public function apiDocsAction()
{
$apiRegistry = new Ot_Api_Register();
$endpoints = $apiRegistry->getApiEndpoints();
$apiMethods = array('get', 'put', 'post', 'delete');
$data = array();
$acl = new Ot_Acl('remote');
$vr = new Ot_Config_Register();
$role = $vr->getVar('defaultRole')->getValue();
if (Zend_Auth::getInstance()->hasIdentity()) {
$thisAccount = Zend_Auth::getInstance()->getIdentity();
if (count($thisAccount->role) > 1) {
$roles = array();
// Get role names from the list of role Ids
foreach ($thisAccount->role as $r) {
$roles[] = $acl->getRole($r);
}
// Create a new role that inherits from all the returned roles
$roleName = implode(',', $roles);
$role = $roleName;
$acl->addRole(new Zend_Acl_Role($roleName), $roles);
} elseif (count($thisAccount->role) == 1) {
$role = $thisAccount->role[0];
}
if ($role == '' || !$acl->hasRole($role)) {
$role = $vr->getVar('defaultRole')->getValue();
}
}
foreach ($endpoints as &$e) {
$data[$e->getName()] = array('name' => $e->getName(), 'methods' => array(), 'description' => $e->getDescription());
$reflection = new ReflectionClass($e->getMethodClassname());
$methods = $reflection->getMethods();
foreach ($methods as $m) {
// the api "module" here is really a kind of placeholder
$aclResource = 'api_' . strtolower($e->getName());
if (in_array($m->name, $apiMethods) && $m->class == $e->getMethodClassname() && $acl->isAllowed($role, $aclResource, $m->name)) {
$instructions = 'No instructions provided';
if ($m->getDocComment() != '') {
$instructions = $this->_cleanComment($m->getDocComment());
}
$data[$e->getName()]['methods'][$m->getName()] = $instructions;
}
}
}
$endpoints = array();
foreach ($data as $key => $val) {
if (count($val['methods']) != 0) {
$endpoints[$key] = $val;
}
}
$this->view->endpoints = $endpoints;
$this->_helper->pageTitle('API Documentation');
}
public function indexAction()
{
$returnType = 'json';
try {
$apiRegister = new Ot_Api_Register();
$vr = new Ot_Config_Register();
$params = $this->_getAllParams();
if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) {
$returnType = strtolower($params['type']);
}
if (!isset($params['endpoint']) || empty($params['endpoint'])) {
return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType);
}
$endpoint = $params['endpoint'];
$thisEndpoint = $apiRegister->getApiEndpoint($endpoint);
if (is_null($thisEndpoint)) {
return $this->_errorOutput('Invalid Endpoint', $returnType, 404);
}
if (!isset($params['key']) || empty($params['key'])) {
return $this->_errorOutput('You must provide an API key', $returnType, 403);
}
$apiApp = new Ot_Model_DbTable_ApiApp();
$thisApp = $apiApp->getAppByKey($params['key']);
if (is_null($thisApp)) {
return $this->_errorOutput('Invalid API key', $returnType, 403);
}
$otAccount = new Ot_Model_DbTable_Account();
$thisAccount = $otAccount->getByAccountId($thisApp->accountId);
if (is_null($thisAccount)) {
return $this->_errorOutput('No user found for this API key', $returnType, 403);
}
$acl = new Ot_Acl('remote');
if (count($thisAccount->role) > 1) {
$roles = array();
// Get role names from the list of role Ids
foreach ($thisAccount->role as $r) {
$roles[] = $acl->getRole($r);
}
// Create a new role that inherits from all the returned roles
$roleName = implode(',', $roles);
$thisAccount->role = $roleName;
$acl->addRole(new Zend_Acl_Role($roleName), $roles);
} elseif (count($thisAccount->role) == 1) {
$thisAccount->role = array_pop($thisAccount->role);
}
if (!$acl->hasRole($thisAccount->role)) {
$thisAccount->role = $vr->getVar('defaultRole')->getValue();
}
$role = $thisAccount->role;
if ($role == '' || !$acl->hasRole($role)) {
$role = $vr->getVar('defaultRole')->getValue();
}
// the api "module" here is really a kind of placeholder
$aclResource = 'api_' . strtolower($thisEndpoint->getName());
Zend_Auth::getInstance()->getStorage()->write($thisAccount);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
$data = array();
$apiObject = $thisEndpoint->getEndpointObj();
if ($this->_request->isPost()) {
if (!$acl->isAllowed($role, $aclResource, 'post')) {
return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403);
}
try {
$data = $apiObject->post($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isPut()) {
if (!$acl->isAllowed($role, $aclResource, 'put')) {
return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403);
}
try {
$data = $apiObject->put($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isDelete()) {
if (!$acl->isAllowed($role, $aclResource, 'delete')) {
return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403);
}
try {
$data = $apiObject->delete($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if (!$acl->isAllowed($role, $aclResource, 'get')) {
return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403);
}
try {
$data = $apiObject->get($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
}
}
}
return $this->_validOutput($data, $returnType);
}
/**
* Processes the access list passed through adding and editing a role
*
* @param array $data
* @param string $inheritRoleName
* @return array
*/
protected function _processAccessList($data, $inheritRoleId, $scope = 'application')
{
if ($scope == 'remote') {
$acl = new Ot_Acl('remote');
$resources = $acl->getRemoteResources($inheritRoleId);
} else {
$acl = new Ot_Acl();
$resources = $acl->getResources($inheritRoleId);
$acl = $this->_acl;
}
if ($inheritRoleId == 0) {
$inheritRoleId = null;
}
$rules = array();
foreach ($resources as $module => $controllers) {
foreach ($controllers as $controller => $actions) {
$resource = strtolower($module . '_' . $controller);
if (isset($data[$module][$controller]['all'])) {
if ($data[$module][$controller]['all'] == 'allow') {
if (!$acl->isAllowed($inheritRoleId, $resource)) {
$rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => '*');
}
$parts = array_keys($actions['part']);
foreach ($parts as $action) {
if (isset($data[$module][$controller]['part'][$action])) {
if ($data[$module][$controller]['part'][$action] == 'deny') {
$rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => $action);
}
}
}
} else {
if ($acl->isAllowed($inheritRoleId, $resource)) {
$rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => '*');
}
$parts = array_keys($actions['part']);
foreach ($parts as $action) {
if (isset($data[$module][$controller]['part'][$action])) {
if ($data[$module][$controller]['part'][$action] == 'allow' && ($acl->isAllowed($inheritRoleId, $resource) || !$acl->isAllowed($inheritRoleId, $resource, $action))) {
$rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => $action);
}
}
}
}
} else {
$parts = array_keys($actions['part']);
foreach ($parts as $action) {
if (isset($data[$module][$controller]['part'][$action])) {
if ($data[$module][$controller]['part'][$action] == 'allow' && !$acl->isAllowed($inheritRoleId, $resource, $action)) {
$rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => $action);
}
if ($data[$module][$controller]['part'][$action] == 'deny' && $acl->isAllowed($inheritRoleId, $resource, $action)) {
$rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => $action);
}
}
}
}
}
}
return $rules;
}
