fix(api): acls cannot be public and admins a the same time

mrflos · mrflos · commit 0d4efc880a72 · 2025-04-18T16:04:28.000+03:00
diff --git a/docs/en/dev.md b/docs/en/dev.md
@@ -575,7 +575,7 @@ to
 
 ```php
 /**
- * @Route("/api/myroute",options={"acl":{"public","@mygroup"}})
+ * @Route("/api/myroute",options={"acl":{"@mygroup"}})
  */
 ```
 
diff --git a/includes/YesWikiInit.php b/includes/YesWikiInit.php
@@ -339,7 +339,6 @@ public function initRoutes($wiki)
                 new AnnotationReader()
             )
         );
-
         // Core controllers
         $routes->addCollection($loader->load('includes/controllers'));
 
diff --git a/includes/controllers/ApiController.php b/includes/controllers/ApiController.php
@@ -133,7 +133,7 @@ public function getUser($userId)
     }
 
     /**
-     * @Route("/api/users/{userId}/delete",methods={"POST"}, options={"acl":{"public","@admins"}})
+     * @Route("/api/users/{userId}/delete",methods={"POST"}, options={"acl":{"@admins"}})
      */
     public function deleteUser($userId)
     {
@@ -183,7 +183,7 @@ public function deleteUser($userId)
     }
 
     /**
-     * @Route("/api/users",methods={"POST"}, options={"acl":{"public","@admins"}})
+     * @Route("/api/users",methods={"POST"}, options={"acl":{"@admins"}})
      */
     public function createUser()
     {
@@ -276,7 +276,7 @@ public function getAllUsers($userFields = ['name', 'email', 'signuptime'])
     }
 
     /**
-     * @Route("api/groups/{group_name}/delete",methods={"POST"},options={"acl":{"public","@admins"}})
+     * @Route("api/groups/{group_name}/delete",methods={"POST"},options={"acl":{"@admins"}})
      */
     public function deleteGroup(string $group_name)
     {
@@ -451,7 +451,7 @@ public function getAllComments($tag = '')
     }
 
     /**
-     * @Route("/api/comments",methods={"POST"}, options={"acl":{"public","+"}})
+     * @Route("/api/comments",methods={"POST"}, options={"acl":{"+"}})
      */
     public function postComment()
     {
@@ -462,7 +462,7 @@ public function postComment()
     }
 
     /**
-     * @Route("/api/comments/{tag}",methods={"POST"}, options={"acl":{"public","+"}})
+     * @Route("/api/comments/{tag}",methods={"POST"}, options={"acl":{"+"}})
      */
     public function editComment($tag)
     {
@@ -473,7 +473,7 @@ public function editComment($tag)
     }
 
     /**
-     * @Route("/api/comments/{tag}",methods={"DELETE"}, options={"acl":{"public","+"}})
+     * @Route("/api/comments/{tag}",methods={"DELETE"}, options={"acl":{"+"}})
      */
     public function deleteComment($tag)
     {
@@ -488,7 +488,7 @@ public function deleteComment($tag)
     }
 
     /**
-     * @Route("/api/comments/{tag}/delete",methods={"POST"}, options={"acl":{"public","+"}})
+     * @Route("/api/comments/{tag}/delete",methods={"POST"}, options={"acl":{"+"}})
      */
     public function deleteCommentViaPostMethod($tag)
     {
@@ -563,7 +563,7 @@ public function getPage(Request $request, $tag)
     }
 
     /**
-     * @Route("/api/pages/{tag}/duplicate",methods={"POST"},options={"acl":{"public","@admins"}})
+     * @Route("/api/pages/{tag}/duplicate",methods={"POST"},options={"acl":{"@admins"}})
      */
     public function duplicatePage(Request $request, $tag)
     {
@@ -579,7 +579,7 @@ public function duplicatePage(Request $request, $tag)
     }
 
     /**
-     * @Route("/api/pages/{tag}",methods={"DELETE"},options={"acl":{"public","+"}})
+     * @Route("/api/pages/{tag}",methods={"DELETE"},options={"acl":{"+"}})
      */
     public function deletePage($tag)
     {
@@ -635,7 +635,7 @@ public function deletePage($tag)
     }
 
     /**
-     * @Route("/api/pages/{tag}/delete",methods={"POST"},options={"acl":{"public","+"}})
+     * @Route("/api/pages/{tag}/delete",methods={"POST"},options={"acl":{"+"}})
      */
     public function deletePageByGetMethod($tag)
     {
@@ -700,7 +700,7 @@ public function getReactionsFromUser($userId, $id)
     }
 
     /**
-     * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}", methods={"DELETE"}, options={"acl":{"public", "+"}})
+     * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}", methods={"DELETE"}, options={"acl":{"+"}})
      */
     public function deleteReaction($idreaction, $id, $page, $username)
     {
@@ -738,15 +738,15 @@ public function deleteReaction($idreaction, $id, $page, $username)
     }
 
     /**
-     * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}/delete",methods={"GET"},options={"acl":{"public","+"}})
+     * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}/delete",methods={"GET"},options={"acl":{"+"}})
      */
     public function deleteReactionByGetMethod($idreaction, $id, $page, $username)
     {
         return $this->deleteReaction($idreaction, $id, $page, $username);
     }
 
     /**
-     * @Route("/api/reactions", methods={"POST"}, options={"acl":{"public", "+"}})
+     * @Route("/api/reactions", methods={"POST"}, options={"acl":{"+"}})
      */
     public function addReactionFromUser()
     {
@@ -823,7 +823,7 @@ public function addReactionFromUser()
     }
 
     /**
-     * @Route("/api/triples", methods={"GET"}, options={"acl":{"public", "+"}})
+     * @Route("/api/triples", methods={"GET"}, options={"acl":{"+"}})
      */
     public function ByResource()
     {
@@ -848,7 +848,7 @@ public function ByResource()
     }
 
     /**
-     * @Route("/api/triples/{resource}", methods={"GET"}, options={"acl":{"public", "+"}})
+     * @Route("/api/triples/{resource}", methods={"GET"}, options={"acl":{"+"}})
      */
     public function getTriplesByResource($resource)
     {
@@ -873,7 +873,7 @@ public function getTriplesByResource($resource)
     }
 
     /**
-     * @Route("/api/triples/{resource}", methods={"POST"}, options={"acl":{"public", "+"}})
+     * @Route("/api/triples/{resource}", methods={"POST"}, options={"acl":{"+"}})
      */
     public function setTriple($resource)
     {
@@ -920,7 +920,7 @@ public function setTriple($resource)
     }
 
     /**
-     * @Route("/api/triples/{resource}/delete", methods={"POST"}, options={"acl":{"public", "+"}})
+     * @Route("/api/triples/{resource}/delete", methods={"POST"}, options={"acl":{"+"}})
      */
     public function deleteTriples($resource)
     {
@@ -1045,15 +1045,15 @@ private function extractTriplesParams(string $method, $resource): array
     }
 
     /**
-     * @Route("/api/archives/{id}", methods={"GET"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/{id}", methods={"GET"}, options={"acl":{"@admins"}})
      */
     public function getArchive($id)
     {
         return $this->getService(ArchiveController::class)->getArchive($id);
     }
 
     /**
-     * @Route("/api/archives/uidstatus/{uid}", methods={"GET"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/uidstatus/{uid}", methods={"GET"}, options={"acl":{"@admins"}})
      */
     public function getArchiveStatus($uid)
     {
@@ -1064,7 +1064,7 @@ public function getArchiveStatus($uid)
     }
 
     /**
-     * @Route("/api/archives/archivingStatus/", methods={"GET"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/archivingStatus/", methods={"GET"}, options={"acl":{"@admins"}})
      */
     public function getArchivingStatus()
     {
@@ -1075,7 +1075,7 @@ public function getArchivingStatus()
     }
 
     /**
-     * @Route("/api/archives/forcedUpdateToken/", methods={"GET"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/forcedUpdateToken/", methods={"GET"}, options={"acl":{"@admins"}})
      */
     public function getForcedUpdateToken()
     {
@@ -1088,8 +1088,8 @@ public function getForcedUpdateToken()
     }
 
     /**
-     * @Route("/api/archives/", methods={"GET"}, options={"acl":{"public", "@admins"}})
-     * @Route("/api/archives", methods={"GET"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/", methods={"GET"}, options={"acl":{"@admins"}})
+     * @Route("/api/archives", methods={"GET"}, options={"acl":{"@admins"}})
      */
     public function getArchives()
     {
@@ -1102,15 +1102,15 @@ public function getArchives()
     }
 
     /**
-     * @Route("/api/archives/{id}", methods={"POST"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives/{id}", methods={"POST"}, options={"acl":{"@admins"}})
      */
     public function archiveAction($id)
     {
         return $this->getService(ArchiveController::class)->manageArchiveAction($id);
     }
 
     /**
-     * @Route("/api/archives", methods={"POST"}, options={"acl":{"public", "@admins"}})
+     * @Route("/api/archives", methods={"POST"}, options={"acl":{"@admins"}})
      */
     public function archivesAction()
     {
diff --git a/tools/templates/controllers/ApiController.php b/tools/templates/controllers/ApiController.php
@@ -10,7 +10,7 @@
 class ApiController extends YesWikiController
 {
     /**
-     * @Route("/api/templates/custom-presets/{presetFilename}", methods={"DELETE"},options={"acl":{"public","@admins"}})
+     * @Route("/api/templates/custom-presets/{presetFilename}", methods={"DELETE"},options={"acl":{"@admins"}})
      */
     public function deleteCustomCSSPreset($presetFilename)
     {
@@ -23,7 +23,7 @@ public function deleteCustomCSSPreset($presetFilename)
     }
 
     /**
-     * @Route("/api/templates/custom-presets/{presetFilename}", methods={"POST"},options={"acl":{"public","+"}})
+     * @Route("/api/templates/custom-presets/{presetFilename}", methods={"POST"},options={"acl":{"+"}})
      */
     public function addCustomCSSPreset($presetFilename)
     {

Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,6 @@ public function initRoutes($wiki)`
`339`	`339`	`new AnnotationReader()`
`340`	`340`	`)`
`341`	`341`	`);`
`342`		`-`
`343`	`342`	`// Core controllers`
`344`	`343`	`$routes->addCollection($loader->load('includes/controllers'));`
`345`	`344`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public function getUser($userId)`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`/**`
`136`		`- * @Route("/api/users/{userId}/delete",methods={"POST"}, options={"acl":{"public","@admins"}})`
	`136`	`+ * @Route("/api/users/{userId}/delete",methods={"POST"}, options={"acl":{"@admins"}})`
`137`	`137`	`*/`
`138`	`138`	`public function deleteUser($userId)`
`139`	`139`	`{`
`@@ -183,7 +183,7 @@ public function deleteUser($userId)`
`183`	`183`	`}`
`184`	`184`
`185`	`185`	`/**`
`186`		`- * @Route("/api/users",methods={"POST"}, options={"acl":{"public","@admins"}})`
	`186`	`+ * @Route("/api/users",methods={"POST"}, options={"acl":{"@admins"}})`
`187`	`187`	`*/`
`188`	`188`	`public function createUser()`
`189`	`189`	`{`
`@@ -276,7 +276,7 @@ public function getAllUsers($userFields = ['name', 'email', 'signuptime'])`
`276`	`276`	`}`
`277`	`277`
`278`	`278`	`/**`
`279`		`- * @Route("api/groups/{group_name}/delete",methods={"POST"},options={"acl":{"public","@admins"}})`
	`279`	`+ * @Route("api/groups/{group_name}/delete",methods={"POST"},options={"acl":{"@admins"}})`
`280`	`280`	`*/`
`281`	`281`	`public function deleteGroup(string $group_name)`
`282`	`282`	`{`
`@@ -451,7 +451,7 @@ public function getAllComments($tag = '')`
`451`	`451`	`}`
`452`	`452`
`453`	`453`	`/**`
`454`		`- * @Route("/api/comments",methods={"POST"}, options={"acl":{"public","+"}})`
	`454`	`+ * @Route("/api/comments",methods={"POST"}, options={"acl":{"+"}})`
`455`	`455`	`*/`
`456`	`456`	`public function postComment()`
`457`	`457`	`{`
`@@ -462,7 +462,7 @@ public function postComment()`
`462`	`462`	`}`
`463`	`463`
`464`	`464`	`/**`
`465`		`- * @Route("/api/comments/{tag}",methods={"POST"}, options={"acl":{"public","+"}})`
	`465`	`+ * @Route("/api/comments/{tag}",methods={"POST"}, options={"acl":{"+"}})`
`466`	`466`	`*/`
`467`	`467`	`public function editComment($tag)`
`468`	`468`	`{`
`@@ -473,7 +473,7 @@ public function editComment($tag)`
`473`	`473`	`}`
`474`	`474`
`475`	`475`	`/**`
`476`		`- * @Route("/api/comments/{tag}",methods={"DELETE"}, options={"acl":{"public","+"}})`
	`476`	`+ * @Route("/api/comments/{tag}",methods={"DELETE"}, options={"acl":{"+"}})`
`477`	`477`	`*/`
`478`	`478`	`public function deleteComment($tag)`
`479`	`479`	`{`
`@@ -488,7 +488,7 @@ public function deleteComment($tag)`
`488`	`488`	`}`
`489`	`489`
`490`	`490`	`/**`
`491`		`- * @Route("/api/comments/{tag}/delete",methods={"POST"}, options={"acl":{"public","+"}})`
	`491`	`+ * @Route("/api/comments/{tag}/delete",methods={"POST"}, options={"acl":{"+"}})`
`492`	`492`	`*/`
`493`	`493`	`public function deleteCommentViaPostMethod($tag)`
`494`	`494`	`{`
`@@ -563,7 +563,7 @@ public function getPage(Request $request, $tag)`
`563`	`563`	`}`
`564`	`564`
`565`	`565`	`/**`
`566`		`- * @Route("/api/pages/{tag}/duplicate",methods={"POST"},options={"acl":{"public","@admins"}})`
	`566`	`+ * @Route("/api/pages/{tag}/duplicate",methods={"POST"},options={"acl":{"@admins"}})`
`567`	`567`	`*/`
`568`	`568`	`public function duplicatePage(Request $request, $tag)`
`569`	`569`	`{`
`@@ -579,7 +579,7 @@ public function duplicatePage(Request $request, $tag)`
`579`	`579`	`}`
`580`	`580`
`581`	`581`	`/**`
`582`		`- * @Route("/api/pages/{tag}",methods={"DELETE"},options={"acl":{"public","+"}})`
	`582`	`+ * @Route("/api/pages/{tag}",methods={"DELETE"},options={"acl":{"+"}})`
`583`	`583`	`*/`
`584`	`584`	`public function deletePage($tag)`
`585`	`585`	`{`
`@@ -635,7 +635,7 @@ public function deletePage($tag)`
`635`	`635`	`}`
`636`	`636`
`637`	`637`	`/**`
`638`		`- * @Route("/api/pages/{tag}/delete",methods={"POST"},options={"acl":{"public","+"}})`
	`638`	`+ * @Route("/api/pages/{tag}/delete",methods={"POST"},options={"acl":{"+"}})`
`639`	`639`	`*/`
`640`	`640`	`public function deletePageByGetMethod($tag)`
`641`	`641`	`{`
`@@ -700,7 +700,7 @@ public function getReactionsFromUser($userId, $id)`
`700`	`700`	`}`
`701`	`701`
`702`	`702`	`/**`
`703`		`- * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}", methods={"DELETE"}, options={"acl":{"public", "+"}})`
	`703`	`+ * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}", methods={"DELETE"}, options={"acl":{"+"}})`
`704`	`704`	`*/`
`705`	`705`	`public function deleteReaction($idreaction, $id, $page, $username)`
`706`	`706`	`{`
`@@ -738,15 +738,15 @@ public function deleteReaction($idreaction, $id, $page, $username)`
`738`	`738`	`}`
`739`	`739`
`740`	`740`	`/**`
`741`		`- * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}/delete",methods={"GET"},options={"acl":{"public","+"}})`
	`741`	`+ * @Route("/api/reactions/{idreaction}/{id}/{page}/{username}/delete",methods={"GET"},options={"acl":{"+"}})`
`742`	`742`	`*/`
`743`	`743`	`public function deleteReactionByGetMethod($idreaction, $id, $page, $username)`
`744`	`744`	`{`
`745`	`745`	`return $this->deleteReaction($idreaction, $id, $page, $username);`
`746`	`746`	`}`
`747`	`747`
`748`	`748`	`/**`
`749`		`- * @Route("/api/reactions", methods={"POST"}, options={"acl":{"public", "+"}})`
	`749`	`+ * @Route("/api/reactions", methods={"POST"}, options={"acl":{"+"}})`
`750`	`750`	`*/`
`751`	`751`	`public function addReactionFromUser()`
`752`	`752`	`{`
`@@ -823,7 +823,7 @@ public function addReactionFromUser()`
`823`	`823`	`}`
`824`	`824`
`825`	`825`	`/**`
`826`		`- * @Route("/api/triples", methods={"GET"}, options={"acl":{"public", "+"}})`
	`826`	`+ * @Route("/api/triples", methods={"GET"}, options={"acl":{"+"}})`
`827`	`827`	`*/`
`828`	`828`	`public function ByResource()`
`829`	`829`	`{`
`@@ -848,7 +848,7 @@ public function ByResource()`
`848`	`848`	`}`
`849`	`849`
`850`	`850`	`/**`
`851`		`- * @Route("/api/triples/{resource}", methods={"GET"}, options={"acl":{"public", "+"}})`
	`851`	`+ * @Route("/api/triples/{resource}", methods={"GET"}, options={"acl":{"+"}})`
`852`	`852`	`*/`
`853`	`853`	`public function getTriplesByResource($resource)`
`854`	`854`	`{`
`@@ -873,7 +873,7 @@ public function getTriplesByResource($resource)`
`873`	`873`	`}`
`874`	`874`
`875`	`875`	`/**`
`876`		`- * @Route("/api/triples/{resource}", methods={"POST"}, options={"acl":{"public", "+"}})`
	`876`	`+ * @Route("/api/triples/{resource}", methods={"POST"}, options={"acl":{"+"}})`
`877`	`877`	`*/`
`878`	`878`	`public function setTriple($resource)`
`879`	`879`	`{`
`@@ -920,7 +920,7 @@ public function setTriple($resource)`
`920`	`920`	`}`
`921`	`921`
`922`	`922`	`/**`
`923`		`- * @Route("/api/triples/{resource}/delete", methods={"POST"}, options={"acl":{"public", "+"}})`
	`923`	`+ * @Route("/api/triples/{resource}/delete", methods={"POST"}, options={"acl":{"+"}})`
`924`	`924`	`*/`
`925`	`925`	`public function deleteTriples($resource)`
`926`	`926`	`{`
`@@ -1045,15 +1045,15 @@ private function extractTriplesParams(string $method, $resource): array`
`1045`	`1045`	`}`
`1046`	`1046`
`1047`	`1047`	`/**`
`1048`		`- * @Route("/api/archives/{id}", methods={"GET"}, options={"acl":{"public", "@admins"}})`
	`1048`	`+ * @Route("/api/archives/{id}", methods={"GET"}, options={"acl":{"@admins"}})`
`1049`	`1049`	`*/`
`1050`	`1050`	`public function getArchive($id)`
`1051`	`1051`	`{`
`1052`	`1052`	`return $this->getService(ArchiveController::class)->getArchive($id);`
`1053`	`1053`	`}`
`1054`	`1054`
`1055`	`1055`	`/**`
`1056`		`- * @Route("/api/archives/uidstatus/{uid}", methods={"GET"}, options={"acl":{"public", "@admins"}})`
	`1056`	`+ * @Route("/api/archives/uidstatus/{uid}", methods={"GET"}, options={"acl":{"@admins"}})`
`1057`	`1057`	`*/`
`1058`	`1058`	`public function getArchiveStatus($uid)`
`1059`	`1059`	`{`
`@@ -1064,7 +1064,7 @@ public function getArchiveStatus($uid)`
`1064`	`1064`	`}`
`1065`	`1065`
`1066`	`1066`	`/**`
`1067`		`- * @Route("/api/archives/archivingStatus/", methods={"GET"}, options={"acl":{"public", "@admins"}})`
	`1067`	`+ * @Route("/api/archives/archivingStatus/", methods={"GET"}, options={"acl":{"@admins"}})`
`1068`	`1068`	`*/`
`1069`	`1069`	`public function getArchivingStatus()`
`1070`	`1070`	`{`
`@@ -1075,7 +1075,7 @@ public function getArchivingStatus()`
`1075`	`1075`	`}`
`1076`	`1076`
`1077`	`1077`	`/**`
`1078`		`- * @Route("/api/archives/forcedUpdateToken/", methods={"GET"}, options={"acl":{"public", "@admins"}})`
	`1078`	`+ * @Route("/api/archives/forcedUpdateToken/", methods={"GET"}, options={"acl":{"@admins"}})`
`1079`	`1079`	`*/`
`1080`	`1080`	`public function getForcedUpdateToken()`
`1081`	`1081`	`{`
`@@ -1088,8 +1088,8 @@ public function getForcedUpdateToken()`
`1088`	`1088`	`}`
`1089`	`1089`
`1090`	`1090`	`/**`
`1091`		`- * @Route("/api/archives/", methods={"GET"}, options={"acl":{"public", "@admins"}})`
`1092`		`- * @Route("/api/archives", methods={"GET"}, options={"acl":{"public", "@admins"}})`
	`1091`	`+ * @Route("/api/archives/", methods={"GET"}, options={"acl":{"@admins"}})`
	`1092`	`+ * @Route("/api/archives", methods={"GET"}, options={"acl":{"@admins"}})`
`1093`	`1093`	`*/`
`1094`	`1094`	`public function getArchives()`
`1095`	`1095`	`{`
`@@ -1102,15 +1102,15 @@ public function getArchives()`
`1102`	`1102`	`}`
`1103`	`1103`
`1104`	`1104`	`/**`
`1105`		`- * @Route("/api/archives/{id}", methods={"POST"}, options={"acl":{"public", "@admins"}})`
	`1105`	`+ * @Route("/api/archives/{id}", methods={"POST"}, options={"acl":{"@admins"}})`
`1106`	`1106`	`*/`
`1107`	`1107`	`public function archiveAction($id)`
`1108`	`1108`	`{`
`1109`	`1109`	`return $this->getService(ArchiveController::class)->manageArchiveAction($id);`
`1110`	`1110`	`}`
`1111`	`1111`
`1112`	`1112`	`/**`
`1113`		`- * @Route("/api/archives", methods={"POST"}, options={"acl":{"public", "@admins"}})`
	`1113`	`+ * @Route("/api/archives", methods={"POST"}, options={"acl":{"@admins"}})`
`1114`	`1114`	`*/`
`1115`	`1115`	`public function archivesAction()`
`1116`	`1116`	`{`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`class ApiController extends YesWikiController`
`11`	`11`	`{`
`12`	`12`	`/**`
`13`		`- * @Route("/api/templates/custom-presets/{presetFilename}", methods={"DELETE"},options={"acl":{"public","@admins"}})`
	`13`	`+ * @Route("/api/templates/custom-presets/{presetFilename}", methods={"DELETE"},options={"acl":{"@admins"}})`
`14`	`14`	`*/`
`15`	`15`	`public function deleteCustomCSSPreset($presetFilename)`
`16`	`16`	`{`
`@@ -23,7 +23,7 @@ public function deleteCustomCSSPreset($presetFilename)`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`/**`
`26`		`- * @Route("/api/templates/custom-presets/{presetFilename}", methods={"POST"},options={"acl":{"public","+"}})`
	`26`	`+ * @Route("/api/templates/custom-presets/{presetFilename}", methods={"POST"},options={"acl":{"+"}})`
`27`	`27`	`*/`
`28`	`28`	`public function addCustomCSSPreset($presetFilename)`
`29`	`29`	`{`