219 lines
5.6 KiB
PHP
219 lines
5.6 KiB
PHP
<?php
|
||
|
||
class RestQuery{
|
||
protected $response_code;
|
||
public $response_message; //array
|
||
protected $blog_id;
|
||
protected $required_perms = 'admin'; //must be changed by the childs class
|
||
/*
|
||
should be:
|
||
'admin'
|
||
'usage'
|
||
'publish'
|
||
'delete'
|
||
'contentadmin'
|
||
'categories'
|
||
'media'
|
||
'media_admin'
|
||
'none' //must be have an account (without any rights)
|
||
'unauth' //Open to the world
|
||
*/
|
||
|
||
public function __construct()
|
||
{
|
||
|
||
$this->response_code = 404;
|
||
$this->response_message = array(
|
||
"error" => "Method not found",
|
||
"code" => 404
|
||
);
|
||
}
|
||
|
||
/**
|
||
* Check if required fields are set
|
||
* $strict => Go on error if a additionnal field is given
|
||
*/
|
||
protected function check_for_required_fields($arrayToCheck,$fieldsRequired,$fieldsOptionals = '')
|
||
{
|
||
if ($fieldsOptionals == ''){
|
||
$fieldsOptionals == array();
|
||
}
|
||
|
||
$fieldsSetted = array_keys($arrayToCheck);
|
||
|
||
if($fieldsOptionals == ''){
|
||
if(empty(array_diff($fieldsSetted,$fieldsRequired))){
|
||
return true;
|
||
}else{
|
||
$this->response_code = 400;
|
||
$this->response_message = array(
|
||
"error" => "Only and each of following parameters ".
|
||
implode(", ",$fieldsRequired)." are required",
|
||
"code" => 400
|
||
);
|
||
return false;
|
||
}
|
||
}else{
|
||
//check if all required fields are set
|
||
foreach($fieldsRequired as $key){
|
||
if(!isset($arrayToCheck[$key])){
|
||
$this->response_code = 400;
|
||
$this->response_message = array(
|
||
"error" => "field ".$key." is needed",
|
||
"code" => 400
|
||
);
|
||
return false;
|
||
}
|
||
}
|
||
//check if a field is not in required and in fieldsOptionals
|
||
foreach($fieldsSetted as $keyToTest){
|
||
if((!in_array($keyToTest,$fieldsRequired)) && (!in_array($keyToTest,$fieldsOptionals))){
|
||
$this->response_message = array(
|
||
"error" => "Unwanted field '".$keyToTest."'",
|
||
"code" => 400
|
||
);
|
||
return false;
|
||
}
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
|
||
}
|
||
protected function body_to_array($body){
|
||
if($ret = json_decode($body,true)){
|
||
return $ret;
|
||
}else{
|
||
$this->response_code = 400;
|
||
$this->response_message = array(
|
||
'error' => 'Can\'t parse input JSON',
|
||
'code' => 400
|
||
);
|
||
return false;
|
||
}
|
||
}
|
||
protected function is_allowed()
|
||
{
|
||
global $core;
|
||
if($core->auth){
|
||
$perms = $core->auth->getAllPermissions();
|
||
}
|
||
|
||
$is_allowed = false;
|
||
switch($this->required_perms){
|
||
|
||
case 'unauth':
|
||
//on verifie quand même que l'API est ouverte
|
||
if(
|
||
(($core->blog->settings->rest->rest_is_open) && ($core->auth === false))
|
||
||($core->auth !== false)
|
||
){
|
||
$is_allowed = true;
|
||
}
|
||
|
||
break;
|
||
case 'none':
|
||
//user must be valid
|
||
if($core->auth){
|
||
$is_allowed = true;
|
||
}
|
||
break;
|
||
case 'media_admin':
|
||
break;
|
||
case 'media':
|
||
break;
|
||
case 'categories':
|
||
break;
|
||
case 'contentadmin':
|
||
break;
|
||
case 'delete':
|
||
break;
|
||
case 'publish':
|
||
break;
|
||
case 'usage':
|
||
break;
|
||
case 'admin':
|
||
if (($core->auth !== false) && $core->auth->isSuperAdmin()){
|
||
$is_allowed = true;
|
||
}
|
||
break;
|
||
}
|
||
if($is_allowed){
|
||
return true;
|
||
}else{
|
||
$this->response_code = 403;
|
||
$this->response_message = array('code' => 403, 'error' => 'Unauthorized');
|
||
return false;
|
||
}
|
||
}
|
||
public function get_full_code_header($code=''){
|
||
if($code == ''){
|
||
$code = $this->response_code;
|
||
}
|
||
static $codes = array(
|
||
100 =>"Continue",
|
||
101 =>"Switching Protocols",
|
||
102 =>"Processing",
|
||
200 =>"OK",
|
||
201 =>"Created",
|
||
202 =>"Accepted",
|
||
203 =>"Non-Authoritative Information",
|
||
204 =>"No Content",
|
||
205 =>"Reset Content",
|
||
206 =>"Partial Content",
|
||
207 =>"Multi-Status",
|
||
210 =>"Content Different",
|
||
226 =>"IM Used",
|
||
300 =>"Multiple Choices",
|
||
301 =>"Moved Permanently",
|
||
302 =>"Moved Temporarily",
|
||
303 =>"See Other",
|
||
304 =>"Not Modified",
|
||
305 =>"Use Proxy",
|
||
306 =>"(aucun)",
|
||
307 =>"Temporary Redirect",
|
||
308 =>"Permanent Redirect",
|
||
310 =>"Too many Redirects",
|
||
400 =>"Bad Request",
|
||
401 =>"Unauthorized",
|
||
402 =>"Payment Required",
|
||
403 =>"Forbidden",
|
||
404 =>"Not Found",
|
||
405 =>"Method Not Allowed",
|
||
406 =>"Not Acceptable",
|
||
407 =>"Proxy Authentication Required",
|
||
408 =>"Request Time-out",
|
||
409 =>"Conflict",
|
||
410 =>"Gone",
|
||
411 =>"Length Required",
|
||
412 =>"Precondition Failed",
|
||
413 =>"Request Entity Too Large",
|
||
414 =>"Request-URI Too Long",
|
||
415 =>"Unsupported Media Type",
|
||
416 =>"Requested range unsatisfiable",
|
||
417 =>"Expectation failed",
|
||
418 =>"I’m a teapot",
|
||
421 =>"Bad mapping / Misdirected Request",
|
||
422 =>"Unprocessable entity",
|
||
423 =>"Locked",
|
||
424 =>"Method failure",
|
||
425 =>"Unordered Collection",
|
||
426 =>"Upgrade Required",
|
||
428 =>"Precondition Required",
|
||
429 =>"Too Many Requests",
|
||
431 =>"Request Header Fields Too Large",
|
||
449 =>"Retry With",
|
||
450 =>"Blocked by Windows Parental Controls",
|
||
451 =>"Unavailable For Legal Reasons",
|
||
456 =>"Unrecoverable Error"
|
||
);
|
||
|
||
if(isset($codes[$code])){
|
||
return "HTTP/1.0 ".$code." ".$codes[$code];
|
||
}else{
|
||
return "HTTP/1.0 ".$code." Something wrong happened";
|
||
}
|
||
}
|
||
}
|