function metacomplete(folksoQuery $q, folksoWsseCreds $cred, folksoDBconnect $dbc)
{
$i = new folksoDBinteract($dbc);
if ($i->db_error()) {
header('HTTP/1.1 501 Database error');
die($i->error_info());
}
$sql = "select tagdisplay " . " from metatag " . " where " . " tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'";
$i->query($sql);
switch ($i->result_status) {
case 'DBERR':
header('HTTP/1.1 501 Database query error');
die($i->error_info());
break;
case 'NOROWS':
header('HTTP/1.1 204 No matching tags');
return;
break;
case 'OK':
header('HTTP/1.1 200 OK I guess');
while ($row = $i->result->fetch_object()) {
/** For entirely numeric tags, we enclose them in quotes so that
they can be treated as text instead of as ids. **/
if (is_numeric($row->tagdisplay)) {
print '"' . $row->tagdisplay . '"' . "\n";
} else {
print $row->tagdisplay . "\n";
}
}
break;
}
}
function autocomplete(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks)
{
$i = new folksoDBinteract($dbc);
$r = new folksoResponse();
if ($i->db_error()) {
$r->dbConnectionError($i->error_info());
return $r;
}
$sql = "SELECT tagdisplay " . "FROM tag " . "WHERE tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'";
$i->query($sql);
switch ($i->result_status) {
case 'DBERR':
$r->dbQueryError($i->error_info());
return $r;
break;
case 'NOROWS':
$r->setOk(204, 'No matching tags');
return $r;
break;
case 'OK':
$r->setOk(200, 'OK I guess');
while ($row = $i->result->fetch_object()) {
/** For entirely numeric tags, we enclose them in quotes so that
they can be treated as text instead of as ids. **/
if (is_numeric($row->tagdisplay)) {
$r->t('"' . $row->tagdisplay . '"' . "\n");
} else {
$r->t($row->tagdisplay . "\n");
}
}
return $r;
break;
}
}
function testMethodStuff()
{
$q = new folksoQuery(array('REQUEST_METHOD' => 'GET'), array('folksores' => 1234), array());
$this->assertIsA($q, folksoQuery, 'Problem with object creation');
$this->assertEqual($q->method(), 'get', 'Reporting incorrect method');
$this->assertFalse($q->is_write_method, 'is_write_method should report false on GET');
$qq = new folksoQuery(array('REQUEST_METHOD' => 'POST'), array('folksostuff' => 'hoohoa'), array());
$this->assertEqual($qq->method(), 'post', 'Reporting incorrect method, should be post');
$this->assertTrue($qq->is_write_method(), 'Is write method should say true on POST');
}
/**
*
*
*/
function getUserResByTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks)
{
$r = new folksoResponse();
try {
$u = $fks->userSession(null);
if (!$u instanceof folksoUser && !$q->is_param('user')) {
return $r->setError(404, 'No user');
} elseif ($q->is_param('user')) {
$u = new folksoUser($dbc);
// we create a user object anyway
$u->setUid($q->get_param('user'));
if (!$u->exists($q->get_param('user'))) {
return $r->setError(404, 'Missing or invalid user');
}
}
$i = new folksoDBinteract($dbc);
$uq = new folksoUserQuery();
$sql = $uq->resourcesByTag($q->tag, $u->userid);
$i->query($sql);
/* these are inside the try block because exists() hits the DB */
if ($i->rowCount == 0) {
if (isset($u->nick) || $u->exists()) {
return $r->setOk(204, 'User has no resources with this tag');
} else {
// no longer necessary
return $r->setError(404, 'Unknown user');
}
}
} catch (dbException $e) {
return $r->handleDBexception($e);
} catch (badUseridException $e) {
return $r->handleDBexception($e);
// TODO: update this with new class
}
$r->setOk(200, 'Found');
$df = new folksoDisplayFactory();
if ($q->content_type() == 'json') {
$dd = new folksoDataJson('resid', 'url', 'title');
} else {
$dd = $df->ResourceList('xml');
}
$r->t($dd->startform());
while ($row = $i->result->fetch_object()) {
$r->t($dd->line($row->id, htmlspecialchars($row->uri_raw), htmlspecialchars($row->title)));
}
$r->t($dd->endform());
return $r;
}
/**
* Checks to see if this Response should be used to respond to the query $q.
*
* If there are 'exclude' parameters, they are checked first. If any
* of them are present, param_check returns 'false'.
*
* Then we check the 'required' parameters in $this->activate_params
* and returns false if any of them are missing. If one of the
* 'oneof' fields is present (and assuming conditions in the other
* arrays are met), 'true' is returned.
*
* @param folksoQuery $q
* @return boolean
*/
private function param_check(folksoQuery $q)
{
if (is_array($this->activate_params['exclude'])) {
foreach ($this->activate_params['exclude'] as $no) {
if ($q->is_param($no)) {
return false;
}
}
}
$all_requireds = array();
foreach (array($this->activate_params['required'], $this->activate_params['required_single'], $this->activate_params['required_multiple']) as $arr) {
if (is_array($arr)) {
$all_requireds = array_merge($all_requireds, $arr);
}
}
foreach ($all_requireds as $p) {
if (!$q->is_param($p)) {
return false;
}
}
if (is_array($this->activate_params['required_single'])) {
foreach ($this->activate_params['required_single'] as $p) {
if (!$q->is_single_param($p)) {
return false;
}
}
}
if (is_array($this->activate_params['required_multiple'])) {
foreach ($this->activate_params['required_multiple'] as $p) {
if (!$q->is_multiple_param($p)) {
return false;
}
}
}
$oneof = false;
if (is_array($this->activate_params['oneof'])) {
foreach ($this->activate_params['oneof'] as $p) {
if ($q->is_param($p)) {
$oneof = true;
}
}
if (!$oneof) {
return false;
}
}
return true;
}
/**
* rename tag
*
* rename, newname
*
*/
function renameTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks)
{
$r = new folksoResponse();
$u = $fks->userSession(null, 'folkso', 'admin');
if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'admin')) {
return $r->unAuthorized($u);
}
try {
$i = new folksoDBinteract($dbc);
if (!$i->tagp($q->tag)) {
$r->setError(404, 'Tag not found', 'Nothing to rename. No such tag: ' . $q->tag);
return $r;
}
$query = "UPDATE tag\n SET tagdisplay = '" . $i->dbescape($q->get_param('newname')) . "', " . "tagnorm = normalize_tag('" . $i->dbescape($q->get_param('newname')) . "') " . "where ";
if (is_numeric($q->tag)) {
$query .= " id = " . $q->tag;
} else {
$query .= " tagnorm = normalize_tag('" . $i->dbescape($q->tag) . "')";
}
$i->query($query);
} catch (dbException $e) {
return $r->handleDBexception($e);
}
$r->setOk(204, 'Tag renamed');
return $r;
}
/**
* Add a note to a resource
*
* Web params: POST, note, res
*/
function addNote(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks)
{
$r = new folksoResponse();
$u = $fks->userSession(null, 'folkso', 'tag');
if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'tag')) {
return $r->unAuthorized($u);
}
try {
$i = new folksoDBinteract($dbc);
$sql = "INSERT INTO note " . "SET note = '" . $i->dbescape($q->get_param("note")) . "', " . "userid = '" . $u->userid . "', " . "resource_id = ";
if (is_numeric($q->res)) {
$sql .= $q->res;
} else {
$sql .= "(SELECT id FROM resource " . " WHERE uri_normal = url_whack('" . $q->res . "'))";
}
$i->query($sql);
} catch (dbException $e) {
return $r->handleDBexception($e);
}
$r->setOk(202, 'Note accepted');
$r->t("This note will be added to the resource: " . $q->res);
$r->t("\n\nText of the submitted note:\n" . $q->get_param('note'));
return $r;
}
/**
* "True" means authorization _is_ necessary, false means it isn't. We
* could check the fields for some GETs here too, to see if this is an
* individualized GET request. (Or maybe it isn't necessary to do so
* either.)
*
* @param folksoQuery $q
*/
function is_auth_necessary(folksoQuery $q)
{
return false;
if ($q->method() == 'get' || $q->method() == 'head' || $this->clientAccessRestrict == 'LOCAL') {
return false;
} else {
return true;
}
}
