public function apiDocsAction() { $apiRegistry = new Ot_Api_Register(); $endpoints = $apiRegistry->getApiEndpoints(); $apiMethods = array('get', 'put', 'post', 'delete'); $data = array(); $acl = new Ot_Acl('remote'); $vr = new Ot_Config_Register(); $role = $vr->getVar('defaultRole')->getValue(); if (Zend_Auth::getInstance()->hasIdentity()) { $thisAccount = Zend_Auth::getInstance()->getIdentity(); if (count($thisAccount->role) > 1) { $roles = array(); // Get role names from the list of role Ids foreach ($thisAccount->role as $r) { $roles[] = $acl->getRole($r); } // Create a new role that inherits from all the returned roles $roleName = implode(',', $roles); $role = $roleName; $acl->addRole(new Zend_Acl_Role($roleName), $roles); } elseif (count($thisAccount->role) == 1) { $role = $thisAccount->role[0]; } if ($role == '' || !$acl->hasRole($role)) { $role = $vr->getVar('defaultRole')->getValue(); } } foreach ($endpoints as &$e) { $data[$e->getName()] = array('name' => $e->getName(), 'methods' => array(), 'description' => $e->getDescription()); $reflection = new ReflectionClass($e->getMethodClassname()); $methods = $reflection->getMethods(); foreach ($methods as $m) { // the api "module" here is really a kind of placeholder $aclResource = 'api_' . strtolower($e->getName()); if (in_array($m->name, $apiMethods) && $m->class == $e->getMethodClassname() && $acl->isAllowed($role, $aclResource, $m->name)) { $instructions = 'No instructions provided'; if ($m->getDocComment() != '') { $instructions = $this->_cleanComment($m->getDocComment()); } $data[$e->getName()]['methods'][$m->getName()] = $instructions; } } } $endpoints = array(); foreach ($data as $key => $val) { if (count($val['methods']) != 0) { $endpoints[$key] = $val; } } $this->view->endpoints = $endpoints; $this->_helper->pageTitle('API Documentation'); }
public function indexAction() { $returnType = 'json'; try { $apiRegister = new Ot_Api_Register(); $vr = new Ot_Config_Register(); $params = $this->_getAllParams(); if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) { $returnType = strtolower($params['type']); } if (!isset($params['endpoint']) || empty($params['endpoint'])) { return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType); } $endpoint = $params['endpoint']; $thisEndpoint = $apiRegister->getApiEndpoint($endpoint); if (is_null($thisEndpoint)) { return $this->_errorOutput('Invalid Endpoint', $returnType, 404); } if (!isset($params['key']) || empty($params['key'])) { return $this->_errorOutput('You must provide an API key', $returnType, 403); } $apiApp = new Ot_Model_DbTable_ApiApp(); $thisApp = $apiApp->getAppByKey($params['key']); if (is_null($thisApp)) { return $this->_errorOutput('Invalid API key', $returnType, 403); } $otAccount = new Ot_Model_DbTable_Account(); $thisAccount = $otAccount->getByAccountId($thisApp->accountId); if (is_null($thisAccount)) { return $this->_errorOutput('No user found for this API key', $returnType, 403); } $acl = new Ot_Acl('remote'); if (count($thisAccount->role) > 1) { $roles = array(); // Get role names from the list of role Ids foreach ($thisAccount->role as $r) { $roles[] = $acl->getRole($r); } // Create a new role that inherits from all the returned roles $roleName = implode(',', $roles); $thisAccount->role = $roleName; $acl->addRole(new Zend_Acl_Role($roleName), $roles); } elseif (count($thisAccount->role) == 1) { $thisAccount->role = array_pop($thisAccount->role); } if (!$acl->hasRole($thisAccount->role)) { $thisAccount->role = $vr->getVar('defaultRole')->getValue(); } $role = $thisAccount->role; if ($role == '' || !$acl->hasRole($role)) { $role = $vr->getVar('defaultRole')->getValue(); } // the api "module" here is really a kind of placeholder $aclResource = 'api_' . strtolower($thisEndpoint->getName()); Zend_Auth::getInstance()->getStorage()->write($thisAccount); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } $data = array(); $apiObject = $thisEndpoint->getEndpointObj(); if ($this->_request->isPost()) { if (!$acl->isAllowed($role, $aclResource, 'post')) { return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403); } try { $data = $apiObject->post($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isPut()) { if (!$acl->isAllowed($role, $aclResource, 'put')) { return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403); } try { $data = $apiObject->put($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isDelete()) { if (!$acl->isAllowed($role, $aclResource, 'delete')) { return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403); } try { $data = $apiObject->delete($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if (!$acl->isAllowed($role, $aclResource, 'get')) { return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403); } try { $data = $apiObject->get($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } } } return $this->_validOutput($data, $returnType); }
public function _initApiMethods() { $register = new Ot_Api_Register(); $endpoints = array(); $endpoints[] = new Ot_Api_Endpoint('ot-account', 'Deals with the accounts in the system', 'Ot_Apiendpoint_Account'); $endpoints[] = new Ot_Api_Endpoint('ot-version', 'Returns the OT Framework version numbers', 'Ot_Apiendpoint_Version'); $endpoints[] = new Ot_Api_Endpoint('ot-cron', 'Deals with the cron jobs in the system', 'Ot_Apiendpoint_Cron'); $endpoints[] = new Ot_Api_Endpoint('ot-myaccount', 'Deals with the current API account', 'Ot_Apiendpoint_MyAccount'); $register->registerApiEndpoints($endpoints); }
public function getRemoteResources($roleId = 0) { $roles = $this->getAvailableRoles(); $role = 0; if ($roleId != 0) { if (!isset($roles[$roleId])) { throw new Ot_Exception('Requested role not found in the access list.'); } $role = $roles[$roleId]; } // Sets the denys for the role $denys = array(); if (isset($role['rules'])) { foreach ($role['rules'] as $rule) { if ($rule['type'] == 'deny') { $denys[$rule['resource']] = $rule['privilege']; } } } $result = array(); $filter = new Zend_Filter(); $filter->addFilter(new Zend_Filter_Word_CamelCaseToDash()); $filter->addFilter(new Zend_Filter_StringToLower()); $register = new Ot_Api_Register(); $endpoints = $register->getApiEndpoints(); // the Api $key is really kind of a "fake" key in that the Api module // doesn't exist...it's simply a placeholder $key = "api"; foreach ($endpoints as $endpoint) { $controllerName = $endpoint->getName(); $resource = strtolower($key . '_' . $controllerName); //$resource = strtolower($controllerName); $result[$key][$controllerName]['all'] = array('access' => false, 'inheritRoleId' => ''); $noInheritance = false; $inherit = $roleId; $allows = array(); while (!$noInheritance) { $iAllows = array(); $iDenys = array(); if (isset($roles[$inherit]['rules'])) { foreach ($roles[$inherit]['rules'] as $rule) { if ($rule['type'] == 'allow') { $allows[$rule['resource']] = $rule['privilege']; $iAllows[$rule['resource']] = $rule['privilege']; } else { $iDenys[$rule['resource']] = $rule['privilege']; } } } // Checks to see if the inheriting role allows the rource if (in_array('*', array_keys($allows)) || isset($allows[$resource]) && $allows[$resource] == '*') { /* Checks to see that even though the inheriting role allows the resource that the role in * question doesnt specifically deny it. */ if (!(isset($denys[$resource]) && $denys[$resource] == '*')) { $result[$key][$controllerName]['all']['access'] = true; if (isset($iAllows[$resource]) && $iAllows[$resource] == '*') { $result[$key][$controllerName]['all']['inheritRoleId'] = $inherit; } } } if (isset($roles[$inherit]['inheritRoleId']) && $roles[$inherit]['inheritRoleId'] != 0) { $inherit = $roles[$inherit]['inheritRoleId']; } else { $noInheritance = true; } } $result[$key][$controllerName]['description'] = "API Docs"; if (!isset($result[$key][$controllerName]['part'])) { $result[$key][$controllerName]['part'] = array(); } $methods = array('get', 'put', 'post', 'delete'); foreach ($methods as $action) { if ($role != '') { $holdingVar2 = $this->isAllowed($role['roleId'], $resource, $action); $result[$key][$controllerName]['part'][$action]['access'] = $holdingVar2; } else { $result[$key][$controllerName]['part'][$action]['access'] = false; } $holdingVar3 = strtoupper($action) . ' method for ' . $resource; $result[$key][$controllerName]['part'][$action]['description'] = $holdingVar3; $noInheritance = isset($role['inheritRoleId']) && $role['inheritRoleId'] == 0; $inherit = isset($role['inheritRoleId']) ? $role['inheritRoleId'] : ''; $result[$key][$controllerName]['part'][$action]['inheritRoleId'] = 0; while (!$noInheritance) { $iAllows = array(); $iDenys = array(); if (isset($roles[$inherit]['rules'])) { foreach ($roles[$inherit]['rules'] as $rule) { if ($rule['type'] == 'allow') { $iAllows[] = $rule['resource'] . '_' . $rule['privilege']; } else { $iDenys[] = $rule['resource'] . '_' . $rule['privilege']; } } } if ($result[$key][$controllerName]['part'][$action]['access'] == false) { if (in_array($resource . '_' . $action, $iDenys) && $result[$key][$controllerName]['part'][$action]['inheritRoleId'] == 0) { $result[$key][$controllerName]['part'][$action]['inheritRoleId'] = $inherit; } } else { if (in_array($resource . '_' . $action, $iAllows) && $result[$key][$controllerName]['part'][$action]['inheritRoleId'] == 0) { $result[$key][$resource]['part'][$action]['inheritRoleId'] = $inherit; } } if (isset($roles[$inherit]['inheritRoleId']) && $roles[$inherit]['inheritRoleId'] != 0) { $inherit = $roles[$inherit]['inheritRoleId']; } else { $noInheritance = true; } } } } return $result; }