public function getAction($request, $db)
{
$user_id = $this->getItemId($request);
// verbosity
$verbose = $this->getVerbosity($request);
// pagination settings
$start = $this->getStart($request);
$resultsperpage = $this->getResultsPerPage($request);
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'talks':
$talk_mapper = new TalkMapper($db, $request);
$list = $talk_mapper->getTalksBySpeaker($user_id, $resultsperpage, $start, $request, $verbose);
break;
case 'attended':
$event_mapper = new EventMapper($db, $request);
$list = $event_mapper->getEventsAttendedByUser($user_id, $resultsperpage, $start, $request, $verbose);
break;
default:
throw new InvalidArgumentException('Unknown Subrequest', 404);
break;
}
} else {
$mapper = new UserMapper($db, $request);
if ($user_id) {
$list = $mapper->getUserById($user_id, $verbose);
} else {
$list = $mapper->getUserList($resultsperpage, $start, $verbose);
}
}
return $list;
}
public function createComment($request, $db)
{
$comment = array();
$comment['event_id'] = $this->getItemId($request);
if (empty($comment['event_id'])) {
throw new Exception("POST expects a comment representation sent to a specific event URL", 400);
}
// no anonymous comments over the API
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to comment');
}
$user_mapper = new UserMapper($db, $request);
$users = $user_mapper->getUserById($request->user_id);
$thisUser = $users['users'][0];
$rating = $request->getParameter('rating', false);
if (false === $rating) {
throw new Exception('The field "rating" is required', 400);
} elseif (false === is_numeric($rating) || $rating > 5) {
throw new Exception('The field "rating" must be a number (1-5)', 400);
}
$commentText = $request->getParameter('comment');
if (empty($commentText)) {
throw new Exception('The field "comment" is required', 400);
}
// Get the API key reference to save against the comment
$oauth_model = $request->getOauthModel($db);
$consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
$comment['user_id'] = $request->user_id;
$comment['comment'] = $commentText;
$comment['rating'] = $rating;
$comment['cname'] = $thisUser['full_name'];
$comment['source'] = $consumer_name;
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
$event_mapper = new EventMapper($db, $request);
$comment_mapper = new EventCommentMapper($db, $request);
// should rating be allowed?
if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) {
$comment['rating'] = 0;
}
if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) {
// event hosts cannot rate their own event
$comment['rating'] = 0;
}
try {
$new_id = $comment_mapper->save($comment);
} catch (Exception $e) {
// just throw this again but with a 400 status code
throw new Exception($e->getMessage(), 400);
}
// Update the cache count for the number of event comments on this event
$event_mapper->cacheCommentCount($comment['event_id']);
$uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id;
header("Location: " . $uri, null, 201);
exit;
}
public function postAction($request, $db)
{
if (!isset($request->user_id)) {
throw new Exception("You must be logged in to create data", 400);
}
if (isset($request->url_elements[4])) {
switch ($request->url_elements[4]) {
case 'attending':
// the body of this request is completely irrelevant
// The logged in user *is* attending the event. Use DELETE to unattend
$event_id = $this->getItemId($request);
$event_mapper = new EventMapper($db, $request);
$event_mapper->setUserAttendance($event_id, $request->user_id);
header("Location: " . $request->base . $request->path_info, null, 201);
return;
default:
throw new Exception("Operation not supported, sorry", 404);
}
} else {
// Create a new event, pending unless user has privs
// incoming data
$event = array();
$errors = array();
$event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING);
if (empty($event['name'])) {
$errors[] = "'name' is a required field";
}
$event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING);
if (empty($event['description'])) {
$errors[] = "'description' is a required field";
}
$event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING);
if (empty($event['location'])) {
$errors[] = "'location' is a required field (for virtual events, 'online' works)";
}
$start_date = strtotime($request->getParameter("start_date"));
$end_date = strtotime($request->getParameter("end_date"));
if (!$start_date || !$end_date) {
$errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format";
} else {
// if the dates are okay, sort out timezones
$event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING);
$event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING);
try {
// make the timezone, and read in times with respect to that
$tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
$start_date = new DateTime($request->getParameter("start_date"), $tz);
$end_date = new DateTime($request->getParameter("end_date"), $tz);
$event['start_date'] = $start_date->format('U');
$event['end_date'] = $end_date->format('U');
} catch (Exception $e) {
// the time zone isn't right
$errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid " . "(e.g. Europe and London)";
}
}
// optional fields - only check if we have no errors as we may need
// access to $tz.
if (!$errors) {
$href = filter_var($request->getParameter("href"), FILTER_VALIDATE_URL);
if ($href) {
$event['href'] = $href;
}
$cfp_url = filter_var($request->getParameter("cfp_url"), FILTER_VALIDATE_URL);
if ($cfp_url) {
$event['cfp_url'] = $cfp_url;
}
$cfp_start_date = strtotime($request->getParameter("cfp_start_date"));
if ($cfp_start_date) {
$cfp_start_date = new DateTime($request->getParameter("cfp_start_date"), $tz);
$event['cfp_start_date'] = $cfp_start_date->format('U');
}
$cfp_end_date = strtotime($request->getParameter("cfp_end_date"));
if ($cfp_end_date) {
$cfp_end_date = new DateTime($request->getParameter("cfp_end_date"), $tz);
$event['cfp_end_date'] = $cfp_end_date->format('U');
}
$latitude = filter_var($request->getParameter("latitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
if ($latitude) {
$event['latitude'] = $latitude;
}
$longitude = filter_var($request->getParameter("longitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
if ($longitude) {
$event['longitude'] = $longitude;
}
$incoming_tag_list = $request->getParameter('tags');
if (is_array($incoming_tag_list)) {
$tags = array_map(function ($tag) {
$tag = filter_var($tag, FILTER_SANITIZE_STRING);
$tag = trim($tag);
$tag = strtolower($tag);
return $tag;
}, $incoming_tag_list);
}
}
// How does it look? With no errors, we can proceed
if ($errors) {
throw new Exception(implode(". ", $errors), 400);
} else {
$user_mapper = new UserMapper($db, $request);
$event_mapper = new EventMapper($db, $request);
$event_owner = $user_mapper->getUserById($request->user_id);
$event['contact_name'] = $event_owner['users'][0]['full_name'];
// When a site admin creates an event, we want to approve it immediately
$approveEventOnCreation = $user_mapper->isSiteAdmin($request->user_id);
// Do we want to automatically approve when testing?
if (isset($this->config['features']['allow_auto_approve_events']) && $this->config['features']['allow_auto_approve_events']) {
if ($request->getParameter("auto_approve_event") == "true") {
// The test suite sends this extra field, if we got
// this far then this platform supports this
$approveEventOnCreation = true;
}
}
if ($approveEventOnCreation) {
$event_id = $event_mapper->createEvent($event, true);
// redirect to event listing
header("Location: " . $request->base . $request->path_info . '/' . $event_id, null, 201);
} else {
$event_id = $event_mapper->createEvent($event);
// set status to accepted; a pending event won't be visible
header("Location: " . $request->base . $request->path_info, null, 202);
}
// now set the current user as host and attending
$event_mapper->addUserAsHost($event_id, $request->user_id);
$event_mapper->setUserAttendance($event_id, $request->user_id);
if (isset($tags)) {
$event_mapper->setTags($event_id, $tags);
}
// Send an email if we didn't auto-approve
if (!$user_mapper->isSiteAdmin($request->user_id)) {
$event = $event_mapper->getPendingEventById($event_id, true);
$count = $event_mapper->getPendingEventsCount();
$recipients = $user_mapper->getSiteAdminEmails();
$emailService = new EventSubmissionEmailService($this->config, $recipients, $event, $count);
$emailService->sendEmail();
}
exit;
}
}
}
/**
* Allow a user to edit their own record
*
* @param Request $request the request.
* @param $db the database.
*
* @return mixed
*/
public function updateUser(Request $request, $db)
{
if (false === $request->getUserId()) {
throw new Exception("You must be logged in to change a user account", 400);
}
$userId = $this->getItemId($request);
$user_mapper = new UserMapper($db, $request);
if ($user_mapper->thisUserHasAdminOn($userId)) {
$oauthModel = $request->getOauthModel($db);
$accessToken = $request->getAccessToken();
// only trusted clients can change account details
if (!$oauthModel->isAccessTokenPermittedPasswordGrant($accessToken)) {
throw new Exception("This client does not have permission to perform this operation", 403);
}
// start building up a representation of the user
$user = array("user_id" => $userId);
$errors = array();
// start with passwords
$password = $request->getParameter('password');
if (!empty($password)) {
// they must supply their old password to be allowed to set a new one
$old_password = $request->getParameter('old_password');
if (empty($old_password)) {
throw new Exception('The field "old_password" is needed to update a user password', 400);
}
// is the old password correct before we proceed?
if (!$oauthModel->reverifyUserPassword($userId, $old_password)) {
throw new Exception("The credentials could not be verified", 403);
}
$validity = $user_mapper->checkPasswordValidity($password);
if (true === $validity) {
// OK good, go ahead
$user['password'] = $password;
} else {
// the password wasn't acceptable, tell the user why
$errors = array_merge($errors, $validity);
}
}
$user['full_name'] = filter_var(trim($request->getParameter("full_name")), FILTER_SANITIZE_STRING);
if (empty($user['full_name'])) {
$errors[] = "'full_name' is a required field";
}
$user['email'] = filter_var(trim($request->getParameter("email")), FILTER_VALIDATE_EMAIL);
if (empty($user['email'])) {
$errors[] = "A valid entry for 'email' is required";
} else {
// does anyone else have this email?
$existing_user = $user_mapper->getUserByEmail($user['email']);
if ($existing_user['users']) {
// yes but is that our existing user being found?
$old_user = $user_mapper->getUserById($userId);
if ($old_user['users'][0]['uri'] != $existing_user['users'][0]['uri']) {
// the email address exists and not on this user's account
$errors[] = "That email is already associated with another account";
}
}
}
// Optional Fields
$twitter_username = $request->getParameter("twitter_username", false);
if (false !== $twitter_username) {
$user['twitter_username'] = filter_var(trim($twitter_username), FILTER_SANITIZE_STRING);
}
if ($errors) {
throw new Exception(implode(". ", $errors), 400);
} else {
// now update the user
if (!$user_mapper->editUser($user, $userId)) {
throw new Exception("User not updated", 400);
}
// we're good!
header("Content-Length: 0", null, 204);
exit;
// no more content
}
}
throw new Exception("Could not update user", 400);
}