routes.php**: +On the server side we need to register a callback that is executed once the request comes in. The callback itself will be a method on a :doc:`controller <../basics/controllers>` and the controller will be connected to the URL with a :doc:`route <../basics/controllers>`. The controller and route for the page are already set up in **notestutorial/appinfo/routes.php**: .. code-block:: php @@ -94,7 +94,7 @@ On the server side we need to register a callback that is executed once the requ This route calls the controller **OCA\\notestutorial\\PageController->index()** method which is defined in **notestutorial/lib/Controller/PageController.php**. The controller returns a :doc:`template `, in this case **notestutorial/templates/main.php**: -.. note:: @NoAdminRequired and @NoCSRFRequired in the comments above the method turn off security checks, see :doc:`requests/controllers` +.. note:: @NoAdminRequired and @NoCSRFRequired in the comments above the method turn off security checks, see :doc:`../basics/controllers` .. code-block:: php diff --git a/developer_manual/basics/front-end/templates.rst b/developer_manual/basics/front-end/templates.rst index c6ae0589e..f6078928c 100644 --- a/developer_manual/basics/front-end/templates.rst +++ b/developer_manual/basics/front-end/templates.rst @@ -4,7 +4,7 @@ Templates .. sectionauthor:: Bernhard Posselt -Nextcloud provides its own templating system which is basically plain PHP with some additional functions and preset variables. All the parameters which have been passed from the :doc:`controller <../requests/controllers>` are available in an array called **$_[]**, e.g.:: +Nextcloud provides its own templating system which is basically plain PHP with some additional functions and preset variables. All the parameters which have been passed from the :doc:`controller <../controllers>` are available in an array called **$_[]**, e.g.:: array('key' => 'something') diff --git a/developer_manual/prologue/security.rst b/developer_manual/prologue/security.rst index 523cd7d16..49c9cc7a6 100644 --- a/developer_manual/prologue/security.rst +++ b/developer_manual/prologue/security.rst @@ -204,7 +204,7 @@ Nextcloud offers three simple checks: * **OCP\\JSON::checkAdminUser()**: Checks if the logged in user has admin privileges * **OCP\\JSON::checkSubAdminUser()**: Checks if the logged in user has group admin privileges -Using the App Framework, these checks are already automatically performed for each request and have to be explicitly turned off by using annotations above your controller method, see :doc:`../app/requests/controllers`. +Using the App Framework, these checks are already automatically performed for each request and have to be explicitly turned off by using annotations above your controller method, see :doc:`../basics/controllers`. Additionally always check if the user has the right to perform that action. (e.g. a user should not be able to delete other users' bookmarks). @@ -227,7 +227,7 @@ To prevent CSRF in an app, be sure to call the following method at the top of al