/**
* Default user profile page
*
*/
public function indexAction()
{
$this->view->acl = array('edit' => $this->_helper->hasAccess('edit'), 'delete' => $this->_helper->hasAccess('delete') && $this->_userData['accountId'] != Zend_Auth::getInstance()->getIdentity()->accountId, 'changePassword' => $this->_authAdapter->manageLocally() && $this->_userData['accountId'] == Zend_Auth::getInstance()->getIdentity()->accountId && $this->_helper->hasAccess('change-password'), 'apiAppAdd' => $this->_helper->hasAccess('add', 'ot_apiapp'), 'apiAppDelete' => $this->_helper->hasAccess('delete', 'ot_apiapp'), 'apiAppEdit' => $this->_helper->hasAccess('edit', 'ot_apiapp'), 'apiDocs' => $this->_helper->hasAccess('api-docs', 'ot_apiapp'), 'guestApiAccess' => $this->_helper->hasAccess('index', 'ot_api', $this->_helper->configVar('defaultRole')));
$apiApp = new Ot_Model_DbTable_ApiApp();
$apiApps = $apiApp->getAppsForAccount($this->_userData['accountId'], 'access')->toArray();
$pageRegister = new Ot_Account_Profile_Register();
$pages = $pageRegister->getPages();
$this->view->assign(array('userData' => $this->_userData, 'apiApps' => $apiApps, 'tab' => $this->_getParam('tab', 'account'), 'pages' => $pages));
$this->_helper->pageTitle('ot-account-index:title', array($this->_userData['firstName'], $this->_userData['lastName'], $this->_userData['username']));
}
public function indexAction()
{
$returnType = 'json';
try {
$apiRegister = new Ot_Api_Register();
$vr = new Ot_Config_Register();
$params = $this->_getAllParams();
if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) {
$returnType = strtolower($params['type']);
}
if (!isset($params['endpoint']) || empty($params['endpoint'])) {
return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType);
}
$endpoint = $params['endpoint'];
$thisEndpoint = $apiRegister->getApiEndpoint($endpoint);
if (is_null($thisEndpoint)) {
return $this->_errorOutput('Invalid Endpoint', $returnType, 404);
}
if (!isset($params['key']) || empty($params['key'])) {
return $this->_errorOutput('You must provide an API key', $returnType, 403);
}
$apiApp = new Ot_Model_DbTable_ApiApp();
$thisApp = $apiApp->getAppByKey($params['key']);
if (is_null($thisApp)) {
return $this->_errorOutput('Invalid API key', $returnType, 403);
}
$otAccount = new Ot_Model_DbTable_Account();
$thisAccount = $otAccount->getByAccountId($thisApp->accountId);
if (is_null($thisAccount)) {
return $this->_errorOutput('No user found for this API key', $returnType, 403);
}
$acl = new Ot_Acl('remote');
if (count($thisAccount->role) > 1) {
$roles = array();
// Get role names from the list of role Ids
foreach ($thisAccount->role as $r) {
$roles[] = $acl->getRole($r);
}
// Create a new role that inherits from all the returned roles
$roleName = implode(',', $roles);
$thisAccount->role = $roleName;
$acl->addRole(new Zend_Acl_Role($roleName), $roles);
} elseif (count($thisAccount->role) == 1) {
$thisAccount->role = array_pop($thisAccount->role);
}
if (!$acl->hasRole($thisAccount->role)) {
$thisAccount->role = $vr->getVar('defaultRole')->getValue();
}
$role = $thisAccount->role;
if ($role == '' || !$acl->hasRole($role)) {
$role = $vr->getVar('defaultRole')->getValue();
}
// the api "module" here is really a kind of placeholder
$aclResource = 'api_' . strtolower($thisEndpoint->getName());
Zend_Auth::getInstance()->getStorage()->write($thisAccount);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
$data = array();
$apiObject = $thisEndpoint->getEndpointObj();
if ($this->_request->isPost()) {
if (!$acl->isAllowed($role, $aclResource, 'post')) {
return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403);
}
try {
$data = $apiObject->post($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isPut()) {
if (!$acl->isAllowed($role, $aclResource, 'put')) {
return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403);
}
try {
$data = $apiObject->put($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isDelete()) {
if (!$acl->isAllowed($role, $aclResource, 'delete')) {
return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403);
}
try {
$data = $apiObject->delete($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if (!$acl->isAllowed($role, $aclResource, 'get')) {
return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403);
}
try {
$data = $apiObject->get($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
}
}
}
return $this->_validOutput($data, $returnType);
}
public function delete($where)
{
$inTransaction = false;
//whether or not we're in a transaction prior to this
$dba = $this->getAdapter();
try {
$dba->beginTransaction();
} catch (Exception $e) {
$inTransaction = true;
}
$thisAccount = $this->fetchRow($where);
$accountRoles = new Ot_Model_DbTable_AccountRoles();
$apiApps = new Ot_Model_DbTable_ApiApp();
$aar = new Ot_Account_Attribute_Register();
$cahr = new Ot_CustomAttribute_HostRegister();
$thisHost = $cahr->getHost('Ot_Profile');
try {
$deleteResult = parent::delete($where);
$accountRoles->delete($where);
$apiApps->delete($where);
$aar->delete($thisAccount->accountId);
$thisHost->delete($thisAccount->accountId);
} catch (Exception $e) {
if (!$inTransaction) {
$dba->rollback();
}
throw new Ot_Exception('Account delete failed.');
}
if (!$inTransaction) {
$dba->commit();
}
return $deleteResult;
}
public function deleteAction()
{
$appId = $this->_getParam('appId', null);
if (is_null($appId)) {
throw new Ot_Exception_Input('ot-apiapp-delete:appIdNotSet');
}
$apiApp = new Ot_Model_DbTable_ApiApp();
$thisApp = $apiApp->find($appId);
if (is_null($thisApp)) {
throw new Ot_Exception_Data('ot-apiapp-delete:appNotFound');
}
if ($thisApp->accountId != $this->_userData['accountId'] && !$this->_helper->hasAccess('allApps')) {
throw new Ot_Exception_Access('ot-apiapp-delete:notAllowedtoEdit');
}
if ($this->_request->isPost()) {
$apiApp->delete($thisApp->appId);
$this->_helper->messenger->addSuccess('ot-apiapp-delete:applicationRemoved');
$this->_helper->redirector->gotoRoute(array('tab' => 'apps', 'accountId' => $this->_userData['accountId']), 'account', true);
} else {
throw new Ot_Exception_Access('You can not access this method directly');
}
}
