/** * Returns some basic info about the current user. * * @param $params - ignored, filled for API concurrency. * @return response array with username, id, fullname * */ function run($params) { if (currentuser::getInstance() != null) { $response = new response('Success'); $user = currentuser::getInstance(); $response->set('name', $user->fullname); $response->set('user', $user->getUsername()); $response->set('id', $user->getID()); return $response; } else { return new error('Access denied', 403); } }
/** * Calls all the methods necessary to do a login * * @param $params * Array of parameters * - $params['POST']['username']: The username of the user POSTed to the page * - $params['POST']['password']: The password of the user POSTed to the page * @return * A response object with a session ID on success, an error object on failure to login */ public function do_login($params) { /* * Assumes we've already checked for an existing session - which we do in index * Will hand out as many sessions for a valid login as the user wants * If we had malicious users they could use this to flood memcache and force other users sessions to expire */ $username = $params['POST']['username']; # Don't allow logins via GET! $password = $params['POST']['password']; # Don't allow logins via GET! /* * Make sure we were called properly */ if (is_null($username) || empty($username)) { return new error('No username supplied', 403); } if (is_null($password) || empty($password)) { return new error('No password supplied', 403); } if (login::valid_credentials($username, $password, $user_id, $response)) { // Make a session and all that lovely stuff // If we successfully put out session into memcache if (login::create_session($user_id, &$response)) { currentuser::set(new user($user_id)); $resp = new response('Login success'); $resp->set('session_id', $response); $resp->set('user_id', $user_id); return $resp; } else { return new error($response, 500); } } else { return new error($response, 403); } }
/** * Performs the fetch of the current status * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * - $params->user: User ID making the request * @return * A character corresponding to the current status on success * FALSE is permission denied * NULL if no work request */ function run($params) { $request_id = $params['GET']['wr']; $access = access::getInstance(); if ($access->permitted('wr/view', $request_id)) { $result = db_query('SELECT * FROM request_status WHERE request_id = %d ORDER BY status_on DESC LIMIT 1', $request_id); if (db_num_rows($result) > 0) { $response = new response('Success'); $object = new WrmsStatus(); $object->populate(db_fetch_object($result)); $response->set('status', $object); return $response; } return new error('No status records found for that Work Request. Please ensure the WR exists.', 400); } else { return new error('Access denied', 403); } }
/** * Performs the fetch of the timesheets by work request * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * - $params->user: User ID making the request * - $params->start_date: Start date to search by * - $params->end_date: End date to search by * Start_date and End_date are inclusive, results will be returned for those days as well. * If one date is ommited a result set its returned for the one day specified by the other date * @return * An array of timesheets or an empty array if no results */ function run($params) { $access = access::getInstance(); $from = $params['GET']['start_date']; $to = $params['GET']['end_date']; $request_id = $params['GET']['wr']; if ($access->permitted('wr/timesheet/view', $request_id)) { $sql = 'SELECT * FROM request_timesheet WHERE request_id = %d '; /* * There may be a better way to do this, but it seems like a sensible validation and or injection stopper - any invalid date will be 1970-01-01 */ if ($from) { $from = date('Y-m-d', strtotime($from)); if ($from == "1970-01-01") { return new error('Invalid date format in start date. Required format: yyyy-mm-dd'); } else { $sql .= "AND work_on >= '{$from}' "; } } if ($to) { $to = date('Y-m-d', strtotime($to)); if ($to == "1970-01-01") { return new error('Invalid date format in end date. Required format: yyyy-mm-dd'); } else { $sql .= "AND work_on <= '{$to}' "; } } $sql .= 'ORDER BY timesheet_id DESC'; $result = db_query($sql, $request_id); $response = new response('Success'); $return = array(); if (db_num_rows($result) > 0) { while ($row = db_fetch_object($result)) { $obj = new WrmsTimeSheet(); $obj->populate($row); $return[] = $obj; } } $response->set('timesheetentries', $return); return $response; } else { return new error('Access denied', 403); } }
/** * Performs the fetch of attached notes * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * - $params->user: User ID making the request * @return * An array of notes on success * An empty array on failure */ function run($params) { $request_id = $params['GET']['wr']; $access = access::getInstance(); if ($access->permitted('wr/view', $request_id)) { $result = db_query('SELECT * FROM request_note WHERE request_id = %d ORDER BY note_on', $request_id); $response = new response('Success'); $notes = array(); while ($row = db_fetch_object($result)) { $note = new WrmsRequestNote(); $note->populateNow($row); $notes[] = $note; } $response->set('notes', $notes); return $response; } else { return new error('Access denied', '403'); } }
/** * Performs the fetch of the subscribed users * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * - $params->user: User ID making the request * @return * An array of users on success * Empty array of failure */ function run($params) { $request_id = $params['GET']['wr']; $access = access::getInstance(); if ($access->permitted('wr/view', $request_id)) { $result = db_query('SELECT user_no FROM request_interested WHERE request_id = %d', $request_id); if (db_num_rows($result) >= 1) { $users = array(); while ($row = db_fetch_object($result)) { $users[] = new user($row->user_no); } $response = new response('Success'); $response->set('users', $users); } return $response; } else { return new error('Access denied', '403'); } }
/** * Performs the fetch list action * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * - $params->user: User ID making the request * @return * An array of status changes ordered from most recent to oldest * An empty array if permission is denied */ function run($params) { $return = array(); $access = access::getInstance(); $request_id = $params['GET']['wr']; if ($access->permitted('wr/view', $request_id)) { $result = db_query('SELECT * FROM request_status WHERE request_id = %d ORDER BY status_on DESC', $request_id); $response = new response('Success'); if (db_num_rows($result) > 0) { while ($row = db_fetch_object($result)) { $obj = new WrmsStatus(); $obj->populate($row); $return[] = $obj; } } $response->set('history', $return); return $response; } else { return new error('Access denied', 403); } }
/** * Performs the fetch of allocated users * * @param $params * Associative array of parameters * - $params->wr: Work Request ID * @return * An array of users on success * An error reponses */ function run($params) { if ($params['GET']['wr'] == null) { error_logging('WARNING', "No work request number (wr) provided."); return new error('No work request number (wr) provided.'); } $request_id = $params['GET']['wr']; $access = access::getInstance(); if ($access->permitted('wr/view', $request_id)) { $result = db_query('SELECT allocated_to_id FROM request_allocated WHERE request_id = %d', $request_id); $users = array(); $response = new response('Success'); while ($row = db_fetch_object($result)) { $users[] = new user($row->allocated_to_id); } $response->set('allocated', $users); return $response; } else { return new error('Access denied', '403'); } }
} else { if ($func_args[$i]->isOptional() || $func_args[$i]->isDefaultValueAvailable()) { continue; } else { //echo "check_method_params 2:$arg_name\n"; return null; } } } return $ret; } /*check the ticket*/ $ticket = isset($_COOKIE["ticket"]) ? $_COOKIE["ticket"] : null; $resobj = new response(); if ($ticket && !auth::check_ticket($ticket)) { $resobj->set(array('code' => 403, 'body' => "ticket invalid!")); goto RES_CLIENT; } /*extract a clean and standard path like /rest/xxx/xxx/xxx*/ function filter_path() { $path = preg_replace('/\\|\\\\|\\/\\//', '/', $_SERVER["REQUEST_URI"]); $path = preg_replace('/\\?[^\\/]*$/', '', $path); $path = preg_replace('/\\/$/', '', $path); return $path; } /*find the api handler method*/ $handler = find_handler(filter_path()); if ($handler) { $params = check_method_params($handler['method'], extract_params()); if (!$params && !is_array($params)) {