dc-rest/inc/class.rest.query.php

219 lines
5.6 KiB
PHP
Raw Normal View History

2017-04-28 19:34:27 +02:00
<?php
class RestQuery{
2017-05-11 23:10:01 +02:00
protected $response_code;
2017-05-05 21:46:14 +02:00
public $response_message; //array
2017-05-11 23:10:01 +02:00
protected $blog_id;
2017-05-05 21:46:14 +02:00
protected $required_perms = 'admin'; //must be changed by the childs class
/*
should be:
'admin'
'usage'
'publish'
'delete'
'contentadmin'
'categories'
'media'
'media_admin'
'none' //must be have an account (without any rights)
'unauth' //Open to the world
*/
public function __construct()
{
2017-05-18 21:49:46 +02:00
$this->response_code = 404;
2017-05-05 21:46:14 +02:00
$this->response_message = array(
2017-05-18 21:49:46 +02:00
"error" => "Method not found",
"code" => 404
2017-05-05 21:46:14 +02:00
);
}
2017-05-18 21:49:46 +02:00
2017-05-05 21:46:14 +02:00
/**
* Check if required fields are set
* $strict => Go on error if a additionnal field is given
*/
protected function check_for_required_fields($arrayToCheck,$fieldsRequired,$fieldsOptionals = '')
{
if ($fieldsOptionals == ''){
$fieldsOptionals == array();
}
$fieldsSetted = array_keys($arrayToCheck);
if($fieldsOptionals == ''){
if(empty(array_diff($fieldsSetted,$fieldsRequired))){
return true;
}else{
2017-05-11 23:10:01 +02:00
$this->response_code = 400;
2017-05-05 21:46:14 +02:00
$this->response_message = array(
"error" => "Only and each of following parameters ".
implode(", ",$fieldsRequired)." are required",
"code" => 400
);
return false;
}
}else{
//check if all required fields are set
foreach($fieldsRequired as $key){
if(!isset($arrayToCheck[$key])){
2017-05-11 23:10:01 +02:00
$this->response_code = 400;
2017-05-05 21:46:14 +02:00
$this->response_message = array(
"error" => "field ".$key." is needed",
"code" => 400
);
return false;
}
}
//check if a field is not in required and in fieldsOptionals
foreach($fieldsSetted as $keyToTest){
if((!in_array($keyToTest,$fieldsRequired)) && (!in_array($keyToTest,$fieldsOptionals))){
$this->response_message = array(
"error" => "Unwanted field '".$keyToTest."'",
"code" => 400
);
return false;
}
}
return true;
}
}
protected function body_to_array($body){
if($ret = json_decode($body,true)){
return $ret;
}else{
2017-05-18 21:49:46 +02:00
$this->response_code = 400;
2017-05-05 21:46:14 +02:00
$this->response_message = array(
'error' => 'Can\'t parse input JSON',
'code' => 400
);
return false;
}
}
protected function is_allowed()
{
global $core;
if($core->auth){
$perms = $core->auth->getAllPermissions();
}
2017-05-18 21:49:46 +02:00
$is_allowed = false;
2017-05-05 21:46:14 +02:00
switch($this->required_perms){
2017-05-18 21:49:46 +02:00
2017-05-05 21:46:14 +02:00
case 'unauth':
//on verifie quand même que l'API est ouverte
2017-05-18 21:49:46 +02:00
if(
(($core->blog->settings->rest->rest_is_open) && ($core->auth === false))
||($core->auth !== false)
){
$is_allowed = true;
2017-05-05 21:46:14 +02:00
}
2017-05-11 23:10:01 +02:00
2017-05-18 21:49:46 +02:00
break;
2017-05-05 21:46:14 +02:00
case 'none':
//user must be valid
2017-05-18 21:49:46 +02:00
if($core->auth){
$is_allowed = true;
2017-05-05 21:46:14 +02:00
}
break;
case 'media_admin':
break;
case 'media':
break;
case 'categories':
break;
case 'contentadmin':
break;
case 'delete':
break;
case 'publish':
break;
case 'usage':
break;
case 'admin':
2017-05-18 21:49:46 +02:00
if (($core->auth !== false) && $core->auth->isSuperAdmin()){
$is_allowed = true;
2017-05-05 21:46:14 +02:00
}
break;
}
2017-05-18 21:49:46 +02:00
if($is_allowed){
return true;
}else{
$this->response_code = 403;
$this->response_message = array('code' => 403, 'error' => 'Unauthorized');
return false;
}
2017-05-05 21:46:14 +02:00
}
2017-05-11 23:10:01 +02:00
public function get_full_code_header($code=''){
if($code == ''){
$code = $this->response_code;
}
2017-05-05 21:46:14 +02:00
static $codes = array(
100 =>"Continue",
101 =>"Switching Protocols",
102 =>"Processing",
200 =>"OK",
201 =>"Created",
202 =>"Accepted",
203 =>"Non-Authoritative Information",
204 =>"No Content",
205 =>"Reset Content",
206 =>"Partial Content",
207 =>"Multi-Status",
210 =>"Content Different",
226 =>"IM Used",
300 =>"Multiple Choices",
301 =>"Moved Permanently",
302 =>"Moved Temporarily",
303 =>"See Other",
304 =>"Not Modified",
305 =>"Use Proxy",
306 =>"(aucun)",
307 =>"Temporary Redirect",
308 =>"Permanent Redirect",
310 =>"Too many Redirects",
400 =>"Bad Request",
401 =>"Unauthorized",
402 =>"Payment Required",
403 =>"Forbidden",
404 =>"Not Found",
405 =>"Method Not Allowed",
406 =>"Not Acceptable",
407 =>"Proxy Authentication Required",
408 =>"Request Time-out",
409 =>"Conflict",
410 =>"Gone",
411 =>"Length Required",
412 =>"Precondition Failed",
413 =>"Request Entity Too Large",
414 =>"Request-URI Too Long",
415 =>"Unsupported Media Type",
416 =>"Requested range unsatisfiable",
417 =>"Expectation failed",
418 =>"Im a teapot",
421 =>"Bad mapping / Misdirected Request",
422 =>"Unprocessable entity",
423 =>"Locked",
424 =>"Method failure",
425 =>"Unordered Collection",
426 =>"Upgrade Required",
428 =>"Precondition Required",
429 =>"Too Many Requests",
431 =>"Request Header Fields Too Large",
449 =>"Retry With",
450 =>"Blocked by Windows Parental Controls",
451 =>"Unavailable For Legal Reasons",
456 =>"Unrecoverable Error"
);
if(isset($codes[$code])){
return "HTTP/1.0 ".$code." ".$codes[$code];
}else{
return "HTTP/1.0 ".$code." Something wrong happened";
}
}
2017-04-28 19:34:27 +02:00
}