/**
* @inheritdoc
*/
public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache)
{
$userFactory = new UserFactory($db, $cache);
$user = $userFactory->load($_REQUEST['user']);
$response = new OperationResponse();
if (!$user) {
$response->setStatus(400);
$response->setBody(array('error' => 'Argument "user" is referring to a user that does not exist'));
} elseif ($this->user->isEqual($user)) {
$response->setStatus(400);
$response->setBody(array('error' => 'A user can not change admin privileges for its own user account'));
} else {
$userFactory->setAdminPrivileges($user, $_REQUEST['admin'] == '1');
$response->setStatus(204);
}
return $response;
}
/**
* @param array $path
* @param \Rocker\Server $server
* @return OperationResponse
*/
public function dispatchRequest(array $path, Server $server)
{
$op = $this->loadOperation($path);
$method = $this->server->request()->getMethod();
// Could not resolve any operation, return 404
if ($op === null) {
$response = new OperationResponse(404);
$response->setBody(array('error' => 'Operation not found'));
return $response;
}
$op->setRequest($server->request());
$isAuthenticated = $this->authenticate($op, $server);
// Handle OPTIONS request
if ($method == 'OPTIONS') {
$response = new OperationResponse();
// Add allowed request data
$requestHeaders = $server->request()->headers('Access-Control-Request-Headers', false);
$allowedHeaders = 'Authorization, Content-Type, Content-Length' . ($requestHeaders ? ', ' . $requestHeaders : '');
$response->addHeader('Access-Control-Allow-Headers', ucwords($allowedHeaders));
$response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods()));
return $response;
}
// Wrong method!
if (!in_array($method, $op->allowedMethods())) {
$response = new OperationResponse(405);
$response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods()));
$response->setBody(array('error' => 'Wrong request method, only ' . implode(', ', $op->allowedMethods()) . ' is allowed'));
} elseif ($op->requiresAuth() && !$isAuthenticated) {
$response = new OperationResponse(401);
$with = $server->request()->headers('HTTP_X_REQUESTED_WITH');
if (!$with) {
$with = $server->request()->headers('X_REQUESTED_WITH');
}
if (!$with || strtolower($with) != 'xmlhttprequest') {
$authConfig = $this->server->config('application.auth');
$response->setHeaders(array('WWW-Authenticate' => $authConfig['mechanism']));
}
$response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods()));
} elseif ($missingArgs = $this->findMissingArgs($method, $op)) {
$response = new OperationResponse(400);
$response->setBody(array('error' => 'One or more required arguments is missing (' . implode(', ', $missingArgs) . ')'));
} else {
$response = $op->exec($this->server, $this->db, $this->cache);
}
return $response;
}
/**
* @param \Rocker\Object\ObjectInterface $obj
* @param \Rocker\Object\AbstractObjectFactory $factory
* @param OperationResponse $response
* @param ConnectionInterface $db
* @param CacheInterface $cache
* @param \Rocker\Server $server
*/
protected function updateObject($obj, $factory, $response, $db, $cache, $server)
{
if (isset($_REQUEST['name'])) {
$obj->setName($_REQUEST['name']);
}
if (isset($_REQUEST['meta']) && is_array($_REQUEST['meta'])) {
$result = $this->addMetaFromRequestToObject($obj);
if ($result !== null) {
// Something not okay with the meta values
$response->setStatus($result[0]);
$response->setBody($result[1]);
return;
}
}
try {
$factory->update($obj);
$response->setBody($this->objectToArray($obj, $server, $db, $cache));
} catch (DuplicationException $e) {
$response->setStatus(409);
$response->setBody(array('error' => $e->getMessage()));
}
}
