Exemple #1
0
 public function getAction($request, $db)
 {
     $user_id = $this->getItemId($request);
     // verbosity
     $verbose = $this->getVerbosity($request);
     // pagination settings
     $start = $this->getStart($request);
     $resultsperpage = $this->getResultsPerPage($request);
     if (isset($request->url_elements[4])) {
         switch ($request->url_elements[4]) {
             case 'talks':
                 $talk_mapper = new TalkMapper($db, $request);
                 $list = $talk_mapper->getTalksBySpeaker($user_id, $resultsperpage, $start, $request, $verbose);
                 break;
             case 'attended':
                 $event_mapper = new EventMapper($db, $request);
                 $list = $event_mapper->getEventsAttendedByUser($user_id, $resultsperpage, $start, $request, $verbose);
                 break;
             default:
                 throw new InvalidArgumentException('Unknown Subrequest', 404);
                 break;
         }
     } else {
         $mapper = new UserMapper($db, $request);
         if ($user_id) {
             $list = $mapper->getUserById($user_id, $verbose);
         } else {
             $list = $mapper->getUserList($resultsperpage, $start, $verbose);
         }
     }
     return $list;
 }
 public function createComment($request, $db)
 {
     $comment = array();
     $comment['event_id'] = $this->getItemId($request);
     if (empty($comment['event_id'])) {
         throw new Exception("POST expects a comment representation sent to a specific event URL", 400);
     }
     // no anonymous comments over the API
     if (!isset($request->user_id) || empty($request->user_id)) {
         throw new Exception('You must log in to comment');
     }
     $user_mapper = new UserMapper($db, $request);
     $users = $user_mapper->getUserById($request->user_id);
     $thisUser = $users['users'][0];
     $rating = $request->getParameter('rating', false);
     if (false === $rating) {
         throw new Exception('The field "rating" is required', 400);
     } elseif (false === is_numeric($rating) || $rating > 5) {
         throw new Exception('The field "rating" must be a number (1-5)', 400);
     }
     $commentText = $request->getParameter('comment');
     if (empty($commentText)) {
         throw new Exception('The field "comment" is required', 400);
     }
     // Get the API key reference to save against the comment
     $oauth_model = $request->getOauthModel($db);
     $consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
     $comment['user_id'] = $request->user_id;
     $comment['comment'] = $commentText;
     $comment['rating'] = $rating;
     $comment['cname'] = $thisUser['full_name'];
     $comment['source'] = $consumer_name;
     // run it by akismet if we have it
     if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
         $spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
         $isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent());
         if (!$isValid) {
             throw new Exception("Comment failed spam check", 400);
         }
     }
     $event_mapper = new EventMapper($db, $request);
     $comment_mapper = new EventCommentMapper($db, $request);
     // should rating be allowed?
     if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) {
         $comment['rating'] = 0;
     }
     if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) {
         // event hosts cannot rate their own event
         $comment['rating'] = 0;
     }
     try {
         $new_id = $comment_mapper->save($comment);
     } catch (Exception $e) {
         // just throw this again but with a 400 status code
         throw new Exception($e->getMessage(), 400);
     }
     // Update the cache count for the number of event comments on this event
     $event_mapper->cacheCommentCount($comment['event_id']);
     $uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id;
     header("Location: " . $uri, null, 201);
     exit;
 }
 public function postAction($request, $db)
 {
     if (!isset($request->user_id)) {
         throw new Exception("You must be logged in to create data", 400);
     }
     if (isset($request->url_elements[4])) {
         switch ($request->url_elements[4]) {
             case 'attending':
                 // the body of this request is completely irrelevant
                 // The logged in user *is* attending the event.  Use DELETE to unattend
                 $event_id = $this->getItemId($request);
                 $event_mapper = new EventMapper($db, $request);
                 $event_mapper->setUserAttendance($event_id, $request->user_id);
                 header("Location: " . $request->base . $request->path_info, null, 201);
                 return;
             default:
                 throw new Exception("Operation not supported, sorry", 404);
         }
     } else {
         // Create a new event, pending unless user has privs
         // incoming data
         $event = array();
         $errors = array();
         $event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING);
         if (empty($event['name'])) {
             $errors[] = "'name' is a required field";
         }
         $event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING);
         if (empty($event['description'])) {
             $errors[] = "'description' is a required field";
         }
         $event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING);
         if (empty($event['location'])) {
             $errors[] = "'location' is a required field (for virtual events, 'online' works)";
         }
         $start_date = strtotime($request->getParameter("start_date"));
         $end_date = strtotime($request->getParameter("end_date"));
         if (!$start_date || !$end_date) {
             $errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format";
         } else {
             // if the dates are okay, sort out timezones
             $event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING);
             $event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING);
             try {
                 // make the timezone, and read in times with respect to that
                 $tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']);
                 $start_date = new DateTime($request->getParameter("start_date"), $tz);
                 $end_date = new DateTime($request->getParameter("end_date"), $tz);
                 $event['start_date'] = $start_date->format('U');
                 $event['end_date'] = $end_date->format('U');
             } catch (Exception $e) {
                 // the time zone isn't right
                 $errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid " . "(e.g. Europe and London)";
             }
         }
         // optional fields - only check if we have no errors as we may need
         // access to $tz.
         if (!$errors) {
             $href = filter_var($request->getParameter("href"), FILTER_VALIDATE_URL);
             if ($href) {
                 $event['href'] = $href;
             }
             $cfp_url = filter_var($request->getParameter("cfp_url"), FILTER_VALIDATE_URL);
             if ($cfp_url) {
                 $event['cfp_url'] = $cfp_url;
             }
             $cfp_start_date = strtotime($request->getParameter("cfp_start_date"));
             if ($cfp_start_date) {
                 $cfp_start_date = new DateTime($request->getParameter("cfp_start_date"), $tz);
                 $event['cfp_start_date'] = $cfp_start_date->format('U');
             }
             $cfp_end_date = strtotime($request->getParameter("cfp_end_date"));
             if ($cfp_end_date) {
                 $cfp_end_date = new DateTime($request->getParameter("cfp_end_date"), $tz);
                 $event['cfp_end_date'] = $cfp_end_date->format('U');
             }
             $latitude = filter_var($request->getParameter("latitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
             if ($latitude) {
                 $event['latitude'] = $latitude;
             }
             $longitude = filter_var($request->getParameter("longitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
             if ($longitude) {
                 $event['longitude'] = $longitude;
             }
             $incoming_tag_list = $request->getParameter('tags');
             if (is_array($incoming_tag_list)) {
                 $tags = array_map(function ($tag) {
                     $tag = filter_var($tag, FILTER_SANITIZE_STRING);
                     $tag = trim($tag);
                     $tag = strtolower($tag);
                     return $tag;
                 }, $incoming_tag_list);
             }
         }
         // How does it look?  With no errors, we can proceed
         if ($errors) {
             throw new Exception(implode(". ", $errors), 400);
         } else {
             $user_mapper = new UserMapper($db, $request);
             $event_mapper = new EventMapper($db, $request);
             $event_owner = $user_mapper->getUserById($request->user_id);
             $event['contact_name'] = $event_owner['users'][0]['full_name'];
             // When a site admin creates an event, we want to approve it immediately
             $approveEventOnCreation = $user_mapper->isSiteAdmin($request->user_id);
             // Do we want to automatically approve when testing?
             if (isset($this->config['features']['allow_auto_approve_events']) && $this->config['features']['allow_auto_approve_events']) {
                 if ($request->getParameter("auto_approve_event") == "true") {
                     // The test suite sends this extra field, if we got
                     // this far then this platform supports this
                     $approveEventOnCreation = true;
                 }
             }
             if ($approveEventOnCreation) {
                 $event_id = $event_mapper->createEvent($event, true);
                 // redirect to event listing
                 header("Location: " . $request->base . $request->path_info . '/' . $event_id, null, 201);
             } else {
                 $event_id = $event_mapper->createEvent($event);
                 // set status to accepted; a pending event won't be visible
                 header("Location: " . $request->base . $request->path_info, null, 202);
             }
             // now set the current user as host and attending
             $event_mapper->addUserAsHost($event_id, $request->user_id);
             $event_mapper->setUserAttendance($event_id, $request->user_id);
             if (isset($tags)) {
                 $event_mapper->setTags($event_id, $tags);
             }
             // Send an email if we didn't auto-approve
             if (!$user_mapper->isSiteAdmin($request->user_id)) {
                 $event = $event_mapper->getPendingEventById($event_id, true);
                 $count = $event_mapper->getPendingEventsCount();
                 $recipients = $user_mapper->getSiteAdminEmails();
                 $emailService = new EventSubmissionEmailService($this->config, $recipients, $event, $count);
                 $emailService->sendEmail();
             }
             exit;
         }
     }
 }
 /**
  * Allow a user to edit their own record
  *
  * @param Request $request the request.
  * @param         $db      the database.
  *
  * @return mixed
  */
 public function updateUser(Request $request, $db)
 {
     if (false === $request->getUserId()) {
         throw new Exception("You must be logged in to change a user account", 400);
     }
     $userId = $this->getItemId($request);
     $user_mapper = new UserMapper($db, $request);
     if ($user_mapper->thisUserHasAdminOn($userId)) {
         $oauthModel = $request->getOauthModel($db);
         $accessToken = $request->getAccessToken();
         // only trusted clients can change account details
         if (!$oauthModel->isAccessTokenPermittedPasswordGrant($accessToken)) {
             throw new Exception("This client does not have permission to perform this operation", 403);
         }
         // start building up a representation of the user
         $user = array("user_id" => $userId);
         $errors = array();
         // start with passwords
         $password = $request->getParameter('password');
         if (!empty($password)) {
             // they must supply their old password to be allowed to set a new one
             $old_password = $request->getParameter('old_password');
             if (empty($old_password)) {
                 throw new Exception('The field "old_password" is needed to update a user password', 400);
             }
             // is the old password correct before we proceed?
             if (!$oauthModel->reverifyUserPassword($userId, $old_password)) {
                 throw new Exception("The credentials could not be verified", 403);
             }
             $validity = $user_mapper->checkPasswordValidity($password);
             if (true === $validity) {
                 // OK good, go ahead
                 $user['password'] = $password;
             } else {
                 // the password wasn't acceptable, tell the user why
                 $errors = array_merge($errors, $validity);
             }
         }
         $user['full_name'] = filter_var(trim($request->getParameter("full_name")), FILTER_SANITIZE_STRING);
         if (empty($user['full_name'])) {
             $errors[] = "'full_name' is a required field";
         }
         $user['email'] = filter_var(trim($request->getParameter("email")), FILTER_VALIDATE_EMAIL);
         if (empty($user['email'])) {
             $errors[] = "A valid entry for 'email' is required";
         } else {
             // does anyone else have this email?
             $existing_user = $user_mapper->getUserByEmail($user['email']);
             if ($existing_user['users']) {
                 // yes but is that our existing user being found?
                 $old_user = $user_mapper->getUserById($userId);
                 if ($old_user['users'][0]['uri'] != $existing_user['users'][0]['uri']) {
                     // the email address exists and not on this user's account
                     $errors[] = "That email is already associated with another account";
                 }
             }
         }
         // Optional Fields
         $twitter_username = $request->getParameter("twitter_username", false);
         if (false !== $twitter_username) {
             $user['twitter_username'] = filter_var(trim($twitter_username), FILTER_SANITIZE_STRING);
         }
         if ($errors) {
             throw new Exception(implode(". ", $errors), 400);
         } else {
             // now update the user
             if (!$user_mapper->editUser($user, $userId)) {
                 throw new Exception("User not updated", 400);
             }
             // we're good!
             header("Content-Length: 0", null, 204);
             exit;
             // no more content
         }
     }
     throw new Exception("Could not update user", 400);
 }