/** * Default user profile page * */ public function indexAction() { $this->view->acl = array('edit' => $this->_helper->hasAccess('edit'), 'delete' => $this->_helper->hasAccess('delete') && $this->_userData['accountId'] != Zend_Auth::getInstance()->getIdentity()->accountId, 'changePassword' => $this->_authAdapter->manageLocally() && $this->_userData['accountId'] == Zend_Auth::getInstance()->getIdentity()->accountId && $this->_helper->hasAccess('change-password'), 'apiAppAdd' => $this->_helper->hasAccess('add', 'ot_apiapp'), 'apiAppDelete' => $this->_helper->hasAccess('delete', 'ot_apiapp'), 'apiAppEdit' => $this->_helper->hasAccess('edit', 'ot_apiapp'), 'apiDocs' => $this->_helper->hasAccess('api-docs', 'ot_apiapp'), 'guestApiAccess' => $this->_helper->hasAccess('index', 'ot_api', $this->_helper->configVar('defaultRole'))); $apiApp = new Ot_Model_DbTable_ApiApp(); $apiApps = $apiApp->getAppsForAccount($this->_userData['accountId'], 'access')->toArray(); $pageRegister = new Ot_Account_Profile_Register(); $pages = $pageRegister->getPages(); $this->view->assign(array('userData' => $this->_userData, 'apiApps' => $apiApps, 'tab' => $this->_getParam('tab', 'account'), 'pages' => $pages)); $this->_helper->pageTitle('ot-account-index:title', array($this->_userData['firstName'], $this->_userData['lastName'], $this->_userData['username'])); }
public function indexAction() { $returnType = 'json'; try { $apiRegister = new Ot_Api_Register(); $vr = new Ot_Config_Register(); $params = $this->_getAllParams(); if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) { $returnType = strtolower($params['type']); } if (!isset($params['endpoint']) || empty($params['endpoint'])) { return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType); } $endpoint = $params['endpoint']; $thisEndpoint = $apiRegister->getApiEndpoint($endpoint); if (is_null($thisEndpoint)) { return $this->_errorOutput('Invalid Endpoint', $returnType, 404); } if (!isset($params['key']) || empty($params['key'])) { return $this->_errorOutput('You must provide an API key', $returnType, 403); } $apiApp = new Ot_Model_DbTable_ApiApp(); $thisApp = $apiApp->getAppByKey($params['key']); if (is_null($thisApp)) { return $this->_errorOutput('Invalid API key', $returnType, 403); } $otAccount = new Ot_Model_DbTable_Account(); $thisAccount = $otAccount->getByAccountId($thisApp->accountId); if (is_null($thisAccount)) { return $this->_errorOutput('No user found for this API key', $returnType, 403); } $acl = new Ot_Acl('remote'); if (count($thisAccount->role) > 1) { $roles = array(); // Get role names from the list of role Ids foreach ($thisAccount->role as $r) { $roles[] = $acl->getRole($r); } // Create a new role that inherits from all the returned roles $roleName = implode(',', $roles); $thisAccount->role = $roleName; $acl->addRole(new Zend_Acl_Role($roleName), $roles); } elseif (count($thisAccount->role) == 1) { $thisAccount->role = array_pop($thisAccount->role); } if (!$acl->hasRole($thisAccount->role)) { $thisAccount->role = $vr->getVar('defaultRole')->getValue(); } $role = $thisAccount->role; if ($role == '' || !$acl->hasRole($role)) { $role = $vr->getVar('defaultRole')->getValue(); } // the api "module" here is really a kind of placeholder $aclResource = 'api_' . strtolower($thisEndpoint->getName()); Zend_Auth::getInstance()->getStorage()->write($thisAccount); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } $data = array(); $apiObject = $thisEndpoint->getEndpointObj(); if ($this->_request->isPost()) { if (!$acl->isAllowed($role, $aclResource, 'post')) { return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403); } try { $data = $apiObject->post($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isPut()) { if (!$acl->isAllowed($role, $aclResource, 'put')) { return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403); } try { $data = $apiObject->put($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isDelete()) { if (!$acl->isAllowed($role, $aclResource, 'delete')) { return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403); } try { $data = $apiObject->delete($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if (!$acl->isAllowed($role, $aclResource, 'get')) { return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403); } try { $data = $apiObject->get($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } } } return $this->_validOutput($data, $returnType); }
public function delete($where) { $inTransaction = false; //whether or not we're in a transaction prior to this $dba = $this->getAdapter(); try { $dba->beginTransaction(); } catch (Exception $e) { $inTransaction = true; } $thisAccount = $this->fetchRow($where); $accountRoles = new Ot_Model_DbTable_AccountRoles(); $apiApps = new Ot_Model_DbTable_ApiApp(); $aar = new Ot_Account_Attribute_Register(); $cahr = new Ot_CustomAttribute_HostRegister(); $thisHost = $cahr->getHost('Ot_Profile'); try { $deleteResult = parent::delete($where); $accountRoles->delete($where); $apiApps->delete($where); $aar->delete($thisAccount->accountId); $thisHost->delete($thisAccount->accountId); } catch (Exception $e) { if (!$inTransaction) { $dba->rollback(); } throw new Ot_Exception('Account delete failed.'); } if (!$inTransaction) { $dba->commit(); } return $deleteResult; }
public function deleteAction() { $appId = $this->_getParam('appId', null); if (is_null($appId)) { throw new Ot_Exception_Input('ot-apiapp-delete:appIdNotSet'); } $apiApp = new Ot_Model_DbTable_ApiApp(); $thisApp = $apiApp->find($appId); if (is_null($thisApp)) { throw new Ot_Exception_Data('ot-apiapp-delete:appNotFound'); } if ($thisApp->accountId != $this->_userData['accountId'] && !$this->_helper->hasAccess('allApps')) { throw new Ot_Exception_Access('ot-apiapp-delete:notAllowedtoEdit'); } if ($this->_request->isPost()) { $apiApp->delete($thisApp->appId); $this->_helper->messenger->addSuccess('ot-apiapp-delete:applicationRemoved'); $this->_helper->redirector->gotoRoute(array('tab' => 'apps', 'accountId' => $this->_userData['accountId']), 'account', true); } else { throw new Ot_Exception_Access('You can not access this method directly'); } }