/**
* Send an email to feedback email address
*
* Expected fields:
* - client_id
* - client_secret
* - name
* - email
* - subject
* - comment
*
* @param Request $request
* @param PDO $db
*
* @return void
*/
public function contact($request, $db)
{
// only trusted clients can contact us to save on spam
$clientId = $request->getParameter('client_id');
$clientSecret = $request->getParameter('client_secret');
$this->oauthModel = $request->getOauthModel($db);
if (!$this->oauthModel->isClientPermittedPasswordGrant($clientId, $clientSecret)) {
throw new Exception("This client cannot perform this action", 403);
}
$fields = ['name', 'email', 'subject', 'comment'];
$error = [];
foreach ($fields as $name) {
$value = $request->getParameter($name);
if (empty($value)) {
$error[] = "'{$name}'";
}
$data[$name] = $value;
}
if (!empty($error)) {
$message = 'The field';
$message .= count($error) == 1 ? ' ' : 's ';
$message .= implode(', ', $error);
$message .= count($error) == 1 ? ' is ' : ' are ';
$message .= 'required.';
throw new Exception($message, 400);
}
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($data['comment'], $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
$emailService = new ContactEmailService($this->config);
$emailService->sendEmail($data);
header("Content-Length: 0", null, 202);
exit;
}
public function createComment($request, $db)
{
$comment = array();
$comment['event_id'] = $this->getItemId($request);
if (empty($comment['event_id'])) {
throw new Exception("POST expects a comment representation sent to a specific event URL", 400);
}
// no anonymous comments over the API
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to comment');
}
$user_mapper = new UserMapper($db, $request);
$users = $user_mapper->getUserById($request->user_id);
$thisUser = $users['users'][0];
$rating = $request->getParameter('rating', false);
if (false === $rating) {
throw new Exception('The field "rating" is required', 400);
} elseif (false === is_numeric($rating) || $rating > 5) {
throw new Exception('The field "rating" must be a number (1-5)', 400);
}
$commentText = $request->getParameter('comment');
if (empty($commentText)) {
throw new Exception('The field "comment" is required', 400);
}
// Get the API key reference to save against the comment
$oauth_model = $request->getOauthModel($db);
$consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
$comment['user_id'] = $request->user_id;
$comment['comment'] = $commentText;
$comment['rating'] = $rating;
$comment['cname'] = $thisUser['full_name'];
$comment['source'] = $consumer_name;
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
$event_mapper = new EventMapper($db, $request);
$comment_mapper = new EventCommentMapper($db, $request);
// should rating be allowed?
if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) {
$comment['rating'] = 0;
}
if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) {
// event hosts cannot rate their own event
$comment['rating'] = 0;
}
try {
$new_id = $comment_mapper->save($comment);
} catch (Exception $e) {
// just throw this again but with a 400 status code
throw new Exception($e->getMessage(), 400);
}
// Update the cache count for the number of event comments on this event
$event_mapper->cacheCommentCount($comment['event_id']);
$uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id;
header("Location: " . $uri, null, 201);
exit;
}
public function postAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
$talk_id = $this->getItemId($request);
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case "comments":
$comment = $request->getParameter('comment');
if (empty($comment)) {
throw new Exception('The field "comment" is required', 400);
}
$rating = $request->getParameter('rating');
if (empty($rating)) {
throw new Exception('The field "rating" is required', 400);
}
$private = $request->getParameter('private') ? 1 : 0;
// Get the API key reference to save against the comment
$oauth_model = $request->getOauthModel($db);
$consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
$talk_mapper = new TalkMapper($db, $request);
$comment_mapper = new TalkCommentMapper($db, $request);
$data['user_id'] = $request->user_id;
$data['talk_id'] = $talk_id;
$data['comment'] = $comment;
$data['rating'] = $rating;
$data['private'] = $private;
$data['source'] = $consumer_name;
try {
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($data, $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
// should rating be allowed?
if ($comment_mapper->hasUserRatedThisTalk($data['user_id'], $data['talk_id'])) {
$data['rating'] = 0;
}
if ($talk_mapper->isUserASpeakerOnTalk($data['talk_id'], $data['user_id'])) {
// speakers cannot cannot rate their own talk
$data['rating'] = 0;
}
$new_id = $comment_mapper->save($data);
} catch (Exception $e) {
// just throw this again but with a 400 status code
throw new Exception($e->getMessage(), 400);
}
if ($new_id) {
$comment = $comment_mapper->getCommentById($new_id);
$talk = $talk_mapper->getTalkById($talk_id);
$speakers = $talk_mapper->getSpeakerEmailsByTalkId($talk_id);
$recipients = array();
foreach ($speakers as $person) {
$recipients[] = $person['email'];
}
$emailService = new TalkCommentEmailService($this->config, $recipients, $talk, $comment);
$emailService->sendEmail();
$uri = $request->base . '/' . $request->version . '/talk_comments/' . $new_id;
header("Location: " . $uri, true, 201);
exit;
} else {
throw new Exception("The comment could not be stored", 400);
}
break;
case 'starred':
// the body of this request is completely irrelevant
// The logged in user *is* attending the talk. Use DELETE to unattend
$talk_mapper = new TalkMapper($db, $request);
$talk_mapper->setUserStarred($talk_id, $request->user_id);
header("Location: " . $request->base . $request->path_info, null, 201);
exit;
default:
throw new Exception("Operation not supported, sorry", 404);
}
} else {
throw new Exception("method not supported - sorry");
}
}
