/**
* {@inheritDoc}
*/
public function setUp()
{
$request = $this->getRequest();
// To prevent abuse of the automated system, we need to make sure that
// the IP making the request is one of the IPs we allowed in the config
$allowedIPs = array_map('trim', $this->container->getParameter('bzion.api.allowed_ips'));
$clientIP = $request->getClientIp();
if (!$this->isDebug() && !in_array($clientIP, $allowedIPs)) {
// If server making the request isn't an official server, then log the unauthorized attempt and kill the script
$this->getLogger()->addNotice("Unauthorized access attempt from {$clientIP}");
throw new ForbiddenException("Error: 403 - Forbidden");
}
// We will be looking at either $_POST or $_GET depending on the status, production or development
$this->params = $request->request;
// $_POST
if (!$this->params->has('query')) {
// There seems to be nothing in $_POST. If we are in debug mode
// however, we might have a debug request with data in $_GET
if ($this->isDebug() && $request->query->has('query')) {
$this->params = $request->query;
// $_GET
} else {
throw new BadRequestException();
}
}
// After the first major rewrite of the league overseer plugin, the
// API was introduced in order to provide backwards compatibility for
// servers that have not updated to the latest version of the plugin.
$this->version = $this->params->get('apiVersion', 0);
}
/**
* Update template with given id.
*
* @param string/int $id
* @return Response
*/
public function update($id)
{
if (!$this->app['sentry']->getUser()->hasAccess('templates.update')) {
return new Response($this->app['translator']->trans('noPermTemplateUpdate'), 403);
}
$template = $this->model->with('pages')->find($id);
if (Sentry::getUser()->id != $template->user_id) {
return new Response($this->app['translator']->trans('noPermissionsToModifyTemplate'), 400);
}
$rand = str_random(10);
$template->name = $this->input->get('name');
$template->color = $this->input->get('color');
$template->category = $this->input->get('category');
$template->thumbnail = 'assets/images/thumbnails/templates/template-' . $rand . '.png';
if ($template->save() && $this->input->has('pages')) {
foreach ($this->input->get('pages') as $k => $page) {
$pModel = new \Builder\Projects\PageModel();
foreach ($page as $name => $value) {
$pModel->{$name} = is_array($value) ? json_encode($value) : $value;
}
$template->pages()->save($pModel);
}
}
$template->thumbId = $rand;
return $template;
}
public function assignPermissionsToAll()
{
if (!$this->sentry->getUser()->hasAccess('superuser') || !$this->input->has('permissions')) {
return new Response($this->app['translator']->trans('noPermissionsGeneric'), 403);
}
UserModel::whereNull('permissions')->update(array('permissions' => $this->input->get('permissions')));
return new Response($this->app['translator']->trans('permissionsUpdated'), 200);
}
/**
* Delete all images by passed in ids.
*
* @return Response
*/
public function deleteMultiple()
{
if ($this->input->has('ids')) {
foreach ($this->input->get('ids') as $id) {
if ($img = $this->model->find($id)) {
$this->fs->remove($this->app['base_dir'] . '/assets/images/uploads/' . $img->file_name);
$this->model->destroy($id);
}
}
}
return new Response(json_encode($this->input->get('ids')), 200);
}
/**
* Create a new project.
*
* @return Response
*/
public function store()
{
if (!$this->app['sentry']->getUser()->hasAccess('projects.create')) {
return new Response($this->app['translator']->trans('noPermProjectCreate'), 403);
}
if (!$this->input->has('name')) {
return new Response($this->app['translator']->trans('projectNameRequired'), 400);
}
if (Project::where('name', $this->input->get('name'))->first()) {
return new Response($this->app['translator']->trans('projectWithNameExists'), 400);
}
return new Response($this->creator->create($this->input->all()), 201);
}
