/** * Return all tags. * * @return string Standard JSON envelope */ public function list_() { $filters = $_GET; unset($filters['__route__']); $userObj = new User(); if ($userObj->isOwner()) { $filters['permission'] = 0; } $tagField = $userObj->isOwner() ? 'countPrivate' : 'countPublic'; $tags = getDb()->getTags($filters); if (is_array($tags)) { foreach ($tags as $key => $tag) { $tags[$key]['count'] = $tag[$tagField]; unset($tags[$key]['countPublic'], $tags[$key]['countPrivate'], $tags[$key]['owner']); } } return $this->success('Tags for the user', $tags); }
/** * Get the owner's groups * * @return string Standard JSON envelope */ public function list_() { getAuthentication()->requireAuthentication(); $userObj = new User(); if (!$userObj->isOwner()) { return $this->forbidden('You do not have permission to access this API.', false); } $groups = $this->group->getGroups(); if ($groups === false) { return $this->error('An error occurred trying to get your groups', false); } return $this->success('A list of your groups', (array) $groups); }
public function authorizePost() { $userObj = new User(); if (!$userObj->isOwner()) { $this->route->run('/error/403', EpiRoute::httpGet); die; } if (!isset($_POST['name']) || empty($_POST['name'])) { $this->route->run('/error/500', EpiRoute::httpGet); die; } // TODO make permissions an array $consumerKey = getCredential()->add($_POST['name'], array()); if (!$consumerKey) { getLogger()->warn(sprintf('Could not add credential for: %s', json_encode($consumerKey))); $this->route->run('/error/500', EpiRoute::httpGet); die; } $consumer = getDb()->getCredential($consumerKey); $token = $consumer['userToken']; $res = getCredential()->convertToken($consumer['id'], Credential::typeRequest); if (!$res) { getLogger()->warn(sprintf('Could not convert credential for: %s', json_encode($token))); $this->route->run('/error/500', EpiRoute::httpGet); die; } // we have to fetch this again to have the consumer key and secret $consumer = getDb()->getCredentialByUserToken($token); $callback = null; $separator = '?'; if (isset($_GET['oauth_callback'])) { $callback = $_GET['oauth_callback']; if (stripos($callback, '?') !== false) { $separator = '&'; } } $callback .= "{$separator}oauth_consumer_key={$consumer['id']}&oauth_consumer_secret={$consumer['clientSecret']}&oauth_token={$consumer['userToken']}&oauth_token_secret={$consumer['userSecret']}&oauth_verifier={$consumer['verifier']}"; $this->route->redirect($callback, null, true); /*$callback = urlencode($_GET['oauth_callback']); $this->route->redirect("/v1/oauth/authorize?oauth_token={$consumer['userToken']}&oauth_callback={$callback}");*/ }
public static function deleteEvent($frm_submitted) { global $obj_db; if (isset($frm_submitted['delete_all']) && $frm_submitted['delete_all'] === true && isset($frm_submitted['rep_event_id']) && $frm_submitted['rep_event_id'] > 0) { // part of repeat , delete all items $str_query = 'DELETE FROM events WHERE repeating_event_id = ' . $frm_submitted['rep_event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { // delete row from repeating_events $str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } } else { if ($frm_submitted['rep_event_id'] > 0) { // part of repeat , delete only this one $str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id'] . ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; $obj_result = mysqli_query($obj_db, $str_query); // the pattern is broken, put bln_broken in db, // so that we know it that we have to show the repair pattern button $str_update_query = 'UPDATE repeating_events SET bln_broken = 1 WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $res = mysqli_query($obj_db, $str_update_query); if ($obj_result !== false) { // check if there is only one item left in this repeat, // if yes then delete row in repeating_events table and set repeating_event_id to 0 in events table if (self::OneHasLeftOfThisRepeat($frm_submitted['rep_event_id'])) { $str_query = 'DELETE FROM repeating_events WHERE rep_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { // update row //$str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE event_id = '.$frm_submitted['event_id']; $str_update_query = 'UPDATE events SET repeating_event_id = 0 WHERE repeating_event_id = ' . $frm_submitted['rep_event_id']; $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } else { echo 'Error while trying to delete the row in repeating_events table'; } } return true; } else { echo 'Error while trying to delete the event'; } } else { /* * normal event */ $str_query = 'DELETE FROM events WHERE event_id = ' . $frm_submitted['event_id']; $bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin()); if (User::isOwner() || $bln_admin_and_full_control) { // dont need to search on user_id } else { $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; } $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { return true; } } } return false; }
getPlugin()->load(); } else { $runUpgrade = false; $runSetup = true; // setup and enable routes for setup $baseDir = dirname(dirname(__FILE__)); $paths = new stdClass(); $paths->libraries = "{$baseDir}/libraries"; $paths->configs = "{$baseDir}/configs"; $paths->controllers = "{$baseDir}/libraries/controllers"; $paths->docroot = "{$baseDir}/html"; $paths->external = "{$baseDir}/libraries/external"; $paths->adapters = "{$baseDir}/libraries/adapters"; $paths->models = "{$baseDir}/libraries/models"; $paths->templates = "{$baseDir}/templates"; $paths->themes = "{$baseDir}/html/assets/themes"; $configObj->set('paths', $paths); if (!$hasConfig) { require $configObj->get('paths')->libraries . '/dependencies.php'; } require $configObj->get('paths')->libraries . '/routes-setup.php'; require $configObj->get('paths')->libraries . '/routes-error.php'; require $configObj->get('paths')->controllers . '/SetupController.php'; $configObj->loadString(file_get_contents(sprintf('%s/html/assets/themes/%s/config/settings.ini', dirname(dirname(__FILE__)), getTheme()->getThemeName()))); // Before we run the setup in edit mode, we need to validate ownership $userObj = new User(); if (isset($_GET['edit']) && !$userObj->isOwner()) { $routeObj->run('/error/403'); die; } }
/** * Display the upload form for photos. * * @return string HTML */ public function upload() { $userObj = new User(); if (!$userObj->isOwner()) { $this->route->run('/error/403'); return; } $this->theme->setTheme(); // defaults $crumb = $this->session->get('crumb'); $template = sprintf('%s/upload.php', $this->config->paths->templates); $groupsResp = $this->api->invoke('/groups/list.json'); $body = $this->template->get($template, array('crumb' => $crumb, 'groups' => $groupsResp['result'], 'licenses' => $this->utility->getLicenses())); $this->theme->display('template.php', array('body' => $body, 'page' => 'upload')); }