public function reportComment($request, $db)
{
// must be logged in to report a comment
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to report a comment');
}
$comment_mapper = new TalkCommentMapper($db, $request);
$commentId = $this->getItemId($request);
$commentInfo = $comment_mapper->getCommentInfo($commentId);
if (false === $commentInfo) {
throw new Exception('Comment not found', 404);
}
$talkId = $commentInfo['talk_id'];
$eventId = $commentInfo['event_id'];
$comment_mapper->userReportedComment($commentId, $request->user_id);
// notify event admins
$comment = $comment_mapper->getCommentById($commentId, true, true);
$event_mapper = new EventMapper($db, $request);
$recipients = $event_mapper->getHostsEmailAddresses($eventId);
$emailService = new CommentReportedEmailService($this->config, $recipients, $comment);
$emailService->sendEmail();
// send them to the comments collection
$uri = $request->base . '/' . $request->version . '/talks/' . $talkId . "/comments";
header("Location: " . $uri, true, 202);
exit;
}
public function getAction($request, $db)
{
$user_id = $this->getItemId($request);
// verbosity
$verbose = $this->getVerbosity($request);
// pagination settings
$start = $this->getStart($request);
$resultsperpage = $this->getResultsPerPage($request);
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'talks':
$talk_mapper = new TalkMapper($db, $request);
$list = $talk_mapper->getTalksBySpeaker($user_id, $resultsperpage, $start, $request, $verbose);
break;
case 'attended':
$event_mapper = new EventMapper($db, $request);
$list = $event_mapper->getEventsAttendedByUser($user_id, $resultsperpage, $start, $request, $verbose);
break;
default:
throw new InvalidArgumentException('Unknown Subrequest', 404);
break;
}
} else {
$mapper = new UserMapper($db, $request);
if ($user_id) {
$list = $mapper->getUserById($user_id, $verbose);
} else {
$list = $mapper->getUserList($resultsperpage, $start, $verbose);
}
}
return $list;
}
public function deleteTrack($request, $db)
{
// Check for login
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to delete this track", 401);
}
$track_id = $this->getItemId($request);
$track_mapper = new TrackMapper($db, $request);
$tracks = $track_mapper->getTrackById($track_id, true);
if (!$tracks) {
throw new Exception("Track not found", 404);
}
$event_mapper = new EventMapper($db, $request);
$events = $event_mapper->getEventByTrackId($track_id, true, false, false);
if (!$events || !$events[0]['ID']) {
throw new Exception("Associated event not found", 404);
}
$event_id = $events[0]['ID'];
if (!$event_mapper->thisUserHasAdminOn($event_id)) {
throw new Exception('You do not have permission to delete this track', 403);
}
$track_mapper->deleteEventTrack($track_id);
header("Content-Length: 0", null, 204);
exit;
}
protected function doCreateObject(array $array)
{
$obj = new \woo\domain\Space($array['id']);
$obj->setname($array['name']);
$ven_mapper = new VenueMapper();
$venue = $ven_mapper->find($array['venue']);
$obj->setVenue($venue);
$event_mapper = new EventMapper();
$event_collection = $event_mapper->findBySpaceId($array['id']);
$obj->setEvents($event_collection);
return $obj;
}
public function deleteImage($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 401);
}
$event_id = $this->getItemId($request);
$event_mapper = new EventMapper($db, $request);
$event_mapper->removeImages($event_id);
$location = $request->base . '/' . $request->version . '/events/' . $event_id;
header('Location: ' . $location, null, 204);
exit;
}
public function getAction($request, $db)
{
$user_id = $this->getItemId($request);
// verbosity
$verbose = $this->getVerbosity($request);
// pagination settings
$start = $this->getStart($request);
$resultsperpage = $this->getResultsPerPage($request);
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'talks':
$talk_mapper = new TalkMapper($db, $request);
$talks = $talk_mapper->getTalksBySpeaker($user_id, $resultsperpage, $start);
$list = $talks->getOutputView($request, $verbose);
break;
case 'hosted':
$event_mapper = new EventMapper($db, $request);
$list = $event_mapper->getEventsHostedByUser($user_id, $resultsperpage, $start, $verbose);
break;
case 'attended':
$event_mapper = new EventMapper($db, $request);
$list = $event_mapper->getEventsAttendedByUser($user_id, $resultsperpage, $start, $verbose);
break;
case 'talk_comments':
$talkComment_mapper = new TalkCommentMapper($db, $request);
$list = $talkComment_mapper->getCommentsByUserId($user_id, $resultsperpage, $start, $verbose);
break;
default:
throw new InvalidArgumentException('Unknown Subrequest', 404);
break;
}
} else {
$mapper = new UserMapper($db, $request);
if ($user_id) {
$list = $mapper->getUserById($user_id, $verbose);
if (count($list['users']) == 0) {
throw new Exception('User not found', 404);
}
} else {
if (isset($request->parameters['username'])) {
$username = filter_var($request->parameters['username'], FILTER_SANITIZE_STRING);
$list = $mapper->getUserByUsername($username, $verbose);
if ($list === false) {
throw new Exception('Username not found', 404);
}
} else {
$list = $mapper->getUserList($resultsperpage, $start, $verbose);
}
}
}
return $list;
}
public function postAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'talks':
$talk['event_id'] = $this->getItemId($request);
if (empty($talk['event_id'])) {
throw new Exception("POST expects a talk representation sent to a specific event URL", 400);
}
$event_mapper = new EventMapper($db, $request);
$is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']);
if (!$is_admin) {
throw new Exception("You do not have permission to add talks to this event", 400);
}
$talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING);
if (empty($talk['title'])) {
throw new Exception("The talk title field is required", 400);
}
$talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING);
if (empty($talk['description'])) {
throw new Exception("The talk description field is required", 400);
}
$talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING);
if (empty($talk['language'])) {
// default to UK English
$talk['language'] = 'English - UK';
}
$talk['date'] = new DateTime($request->getParameter('start_date'));
$speakers = $request->getParameter('speakers');
if (is_array($speakers)) {
foreach ($speakers as $speaker) {
$talk['speakers'][] = filter_var($speaker, FILTER_SANITIZE_STRING);
}
}
$talk_mapper = new TalkMapper($db, $request);
$new_id = $talk_mapper->save($talk);
header("Location: " . $request->base . $request->path_info . '/' . $new_id, NULL, 201);
$new_talk = $talk_mapper->getTalkById($new_id);
return $new_talk;
default:
throw new Exception("Operation not supported, sorry", 404);
}
} else {
throw new Exception("Operation not supported, sorry", 404);
}
}
function createObject(array $array)
{
$class = '\\woo\\domain\\Space';
$old = $this->getFromMap($class, $array['id']);
if ($old) {
return $old;
}
$obj = new $class($array['id']);
$obj->setname($array['name']);
$ven_mapper = new VenueMapper();
$venue = $ven_mapper->find($array['venue']);
$obj->setVenue($venue);
$event_mapper = new EventMapper();
$event_collection = $event_mapper->findBySpaceId($array['id']);
$obj->setEvents($event_collection);
return $obj;
}
public function getAction($request, $db)
{
$event_id = $this->getItemId($request);
// verbosity
$verbose = $this->getVerbosity($request);
// pagination settings
$start = $this->getStart($request);
$resultsperpage = $this->getResultsPerPage($request);
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'talks':
$talk_mapper = new TalkMapper($db, $request);
$list = $talk_mapper->getTalksByEventId($event_id, $resultsperpage, $start, $request, $verbose);
break;
case 'comments':
$event_comment_mapper = new EventCommentMapper($db, $request);
$list = $event_comment_mapper->getEventCommentsByEventId($event_id, $resultsperpage, $start, $verbose);
break;
case 'talk_comments':
$sort = $this->getSort($request);
$talk_comment_mapper = new TalkCommentMapper($db, $request);
$list = $talk_comment_mapper->getCommentsByEventId($event_id, $resultsperpage, $start, $verbose, $sort);
break;
default:
throw new InvalidArgumentException('Unknown Subrequest', 404);
break;
}
} else {
$mapper = new EventMapper($db, $request);
if ($event_id) {
$list = $mapper->getEventById($event_id, $verbose);
} else {
// check if we're filtering
if (isset($request->parameters['filter'])) {
switch ($request->parameters['filter']) {
case "hot":
$list = $mapper->getHotEventList($resultsperpage, $start, $verbose);
break;
case "upcoming":
$list = $mapper->getUpcomingEventList($resultsperpage, $start, $verbose);
break;
case "past":
$list = $mapper->getPastEventList($resultsperpage, $start, $verbose);
break;
case "cfp":
$list = $mapper->getOpenCfPEventList($resultsperpage, $start, $verbose);
break;
default:
throw new InvalidArgumentException('Unknown event filter', 404);
break;
}
} else {
$list = $mapper->getEventList($resultsperpage, $start, $verbose);
}
}
}
return $list;
}
public function createComment($request, $db)
{
$comment = array();
$comment['event_id'] = $this->getItemId($request);
if (empty($comment['event_id'])) {
throw new Exception("POST expects a comment representation sent to a specific event URL", 400);
}
// no anonymous comments over the API
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to comment');
}
$user_mapper = new UserMapper($db, $request);
$users = $user_mapper->getUserById($request->user_id);
$thisUser = $users['users'][0];
$rating = $request->getParameter('rating', false);
if (false === $rating) {
throw new Exception('The field "rating" is required', 400);
} elseif (false === is_numeric($rating) || $rating > 5) {
throw new Exception('The field "rating" must be a number (1-5)', 400);
}
$commentText = $request->getParameter('comment');
if (empty($commentText)) {
throw new Exception('The field "comment" is required', 400);
}
// Get the API key reference to save against the comment
$oauth_model = $request->getOauthModel($db);
$consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
$comment['user_id'] = $request->user_id;
$comment['comment'] = $commentText;
$comment['rating'] = $rating;
$comment['cname'] = $thisUser['full_name'];
$comment['source'] = $consumer_name;
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
$event_mapper = new EventMapper($db, $request);
$comment_mapper = new EventCommentMapper($db, $request);
// should rating be allowed?
if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) {
$comment['rating'] = 0;
}
if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) {
// event hosts cannot rate their own event
$comment['rating'] = 0;
}
try {
$new_id = $comment_mapper->save($comment);
} catch (Exception $e) {
// just throw this again but with a 400 status code
throw new Exception($e->getMessage(), 400);
}
// Update the cache count for the number of event comments on this event
$event_mapper->cacheCommentCount($comment['event_id']);
$uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id;
header("Location: " . $uri, null, 201);
exit;
}
/**
* Reject a pending event by DELETEing to /events/{id}/approval
*
* @param Request $request
* @param PDO $db
*
* @return void
*/
public function rejectAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
$event_id = $this->getItemId($request);
$event_mapper = new EventMapper($db, $request);
if (!$event_mapper->thisUserCanApproveEvents()) {
throw new Exception("You are not allowed to reject this event", 403);
}
$result = $event_mapper->reject($event_id, $request->user_id);
if (!$result) {
throw new Exception("This event cannot be rejected", 400);
}
header("Content-Length: 0", null, 204);
return;
}
/**
* Create a talk
*
* This method creates a new talk after being called via the URL
* "/events/[eventId]/talks"
*
* @param Request $request
* @param PDO $db
*
* @throws Exception
* @return array|bool
*/
public function createTalkAction(Request $request, PDO $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
$talk['event_id'] = $this->getItemId($request);
if (empty($talk['event_id'])) {
throw new Exception("POST expects a talk representation sent to a specific event URL", 400);
}
$event_mapper = new EventMapper($db, $request);
$talk_mapper = new TalkMapper($db, $request);
$talk_type_mapper = new TalkTypeMapper($db, $request);
$is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']);
if (!$is_admin) {
throw new Exception("You do not have permission to add talks to this event", 400);
}
// get the event so we can get the timezone info
$list = $event_mapper->getEventById($talk['event_id'], true);
if (count($list['events']) == 0) {
throw new Exception('Event not found', 404);
}
$event = $list['events'][0];
$talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING);
if (empty($talk['title'])) {
throw new Exception("The talk title field is required", 400);
}
$talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING);
if (empty($talk['description'])) {
throw new Exception("The talk description field is required", 400);
}
$talk['type'] = filter_var($request->getParameter('type', 'Talk'), FILTER_SANITIZE_STRING);
$talk_types = $talk_type_mapper->getTalkTypesLookupList();
if (!array_key_exists($talk['type'], $talk_types)) {
throw new Exception("The type '{$talk['type']}' is unknown", 400);
}
$talk['type_id'] = $talk_types[$talk['type']];
$start_date = filter_var($request->getParameter('start_date'), FILTER_SANITIZE_STRING);
if (empty($start_date)) {
throw new Exception("Please give the date and time of the talk", 400);
}
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$talk['date'] = (new DateTime($start_date, $tz))->format('U');
$talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING);
if (empty($talk['language'])) {
// default to UK English
$talk['language'] = 'English - UK';
}
// When the language doesn't exist, the talk will not be found
$language_mapper = new LanguageMapper($db, $request);
if (!$language_mapper->isLanguageValid($talk['language'])) {
throw new Exception("The language '{$talk['type']}' is unknown", 400);
}
$talk['duration'] = filter_var($request->getParameter('duration'), FILTER_SANITIZE_NUMBER_INT);
if (empty($talk['duration'])) {
$talk['duration'] = 60;
}
$talk['slides_link'] = filter_var($request->getParameter('slides_link'), FILTER_SANITIZE_URL);
$talk['speakers'] = array_map(function ($speaker) {
$speaker = filter_var($speaker, FILTER_SANITIZE_STRING);
$speaker = trim($speaker);
return $speaker;
}, (array) $request->getParameter('speakers'));
$new_id = $talk_mapper->createTalk($talk);
// Update the cache count for the number of talks at this event
$event_mapper->cacheTalkCount($talk['event_id']);
$uri = $request->base . '/' . $request->version . '/talks/' . $new_id;
header("Location: " . $uri, true, 201);
$new_talk = $talk_mapper->getTalkById($new_id);
return $new_talk;
}
public function putAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception('You must be logged in to edit data', 400);
}
$event_id = $this->getItemId($request);
if (!isset($request->url_elements[4])) {
// Edit an Event
$event_mapper = new EventMapper($db, $request);
$existing_event = $event_mapper->getEventById($event_id, true);
if (!$existing_event) {
throw new Exception(sprintf('There is no event with ID "%s"', $event_id));
}
if (!$event_mapper->thisUserHasAdminOn($event_id)) {
throw new Exception('You are not an host for this event', 403);
}
// initialise a new set of fields to save
$event = array("event_id" => $event_id);
$errors = array();
$event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING);
if (empty($event['name'])) {
$errors[] = "'name' is a required field";
}
$event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING);
if (empty($event['description'])) {
$errors[] = "'description' is a required field";
}
$event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING);
if (empty($event['location'])) {
$errors[] = "'location' is a required field (for virtual events, 'online' works)";
}
$start_date = strtotime($request->getParameter("start_date"));
$end_date = strtotime($request->getParameter("end_date"));
if (!$start_date || !$end_date) {
$errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format";
} else {
// if the dates are okay, sort out timezones
$event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING);
$event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING);
try {
// make the timezone, and read in times with respect to that
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$start_date = new DateTime($request->getParameter("start_date"), $tz);
$end_date = new DateTime($request->getParameter("end_date"), $tz);
$event['start_date'] = $start_date->format('U');
$event['end_date'] = $end_date->format('U');
} catch (Exception $e) {
// the time zone isn't right
$errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid (e.g. Europe and London)";
}
}
// How does it look? With no errors, we can proceed
if ($errors) {
throw new Exception(implode(". ", $errors), 400);
}
// optional fields - only check if we have no errors as we may need $tz
// also only update supplied fields - but DO allow saving empty ones
$href = $request->getParameter("href", false);
// returns false if the value was not supplied
if (false !== $href) {
// we got a value, filter and save it
$event['href'] = filter_var($href, FILTER_VALIDATE_URL);
}
$cfp_url = $request->getParameter("cfp_url", false);
if (false !== $cfp_url) {
// we got a value, filter and save it
$event['cfp_url'] = filter_var($cfp_url, FILTER_VALIDATE_URL);
}
$cfp_start_date = $request->getParameter("cfp_start_date", false);
if (false !== $cfp_start_date && strtotime($cfp_start_date)) {
$cfp_start_date = new DateTime($cfp_start_date, $tz);
$event['cfp_start_date'] = $cfp_start_date->format('U');
}
$cfp_end_date = $request->getParameter("cfp_end_date", false);
if (false !== $cfp_end_date && strtotime($cfp_end_date)) {
$cfp_end_date = new DateTime($cfp_end_date, $tz);
$event['cfp_end_date'] = $cfp_end_date->format('U');
}
$latitude = $request->getParameter("latitude", false);
if (false !== $latitude) {
$latitude = filter_var($latitude, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
if ($latitude) {
$event['latitude'] = $latitude;
}
}
$longitude = $request->getParameter("longitude", false);
if (false !== $longitude) {
$longitude = filter_var($longitude, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$event['longitude'] = $longitude;
}
$incoming_tag_list = $request->getParameter('tags');
if (is_array($incoming_tag_list)) {
$tags = array_map(function ($tag) {
$tag = filter_var($tag, FILTER_SANITIZE_STRING);
$tag = trim($tag);
$tag = strtolower($tag);
return $tag;
}, $incoming_tag_list);
}
$event_mapper->editEvent($event, $event_id);
if (isset($tags)) {
$event_mapper->setTags($event_id, $tags);
}
header("Location: " . $request->base . $request->path_info, NULL, 204);
exit;
}
}
/**
* Read the talk fields from the request body and validate and return an
* array ready for saving to the database.
*
* This is common for createTalk() and editTalk().
*
* @param PDO $db
* @param Request $request
* @param int $event_id
*
* @return array
*/
protected function getTalkDataFromRequest(PDO $db, Request $request, $event_id)
{
// get the event so we can get the timezone info & it
$event_mapper = new EventMapper($db, $request);
$list = $event_mapper->getEventById($event_id, true);
if (count($list['events']) == 0) {
throw new Exception('Event not found', 404);
}
$event = $list['events'][0];
$talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING);
if (empty($talk['title'])) {
throw new Exception("The talk title field is required", 400);
}
$talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING);
if (empty($talk['description'])) {
throw new Exception("The talk description field is required", 400);
}
$talk['type'] = filter_var($request->getParameter('type', 'Talk'), FILTER_SANITIZE_STRING);
$talk_type_mapper = new TalkTypeMapper($db, $request);
$talk_types = $talk_type_mapper->getTalkTypesLookupList();
if (!array_key_exists($talk['type'], $talk_types)) {
throw new Exception("The type '{$talk['type']}' is unknown", 400);
}
$talk['type_id'] = $talk_types[$talk['type']];
$start_date = filter_var($request->getParameter('start_date'), FILTER_SANITIZE_STRING);
if (empty($start_date)) {
throw new Exception("Please give the date and time of the talk", 400);
}
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$talk['date'] = (new DateTime($start_date, $tz))->format('U');
$event_start_date = (new DateTime($event['start_date']))->format('U');
$event_end_date = (new DateTime($event['end_date']))->add(new DateInterval('P1D'))->format('U');
if ($talk['date'] < $event_start_date || $talk['date'] >= $event_end_date) {
throw new Exception("The talk must be held between the start and end date of the event", 400);
}
$talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING);
if (empty($talk['language'])) {
// default to UK English
$talk['language'] = 'English - UK';
}
// When the language doesn't exist, the talk will not be found
$language_mapper = new LanguageMapper($db, $request);
if (!$language_mapper->isLanguageValid($talk['language'])) {
throw new Exception("The language '{$talk['type']}' is unknown", 400);
}
$talk['duration'] = filter_var($request->getParameter('duration'), FILTER_SANITIZE_NUMBER_INT);
if (empty($talk['duration'])) {
$talk['duration'] = 60;
}
$talk['slides_link'] = filter_var($request->getParameter('slides_link'), FILTER_SANITIZE_URL);
$talk['speakers'] = array_map(function ($speaker) {
$speaker = filter_var($speaker, FILTER_SANITIZE_STRING);
$speaker = trim($speaker);
return $speaker;
}, (array) $request->getParameter('speakers'));
return $talk;
}
/**
* Moderate a reported comment.
*
* This action is performed by a user that has administrative rights to the
* event that this comment is for. The user provides a decision on the
* report. That is, the user can approve the report which means that the
* comment remains hidden from view or the user can deny the report which
* means that the comment is viewable again.
*
* @param Request $request the request
* @param PDO $db the database adapter
*/
public function moderateReportedComment($request, $db)
{
// must be logged in
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to moderate a comment', 401);
}
$comment_mapper = new EventCommentMapper($db, $request);
$commentId = $this->getItemId($request);
$commentInfo = $comment_mapper->getCommentInfo($commentId);
if (false === $commentInfo) {
throw new Exception('Comment not found', 404);
}
$event_mapper = new EventMapper($db, $request);
$event_id = $commentInfo['event_id'];
if (false == $event_mapper->thisUserHasAdminOn($event_id)) {
throw new Exception("You don't have permission to do that", 403);
}
$decision = $request->getParameter('decision');
if (!in_array($decision, ['approved', 'denied'])) {
throw new Exception('Unexpected decision', 400);
}
$comment_mapper->moderateReportedComment($decision, $commentId, $request->user_id);
$uri = $request->base . '/' . $request->version . '/events/' . $event_id . "/comments";
header("Location: {$uri}", true, 204);
exit;
}
/**
* Create a talk
*
* @param Request $request
* @param PDO $db
*
* @throws Exception
* @return array|bool
*/
public function createTalkAction(Request $request, PDO $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
$talk['event_id'] = $this->getItemId($request);
if (empty($talk['event_id'])) {
throw new Exception("POST expects a talk representation sent to a specific event URL", 400);
}
$event_mapper = new EventMapper($db, $request);
$is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']);
if (!$is_admin) {
throw new Exception("You do not have permission to add talks to this event", 400);
}
// get the event so we can get the timezone info
$list = $event_mapper->getEventById($talk['event_id'], true);
if (count($list['events']) == 0) {
throw new Exception('Event not found', 404);
}
$event = $list['events'][0];
$talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING);
if (empty($talk['title'])) {
throw new Exception("The talk title field is required", 400);
}
$talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING);
if (empty($talk['description'])) {
throw new Exception("The talk description field is required", 400);
}
$talk_types = array("Talk", "Social event", "Keynote", "Workshop", "Event related");
if ($request->getParameter("talk_type") && in_array($request->getParameter("talk_type"), $talk_types)) {
$talk['talk_type'] = $request->getParameter("talk_type");
} else {
$talk['talk_type'] = "Talk";
}
$talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING);
if (empty($talk['language'])) {
// default to UK English
$talk['language'] = 'English - UK';
}
$start_date = $request->getParameter('start_date');
if (empty($start_date)) {
throw new Exception("Please give the date and time of the talk", 400);
}
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$start_date = new DateTime($request->getParameter("start_date"), $tz);
$talk['date'] = $start_date->format('U');
$speakers = $request->getParameter('speakers');
if (is_array($speakers)) {
foreach ($speakers as $speaker) {
$talk['speakers'][] = filter_var($speaker, FILTER_SANITIZE_STRING);
}
}
$talk_mapper = new TalkMapper($db, $request);
$new_id = $talk_mapper->save($talk);
// Update the cache count for the number of talks at this event
$event_mapper->cacheTalkCount($talk['event_id']);
header("Location: " . $request->base . $request->path_info . '/' . $new_id, null, 201);
$new_talk = $talk_mapper->getTalkById($new_id);
return $new_talk;
}
