/** * handler for JSON api requests * * @return JSON */ public function handle() { try { // init server and request first $server = new Zend_Json_Server(); $server->setClass('Setup_Frontend_Json', 'Setup'); $server->setClass('Tinebase_Frontend_Json', 'Tinebase'); $server->setAutoHandleExceptions(false); $server->setAutoEmitResponse(false); $request = new Zend_Json_Server_Request_Http(); Setup_Core::initFramework(); $method = $request->getMethod(); $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : ''; Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method); $anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale'); if (!Setup_Core::configFileExists()) { $anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck')); } // check json key for all methods but some exceptoins if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) { if (!Setup_Core::isRegistered(Setup_Core::USER)) { Setup_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)'); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } else { Setup_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true)); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } } $response = $server->handle($request); } catch (Exception $exception) { $response = $this->_handleException($server, $request, $exception); } echo $response; }
/** * create shared tag * * @return Tinebase_Model_Tag */ protected function _createSharedTag() { $sharedTag = new Tinebase_Model_Tag(array('type' => Tinebase_Model_Tag::TYPE_SHARED, 'name' => 'tag::shared', 'description' => 'this is a shared tag', 'color' => '#009B31')); $savedSharedTag = $this->_instance->createTag($sharedTag); $right = new Tinebase_Model_TagRight(array('tag_id' => $savedSharedTag->getId(), 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER, 'account_id' => Setup_Core::getUser()->getId(), 'view_right' => true, 'use_right' => true)); $this->_instance->setRights($right); $this->_tagIdsToDelete[] = $savedSharedTag->getId(); $this->assertEquals($sharedTag->name, $savedSharedTag->name); return $savedSharedTag; }
/** * test get users with pref function * */ public function testGetUsersWithPref() { $this->_instance->{Tinebase_Preference::TIMEZONE} = 'Europe/Nicosia'; $userIds = $this->_instance->getUsersWithPref(Tinebase_Preference::TIMEZONE, 'Europe/Berlin'); $this->assertTrue(!in_array(Setup_Core::getUser()->getId(), $userIds), 'admin user should have other timezone setting'); $this->assertGreaterThan(4, count($userIds), 'too few users found'); $this->_instance->{Tinebase_Preference::TIMEZONE} = 'Europe/Berlin'; }
/** * Returns registry data of setup * . * @see Tinebase_Application_Json_Abstract * * @return mixed array 'variable name' => 'data' * * @todo add 'titlePostfix' => Tinebase_Config::getInstance()->getConfig(Tinebase_Config::PAGETITLEPOSTFIX, NULL, '')->value here? */ public function getRegistryData() { // anonymous registry $registryData = array('configExists' => Setup_Core::configFileExists(), 'version' => array('buildType' => TINE20_BUILDTYPE, 'codeName' => TINE20SETUP_CODENAME, 'packageString' => TINE20SETUP_PACKAGESTRING, 'releaseTime' => TINE20SETUP_RELEASETIME), 'authenticationData' => $this->loadAuthenticationData()); // authenticated or non existent config if (!Setup_Core::configFileExists() || Setup_Core::isRegistered(Setup_Core::USER)) { $registryData = array_merge($registryData, $this->checkConfig()); $registryData = array_merge($registryData, array('acceptedTermsVersion' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? Setup_Controller::getInstance()->getAcceptedTerms() : 0, 'setupChecks' => $this->envCheck(), 'configData' => $this->loadConfig(), 'emailData' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? $this->getEmailConfig() : array(), 'messengerData' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? $this->getMessengerConfig() : array())); } // if setup user is logged in if (Setup_Core::isRegistered(Setup_Core::USER)) { $registryData += array('currentAccount' => Setup_Core::getUser()); } return $registryData; }