public function login($f3, $args)
{
self::check_configuration();
$params = json_decode($f3->get('BODY'));
if ($params->username && $params->password) {
$login = new DB\Jig\Mapper($this->db, 'users.json');
$temp = $login->find(array('(isset(@userName) && @userName == ?)', $params->username));
if ($temp) {
$first = __::first($temp);
if (password_verify($params->password, $first['password'])) {
$date = new DateTime();
$date->add(new DateInterval('PT' . F3::get('custom.TTL') . 'H'));
$out = array('username' => $first['userName'], 'userid' => $first['_id'], 'ttl' => $date->format('Y-m-d H:i:s'), 'roles' => self::get_roles($first['_id']));
$jwt = JWT::encode($out, F3::get('custom.SUPER-KEY'));
echo json_encode(array('token' => $jwt, 'data' => array('firstName' => $first['firstName'], 'lastName' => $first['lastName'], 'userName' => $first['userName'])));
} else {
self::wrong_login();
}
} else {
self::wrong_login();
}
} else {
self::wrong_login();
}
}
public function check_permissions($operation, $table, $token)
{
$basic_tables = array('forms', 'dictionaries', 'users', 'roles', 'permissions');
//TODO: tablas basicas -> roles, users, etc --- forms siempre lo puede leer
$error_message = 'Operation not permited by permissions';
if (in_array($table, array('forms', 'permissions', 'dictionaries')) && $operation == 'R') {
// anyone can read the 'forms','permissions','dictionaries'
return true;
} else {
if (in_array($table, $basic_tables)) {
// echo "uname ".$token->username;
if ($token->username == 'admin') {
// only the admin can do any operation on the admin tables, TODO: other admin users
return true;
} else {
self::show_error($error_message, 403);
}
} else {
$forms = new DB\Jig\Mapper($this->db, 'forms.json');
$forms_list = $forms->find(array('(isset(@uniqId) && @uniqId == ?)', $table));
$form_id = $forms_list[0]['_id'];
if ($form_id) {
$permissions_table = new DB\Jig\Mapper($this->db, 'permissions.json');
$permissions = $permissions_table->find();
$first_row = __::first($permissions);
$matrix = json_decode($first_row['matrix']);
if (count($matrix)) {
foreach ($matrix as $v1) {
foreach ($v1 as $v2) {
foreach ($v2 as $v3) {
if ($v3->s && $v3->o == $operation && in_array($v3->r, $token->roles) && $v3->f == $form_id) {
$valid = true;
}
}
}
}
} else {
self::show_error($error_message, 403);
}
if (!$valid) {
self::show_error($error_message, 403);
}
} else {
// TODO: Table not found
// self::show_error('Table not found',404);
}
}
}
}
function _first($array, $n = 1, $guard = false)
{
return Underscore::first($array, $n, $guard);
}
public function get_page($f3, $args)
{
$filter = json_decode(explode('=', $args[0])[1], true);
// json -> array
if ($filter['table']) {
if ($filter['where']['uniqId']) {
Common::check_permissions('R', $filter['where']['uniqId'], $this->token);
} else {
Common::check_permissions('R', $filter['table'], $this->token);
}
if (!$filter['where']) {
$filter['where'] = array('_id' => $args['id']);
} else {
$filter['where']['_id'] = $args['id'];
}
$table = new \DB\Jig\Mapper($this->db, $filter['table'] . '.json');
echo json_encode(__::first(self::query_builder($filter, $table)));
} else {
Common::show_error('Table name required', 500);
}
}
public function __construct($method, $url)
{
if (!count(self::$directories)) {
throw new \Exception('No controller directories have been registered! (Use Controller::registerDirectory(...))');
}
$this->method = strtoupper($method);
$url = parse_url($url);
$this->scheme = !empty($url['scheme']) ? $url['scheme'] : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https' : 'http');
$this->host = !empty($url['host']) ? $url['host'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '');
$this->port = !empty($url['port']) ? $url['port'] : (isset($_SERVER['HTTP_PORT']) ? $_SERVER['HTTP_PORT'] : '');
$this->path = !empty($url['path']) ? trim($url['path'], '/') : '';
$this->query = !empty($url['query']) ? $url['query'] : '';
$sep = DIRECTORY_SEPARATOR;
$this->segments = Controller::cleanPath($this->path);
$max = null;
foreach (self::$directories as $dir) {
$info = ['dir' => $dir, 'args' => [], 'file' => $this->segments, 'extension' => ''];
if ($dir['prefix']) {
$prefix = Controller::cleanPath($dir['prefix']);
if ($prefix == (array) _::first($this->segments, count($prefix))) {
$info['file'] = (array) _::rest($this->segments, count($prefix));
}
}
if ($dir['extensions']) {
if ($dir['extensions'] && count($info['file']) > 0) {
$lastIndex = count($info['file']) - 1;
$fileParts = explode('.', $info['file'][$lastIndex], 2);
if (count($fileParts) == 2) {
if (is_string($dir['extensions'])) {
$dir['extensions'] = [$dir['extensions']];
}
if (!is_array($dir['extensions']) || is_array($dir['extensions']) && count(array_filter($dir['extensions'], function ($prefix) {
return strpos($this->path, $prefix . '/') === 0 || strpos($this->path, $prefix . '.') === 0 || trim($prefix, '/') === $this->path;
}))) {
$info['extension'] = $fileParts[1];
$info['file'][$lastIndex] = $fileParts[0];
}
}
}
}
do {
$file = implode($sep, $info['file']);
if (is_file("{$info['dir']['path']}{$sep}{$file}{$sep}_default.php") && ($info['file'][] = '_default')) {
break;
}
if (is_file("{$info['dir']['path']}{$sep}{$file}.php")) {
break;
}
array_unshift($info['args'], $slug = array_pop($info['file']));
} while ($slug);
if (!$max || count(_::reject($info['file'], function ($f) {
return $f == '_default';
})) > count(_::reject($max['file'], function ($f) {
return $f == '_default';
}))) {
$max = $info;
}
}
if (!$max || !$max['file']) {
throw new \Exception('Invalid controller path. Maybe you don\'t have a _default.php file.');
}
$this->dir = $max['dir'];
$this->args = $max['args'];
$this->file = $max['file'];
$this->extension = $max['extension'];
$this->responseHeaders = new HttpHeaders();
}
/**
* @dataProvider peopleDataProvider
* @tags arrays
*/
public function testFirst($people, $type, $meta)
{
// it should return the first list item
$this->variable(_::first($people))->isEqualTo(_::get($people, 'jnicholson'));
// it should return the first N list items
$this->array(_::first($people, 3))->isEqualTo([_::get($people, 'jnicholson'), _::get($people, 'mfreeman'), _::get($people, 'ldicaprio')]);
// it should always return an array when guard is true
$this->array(_::first($people, 1, true))->isEqualTo([_::get($people, 'jnicholson')]);
// it should throw an exception if the number of items to retrieve is invalid
$this->exception(function () use($people) {
_::first($people, -1);
})->isInstanceOf('\\UnexpectedValueException');
// it should return null if provided an empty list
$this->variable(_::first([]))->isNull();
}