/**
* Our REST service.
*/
public function handle($request)
{
/**
* Handles the resource request.
*
* @param $request - A Request object
* @param $return_response - If given, we return the Response object
* instead of sending it.
*/
if (!auth_attempt_script_login($request->username, $request->password)) {
throw new HTTPException(401, "Invalid credentials", array('WWW-Authenticate: Basic realm="Mantis REST API"'));
}
$path = $request->rsrc_path;
if (preg_match('!^/users/?$!', $path)) {
$resource = new UserList();
} elseif (preg_match('!^/users/\\d+/?$!', $path)) {
$resource = new User();
} elseif (preg_match('!^/bugs/?$!', $path)) {
$resource = new BugList();
} elseif (preg_match('!^/bugs/\\d+/?$!', $path)) {
$resource = new Bug();
} elseif (preg_match('!^/bugs/\\d+/notes/?$!', $path)) {
$resource = new BugnoteList($request->url);
} elseif (preg_match('!^/notes/\\d+/?$!', $path)) {
$resource = new Bugnote();
} else {
throw new HTTPException(404, "No resource at this URL");
}
if ($request->method == 'GET') {
$resp = $resource->get($request);
} elseif ($request->method == 'PUT') {
$resp = $resource->put($request);
} elseif ($request->method == 'POST') {
$resp = $resource->post($request);
} else {
throw new HTTPException(501, "Unrecognized method: {$request->method}");
}
return $resp;
}
public function post($request)
{
/**
* Creates a new bugnote.
*
* Sets the location header and returns the main URL of the created resource,
* as RFC2616 says we SHOULD.
*
* @param $request - The Request we're responding to
*/
$this->bug_id = BugnoteList::get_bug_id_from_url($request->url);
if (!access_has_bug_level(config_get('add_bugnote_threshold'), $this->bug_id)) {
throw new HTTPException(403, "Access denied to add bugnote");
}
if (bug_is_readonly($this->bug_id)) {
throw new HTTPException(500, "Cannot add a bugnote to a read-only bug");
}
$new_note = new Bugnote();
$new_note->populate_from_repr($request->body);
$bugnote_added = bugnote_add($this->bug_id, $new_note->mantis_data['note'], '0:00', $new_note->mantis_data['view_state'] == VS_PRIVATE);
if ($bugnote_added) {
$bugnote_added_url = Bugnote::get_url_from_mantis_id($bugnote_added);
$this->rsrc_data = $bugnote_added_url;
$resp = new Response();
$resp->headers[] = "location: {$bugnote_added_url}";
$resp->status = 201;
$resp->body = json_encode($bugnote_added_url);
return $resp;
} else {
throw new HTTPException(500, "Couldn't create bugnote");
}
}
public function put($request)
{
/**
* Updates the note.
*
* Only the text and view state of the note can be altered.
*
* @param $request - The request we're responding to
*/
$this->note_id = Bugnote::get_mantis_id_from_url($request->url);
if (!bugnote_exists($this->note_id)) {
throw new HTTPException(404, "No such bug note: {$this->note_id}");
}
# Check if the current user is allowed to edit the bugnote
# (This comes from Mantis's bugnote_update.php)
$user_id = auth_get_current_user_id();
$reporter_id = bugnote_get_field($this->note_id, 'reporter_id');
$bug_id = bugnote_get_field($this->note_id, 'bug_id');
if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) {
throw new HTTPException(403, "Access denied");
}
}
if (bug_is_readonly($bug_id)) {
throw new HTTPException(500, "Can't edit a note on a read-only bug");
}
$this->populate_from_repr($request->body);
bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private'));
bugnote_set_text($this->note_id, $this->_get_mantis_attr('note'));
$resp = new Response();
$resp->status = 204;
return $resp;
}
