public function postAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'attending':
// the body of this request is completely irrelevant
// The logged in user *is* attending the event. Use DELETE to unattend
$event_id = $this->getItemId($request);
$event_mapper = new EventMapper($db, $request);
$event_mapper->setUserAttendance($event_id, $request->user_id);
header("Location: " . $request->base . $request->path_info, null, 201);
return;
default:
throw new Exception("Operation not supported, sorry", 404);
}
} else {
// Create a new event, pending unless user has privs
// incoming data
$event = array();
$errors = array();
$event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if (empty($event['name'])) {
$errors[] = "'name' is a required field";
}
$event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if (empty($event['description'])) {
$errors[] = "'description' is a required field";
}
$event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if (empty($event['location'])) {
$errors[] = "'location' is a required field (for virtual events, 'online' works)";
}
$start_date = strtotime($request->getParameter("start_date"));
$end_date = strtotime($request->getParameter("end_date"));
if (!$start_date || !$end_date) {
$errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format";
} else {
// if the dates are okay, sort out timezones
$event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
try {
// make the timezone, and read in times with respect to that
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$start_date = new DateTime($request->getParameter("start_date"), $tz);
$end_date = new DateTime($request->getParameter("end_date"), $tz);
$event['start_date'] = $start_date->format('U');
$event['end_date'] = $end_date->format('U');
} catch (Exception $e) {
// the time zone isn't right
$errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid " . "(e.g. Europe and London)";
}
}
// optional fields - only check if we have no errors as we may need
// access to $tz.
if (!$errors) {
$href = filter_var($request->getParameter("href"), FILTER_VALIDATE_URL);
if ($href) {
$event['href'] = $href;
}
$cfp_url = filter_var($request->getParameter("cfp_url"), FILTER_VALIDATE_URL);
if ($cfp_url) {
$event['cfp_url'] = $cfp_url;
}
$cfp_start_date = strtotime($request->getParameter("cfp_start_date"));
if ($cfp_start_date) {
$cfp_start_date = new DateTime($request->getParameter("cfp_start_date"), $tz);
$event['cfp_start_date'] = $cfp_start_date->format('U');
}
$cfp_end_date = strtotime($request->getParameter("cfp_end_date"));
if ($cfp_end_date) {
$cfp_end_date = new DateTime($request->getParameter("cfp_end_date"), $tz);
$event['cfp_end_date'] = $cfp_end_date->format('U');
}
$latitude = filter_var($request->getParameter("latitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
if ($latitude) {
$event['latitude'] = $latitude;
}
$longitude = filter_var($request->getParameter("longitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
if ($longitude) {
$event['longitude'] = $longitude;
}
$incoming_tag_list = $request->getParameter('tags');
if (is_array($incoming_tag_list)) {
$tags = array_map(function ($tag) {
$tag = filter_var($tag, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$tag = trim($tag);
$tag = strtolower($tag);
return $tag;
}, $incoming_tag_list);
}
}
$event_mapper = new EventMapper($db, $request);
// Make sure they only have a maximum of $max_pending_events
// unapproved event submissions at any time
$max_pending_events = 3;
if (isset($this->config['limits']['max_pending_events'])) {
$max_pending_events = $this->config['limits']['max_pending_events'];
}
$current_pending = $event_mapper->getPendingEventsCountByUser($request->user_id);
if ($current_pending >= $max_pending_events) {
$suffix = $max_pending_events == 1 ? '' : 's';
$errors[] = sprintf('You may only have %d pending event%s at one time', $max_pending_events, $suffix);
}
// How does it look? With no errors, we can proceed
if ($errors) {
throw new Exception(implode(". ", $errors), 400);
} else {
$user_mapper = new UserMapper($db, $request);
$event_owner = $user_mapper->getUserById($request->user_id);
$event['contact_name'] = $event_owner['users'][0]['full_name'];
// When a site admin creates an event, we want to approve it immediately
$approveEventOnCreation = $user_mapper->isSiteAdmin($request->user_id);
// Do we want to automatically approve when testing?
if (isset($this->config['features']['allow_auto_approve_events']) && $this->config['features']['allow_auto_approve_events']) {
if ($request->getParameter("auto_approve_event") == "true") {
// The test suite sends this extra field, if we got
// this far then this platform supports this
$approveEventOnCreation = true;
}
}
if ($approveEventOnCreation) {
$event_id = $event_mapper->createEvent($event, true);
// redirect to event listing
header("Location: " . $request->base . $request->path_info . '/' . $event_id, null, 201);
} else {
$event_id = $event_mapper->createEvent($event);
// set status to accepted; a pending event won't be visible
header("Location: " . $request->base . $request->path_info, null, 202);
}
// now set the current user as host and attending
$event_mapper->addUserAsHost($event_id, $request->user_id);
$event_mapper->setUserAttendance($event_id, $request->user_id);
if (isset($tags)) {
$event_mapper->setTags($event_id, $tags);
}
// Send an email if we didn't auto-approve
if (!$user_mapper->isSiteAdmin($request->user_id)) {
$event = $event_mapper->getPendingEventById($event_id, true);
$count = $event_mapper->getPendingEventsCount();
$recipients = $user_mapper->getSiteAdminEmails();
$emailService = new EventSubmissionEmailService($this->config, $recipients, $event, $count);
$emailService->sendEmail();
}
exit;
}
}
}