/**
* Returns some basic info about the current user.
*
* @param $params - ignored, filled for API concurrency.
* @return response array with username, id, fullname
*
*/
function run($params)
{
if (currentuser::getInstance() != null) {
$response = new response('Success');
$user = currentuser::getInstance();
$response->set('name', $user->fullname);
$response->set('user', $user->getUsername());
$response->set('id', $user->getID());
return $response;
} else {
return new error('Access denied', 403);
}
}
/**
* Calls all the methods necessary to do a login
*
* @param $params
* Array of parameters
* - $params['POST']['username']: The username of the user POSTed to the page
* - $params['POST']['password']: The password of the user POSTed to the page
* @return
* A response object with a session ID on success, an error object on failure to login
*/
public function do_login($params)
{
/*
* Assumes we've already checked for an existing session - which we do in index
* Will hand out as many sessions for a valid login as the user wants
* If we had malicious users they could use this to flood memcache and force other users sessions to expire
*/
$username = $params['POST']['username'];
# Don't allow logins via GET!
$password = $params['POST']['password'];
# Don't allow logins via GET!
/*
* Make sure we were called properly
*/
if (is_null($username) || empty($username)) {
return new error('No username supplied', 403);
}
if (is_null($password) || empty($password)) {
return new error('No password supplied', 403);
}
if (login::valid_credentials($username, $password, $user_id, $response)) {
// Make a session and all that lovely stuff
// If we successfully put out session into memcache
if (login::create_session($user_id, &$response)) {
currentuser::set(new user($user_id));
$resp = new response('Login success');
$resp->set('session_id', $response);
$resp->set('user_id', $user_id);
return $resp;
} else {
return new error($response, 500);
}
} else {
return new error($response, 403);
}
}
/**
* Performs the fetch of the current status
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->user: User ID making the request
* @return
* A character corresponding to the current status on success
* FALSE is permission denied
* NULL if no work request
*/
function run($params)
{
$request_id = $params['GET']['wr'];
$access = access::getInstance();
if ($access->permitted('wr/view', $request_id)) {
$result = db_query('SELECT * FROM request_status WHERE request_id = %d ORDER BY status_on DESC LIMIT 1', $request_id);
if (db_num_rows($result) > 0) {
$response = new response('Success');
$object = new WrmsStatus();
$object->populate(db_fetch_object($result));
$response->set('status', $object);
return $response;
}
return new error('No status records found for that Work Request. Please ensure the WR exists.', 400);
} else {
return new error('Access denied', 403);
}
}
/**
* Performs the fetch of the timesheets by work request
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->user: User ID making the request
* - $params->start_date: Start date to search by
* - $params->end_date: End date to search by
* Start_date and End_date are inclusive, results will be returned for those days as well.
* If one date is ommited a result set its returned for the one day specified by the other date
* @return
* An array of timesheets or an empty array if no results
*/
function run($params)
{
$access = access::getInstance();
$from = $params['GET']['start_date'];
$to = $params['GET']['end_date'];
$request_id = $params['GET']['wr'];
if ($access->permitted('wr/timesheet/view', $request_id)) {
$sql = 'SELECT * FROM request_timesheet WHERE request_id = %d ';
/*
* There may be a better way to do this, but it seems like a sensible validation and or injection stopper - any invalid date will be 1970-01-01
*/
if ($from) {
$from = date('Y-m-d', strtotime($from));
if ($from == "1970-01-01") {
return new error('Invalid date format in start date. Required format: yyyy-mm-dd');
} else {
$sql .= "AND work_on >= '{$from}' ";
}
}
if ($to) {
$to = date('Y-m-d', strtotime($to));
if ($to == "1970-01-01") {
return new error('Invalid date format in end date. Required format: yyyy-mm-dd');
} else {
$sql .= "AND work_on <= '{$to}' ";
}
}
$sql .= 'ORDER BY timesheet_id DESC';
$result = db_query($sql, $request_id);
$response = new response('Success');
$return = array();
if (db_num_rows($result) > 0) {
while ($row = db_fetch_object($result)) {
$obj = new WrmsTimeSheet();
$obj->populate($row);
$return[] = $obj;
}
}
$response->set('timesheetentries', $return);
return $response;
} else {
return new error('Access denied', 403);
}
}
/**
* Performs the fetch of attached notes
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->user: User ID making the request
* @return
* An array of notes on success
* An empty array on failure
*/
function run($params)
{
$request_id = $params['GET']['wr'];
$access = access::getInstance();
if ($access->permitted('wr/view', $request_id)) {
$result = db_query('SELECT * FROM request_note WHERE request_id = %d ORDER BY note_on', $request_id);
$response = new response('Success');
$notes = array();
while ($row = db_fetch_object($result)) {
$note = new WrmsRequestNote();
$note->populateNow($row);
$notes[] = $note;
}
$response->set('notes', $notes);
return $response;
} else {
return new error('Access denied', '403');
}
}
/**
* Performs the fetch of the subscribed users
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->user: User ID making the request
* @return
* An array of users on success
* Empty array of failure
*/
function run($params)
{
$request_id = $params['GET']['wr'];
$access = access::getInstance();
if ($access->permitted('wr/view', $request_id)) {
$result = db_query('SELECT user_no FROM request_interested WHERE request_id = %d', $request_id);
if (db_num_rows($result) >= 1) {
$users = array();
while ($row = db_fetch_object($result)) {
$users[] = new user($row->user_no);
}
$response = new response('Success');
$response->set('users', $users);
}
return $response;
} else {
return new error('Access denied', '403');
}
}
/**
* Performs the fetch list action
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->user: User ID making the request
* @return
* An array of status changes ordered from most recent to oldest
* An empty array if permission is denied
*/
function run($params)
{
$return = array();
$access = access::getInstance();
$request_id = $params['GET']['wr'];
if ($access->permitted('wr/view', $request_id)) {
$result = db_query('SELECT * FROM request_status WHERE request_id = %d ORDER BY status_on DESC', $request_id);
$response = new response('Success');
if (db_num_rows($result) > 0) {
while ($row = db_fetch_object($result)) {
$obj = new WrmsStatus();
$obj->populate($row);
$return[] = $obj;
}
}
$response->set('history', $return);
return $response;
} else {
return new error('Access denied', 403);
}
}
/**
* Performs the fetch of allocated users
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* @return
* An array of users on success
* An error reponses
*/
function run($params)
{
if ($params['GET']['wr'] == null) {
error_logging('WARNING', "No work request number (wr) provided.");
return new error('No work request number (wr) provided.');
}
$request_id = $params['GET']['wr'];
$access = access::getInstance();
if ($access->permitted('wr/view', $request_id)) {
$result = db_query('SELECT allocated_to_id FROM request_allocated WHERE request_id = %d', $request_id);
$users = array();
$response = new response('Success');
while ($row = db_fetch_object($result)) {
$users[] = new user($row->allocated_to_id);
}
$response->set('allocated', $users);
return $response;
} else {
return new error('Access denied', '403');
}
}
} else {
if ($func_args[$i]->isOptional() || $func_args[$i]->isDefaultValueAvailable()) {
continue;
} else {
//echo "check_method_params 2:$arg_name\n";
return null;
}
}
}
return $ret;
}
/*check the ticket*/
$ticket = isset($_COOKIE["ticket"]) ? $_COOKIE["ticket"] : null;
$resobj = new response();
if ($ticket && !auth::check_ticket($ticket)) {
$resobj->set(array('code' => 403, 'body' => "ticket invalid!"));
goto RES_CLIENT;
}
/*extract a clean and standard path like /rest/xxx/xxx/xxx*/
function filter_path()
{
$path = preg_replace('/\\|\\\\|\\/\\//', '/', $_SERVER["REQUEST_URI"]);
$path = preg_replace('/\\?[^\\/]*$/', '', $path);
$path = preg_replace('/\\/$/', '', $path);
return $path;
}
/*find the api handler method*/
$handler = find_handler(filter_path());
if ($handler) {
$params = check_method_params($handler['method'], extract_params());
if (!$params && !is_array($params)) {
