/**
* Validates PAM credentials
*
* @param array $credentials Credentials
* @return boolean
* @throws LoginException
*/
public static function handler(array $credentials = array())
{
$calendar_guid = elgg_extract('calendar_guid', $credentials);
$user_guid = elgg_extract('user_guid', $credentials);
$token = elgg_extract('token', $credentials);
$ia = elgg_set_ignore_access(true);
$calendar = get_entity($calendar_guid);
$user = get_entity($user_guid);
elgg_set_ignore_access($ia);
$pam = new PAM($calendar, $user);
if (!has_access_to_entity($calendar, $user)) {
throw new LoginException('User does not have access to this calendar');
}
if (!$calendar->getToken()) {
throw new LoginException('Calendar does not allow remote access');
}
if (!$pam->validateToken($token)) {
throw new LoginException('Invalid token');
}
return true;
}
<?php
namespace Events\UI;
use Events\API\Calendar;
use Events\API\Util;
use Events\API\PAM;
$is_logged_in = elgg_is_logged_in();
$guid = get_input('guid');
$consumer = get_input('consumer');
if (!$is_logged_in) {
$token = get_input('token');
$user_guid = get_input('uid');
try {
PAM::authenticate();
} catch (Exception $ex) {
register_error($ex->getMessage());
forward('', '403');
}
}
$entity = get_entity($guid);
if (!$entity instanceof Calendar) {
forward('', '404');
}
$start = (int) get_input('start', time());
$end = (int) get_input('end', strtotime('+1 month', $start));
$start = (int) Util::getDayStart($start);
$end = (int) Util::getDayEnd($end);
$events = $entity->getAllEventInstances($start, $end, true, $consumer);
echo json_encode($events);
if (!$is_logged_in) {
