public function deleteTrack($request, $db) { // Check for login if (!isset($request->user_id)) { throw new Exception("You must be logged in to delete this track", 401); } $track_id = $this->getItemId($request); $track_mapper = new TrackMapper($db, $request); $tracks = $track_mapper->getTrackById($track_id, true); if (!$tracks) { throw new Exception("Track not found", 404); } $event_mapper = new EventMapper($db, $request); $events = $event_mapper->getEventByTrackId($track_id, true, false, false); if (!$events || !$events[0]['ID']) { throw new Exception("Associated event not found", 404); } $event_id = $events[0]['ID']; if (!$event_mapper->thisUserHasAdminOn($event_id)) { throw new Exception('You do not have permission to delete this track', 403); } $track_mapper->deleteEventTrack($track_id); header("Content-Length: 0", null, 204); exit; }
public function postAction($request, $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } if (isset($request->url_elements[4])) { switch ($request->url_elements[4]) { case 'talks': $talk['event_id'] = $this->getItemId($request); if (empty($talk['event_id'])) { throw new Exception("POST expects a talk representation sent to a specific event URL", 400); } $event_mapper = new EventMapper($db, $request); $is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']); if (!$is_admin) { throw new Exception("You do not have permission to add talks to this event", 400); } $talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING); if (empty($talk['title'])) { throw new Exception("The talk title field is required", 400); } $talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING); if (empty($talk['description'])) { throw new Exception("The talk description field is required", 400); } $talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING); if (empty($talk['language'])) { // default to UK English $talk['language'] = 'English - UK'; } $talk['date'] = new DateTime($request->getParameter('start_date')); $speakers = $request->getParameter('speakers'); if (is_array($speakers)) { foreach ($speakers as $speaker) { $talk['speakers'][] = filter_var($speaker, FILTER_SANITIZE_STRING); } } $talk_mapper = new TalkMapper($db, $request); $new_id = $talk_mapper->save($talk); header("Location: " . $request->base . $request->path_info . '/' . $new_id, NULL, 201); $new_talk = $talk_mapper->getTalkById($new_id); return $new_talk; default: throw new Exception("Operation not supported, sorry", 404); } } else { throw new Exception("Operation not supported, sorry", 404); } }
public function getReported($request, $db) { $event_id = $this->getItemId($request); if (empty($event_id)) { throw new UnexpectedValueException("Event not found", 404); } $event_mapper = new EventMapper($db, $request); $comment_mapper = new TalkCommentMapper($db, $request); if (!isset($request->user_id) || empty($request->user_id)) { throw new Exception("You must log in to do that", 401); } if ($event_mapper->thisUserHasAdminOn($event_id)) { $list = $comment_mapper->getReportedCommentsByEventId($event_id); return $list->getOutputView($request); } else { throw new Exception("You don't have permission to do that", 403); } }
public function putAction($request, $db) { if (!isset($request->user_id)) { throw new Exception('You must be logged in to edit data', 400); } $event_id = $this->getItemId($request); if (!isset($request->url_elements[4])) { // Edit an Event $event_mapper = new EventMapper($db, $request); $existing_event = $event_mapper->getEventById($event_id, true); if (!$existing_event) { throw new Exception(sprintf('There is no event with ID "%s"', $event_id)); } if (!$event_mapper->thisUserHasAdminOn($event_id)) { throw new Exception('You are not an host for this event', 403); } // initialise a new set of fields to save $event = array("event_id" => $event_id); $errors = array(); $event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING); if (empty($event['name'])) { $errors[] = "'name' is a required field"; } $event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING); if (empty($event['description'])) { $errors[] = "'description' is a required field"; } $event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING); if (empty($event['location'])) { $errors[] = "'location' is a required field (for virtual events, 'online' works)"; } $start_date = strtotime($request->getParameter("start_date")); $end_date = strtotime($request->getParameter("end_date")); if (!$start_date || !$end_date) { $errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format"; } else { // if the dates are okay, sort out timezones $event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING); $event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING); try { // make the timezone, and read in times with respect to that $tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']); $start_date = new DateTime($request->getParameter("start_date"), $tz); $end_date = new DateTime($request->getParameter("end_date"), $tz); $event['start_date'] = $start_date->format('U'); $event['end_date'] = $end_date->format('U'); } catch (Exception $e) { // the time zone isn't right $errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid " . "(e.g. Europe and London)"; } } // How does it look? With no errors, we can proceed if ($errors) { throw new Exception(implode(". ", $errors), 400); } // optional fields - only check if we have no errors as we may need $tz // also only update supplied fields - but DO allow saving empty ones $href = $request->getParameter("href", false); // returns false if the value was not supplied if (false !== $href) { // we got a value, filter and save it $event['href'] = filter_var($href, FILTER_VALIDATE_URL); } $cfp_url = $request->getParameter("cfp_url", false); if (false !== $cfp_url) { // we got a value, filter and save it $event['cfp_url'] = filter_var($cfp_url, FILTER_VALIDATE_URL); } $cfp_start_date = $request->getParameter("cfp_start_date", false); if (false !== $cfp_start_date && strtotime($cfp_start_date)) { $cfp_start_date = new DateTime($cfp_start_date, $tz); $event['cfp_start_date'] = $cfp_start_date->format('U'); } $cfp_end_date = $request->getParameter("cfp_end_date", false); if (false !== $cfp_end_date && strtotime($cfp_end_date)) { $cfp_end_date = new DateTime($cfp_end_date, $tz); $event['cfp_end_date'] = $cfp_end_date->format('U'); } $latitude = $request->getParameter("latitude", false); if (false !== $latitude) { $latitude = filter_var($latitude, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); if ($latitude) { $event['latitude'] = $latitude; } } $longitude = $request->getParameter("longitude", false); if (false !== $longitude) { $longitude = filter_var($longitude, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); $event['longitude'] = $longitude; } $incoming_tag_list = $request->getParameter('tags'); if (is_array($incoming_tag_list)) { $tags = array_map(function ($tag) { $tag = filter_var($tag, FILTER_SANITIZE_STRING); $tag = trim($tag); $tag = strtolower($tag); return $tag; }, $incoming_tag_list); } $event_mapper->editEvent($event, $event_id); if (isset($tags)) { $event_mapper->setTags($event_id, $tags); } header("Location: " . $request->base . $request->path_info, null, 204); exit; } }
/** * Create a talk * * This method creates a new talk after being called via the URL * "/events/[eventId]/talks" * * @param Request $request * @param PDO $db * * @throws Exception * @return array|bool */ public function createTalkAction(Request $request, PDO $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } $talk['event_id'] = $this->getItemId($request); if (empty($talk['event_id'])) { throw new Exception("POST expects a talk representation sent to a specific event URL", 400); } $event_mapper = new EventMapper($db, $request); $talk_mapper = new TalkMapper($db, $request); $talk_type_mapper = new TalkTypeMapper($db, $request); $is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']); if (!$is_admin) { throw new Exception("You do not have permission to add talks to this event", 400); } // get the event so we can get the timezone info $list = $event_mapper->getEventById($talk['event_id'], true); if (count($list['events']) == 0) { throw new Exception('Event not found', 404); } $event = $list['events'][0]; $talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING); if (empty($talk['title'])) { throw new Exception("The talk title field is required", 400); } $talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING); if (empty($talk['description'])) { throw new Exception("The talk description field is required", 400); } $talk['type'] = filter_var($request->getParameter('type', 'Talk'), FILTER_SANITIZE_STRING); $talk_types = $talk_type_mapper->getTalkTypesLookupList(); if (!array_key_exists($talk['type'], $talk_types)) { throw new Exception("The type '{$talk['type']}' is unknown", 400); } $talk['type_id'] = $talk_types[$talk['type']]; $start_date = filter_var($request->getParameter('start_date'), FILTER_SANITIZE_STRING); if (empty($start_date)) { throw new Exception("Please give the date and time of the talk", 400); } $tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']); $talk['date'] = (new DateTime($start_date, $tz))->format('U'); $talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING); if (empty($talk['language'])) { // default to UK English $talk['language'] = 'English - UK'; } // When the language doesn't exist, the talk will not be found $language_mapper = new LanguageMapper($db, $request); if (!$language_mapper->isLanguageValid($talk['language'])) { throw new Exception("The language '{$talk['type']}' is unknown", 400); } $talk['duration'] = filter_var($request->getParameter('duration'), FILTER_SANITIZE_NUMBER_INT); if (empty($talk['duration'])) { $talk['duration'] = 60; } $talk['slides_link'] = filter_var($request->getParameter('slides_link'), FILTER_SANITIZE_URL); $talk['speakers'] = array_map(function ($speaker) { $speaker = filter_var($speaker, FILTER_SANITIZE_STRING); $speaker = trim($speaker); return $speaker; }, (array) $request->getParameter('speakers')); $new_id = $talk_mapper->createTalk($talk); // Update the cache count for the number of talks at this event $event_mapper->cacheTalkCount($talk['event_id']); $uri = $request->base . '/' . $request->version . '/talks/' . $new_id; header("Location: " . $uri, true, 201); $new_talk = $talk_mapper->getTalkById($new_id); return $new_talk; }
/** * Create track * * @param Request $request * @param PDO $db * * @return void */ public function createTrack($request, $db) { // Check for login if (!isset($request->user_id)) { throw new Exception("You must be logged in to create a track", 401); } $track = array(); $event_id = $this->getItemId($request); $track['event_id'] = $event_id; if (empty($track['event_id'])) { throw new Exception("POST expects a track representation sent to a specific event URL", 400); } $event_mapper = new EventMapper($db, $request); $events = $event_mapper->getEventById($event_id, true); if (!$events || $events['meta']['count'] == 0) { throw new Exception("Associated event not found", 404); } if (!$event_mapper->thisUserHasAdminOn($event_id)) { throw new Exception('You do not have permission to edit this track', 403); } // validate fields $errors = []; $track['track_name'] = filter_var($request->getParameter("track_name"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); if (empty($track['track_name'])) { $errors[] = "'track_name' is a required field"; } $track['track_description'] = filter_var($request->getParameter("track_description"), FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); if (empty($track['track_description'])) { $errors[] = "'track_description' is a required field"; } if ($errors) { throw new Exception(implode(". ", $errors), 400); } $track_mapper = new TrackMapper($db, $request); $track_id = $track_mapper->createEventTrack($track, $event_id); $uri = $request->base . '/' . $request->version . '/tracks/' . $track_id; header("Location: " . $uri, null, 201); exit; }
/** * Create a talk * * This method creates a new talk after being called via the URL * "/events/[eventId]/talks" * * @param Request $request * @param PDO $db * * @throws Exception * @return void */ public function createTalkAction(Request $request, PDO $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 401); } $event_id = $this->getItemId($request); if (empty($event_id)) { throw new Exception("POST expects a talk representation sent to a specific event URL", 400); } $event_mapper = new EventMapper($db, $request); $talk_mapper = new TalkMapper($db, $request); $is_admin = $event_mapper->thisUserHasAdminOn($event_id); if (!$is_admin) { throw new Exception("You do not have permission to add talks to this event", 400); } // retrieve the talk data from the request $talk = $this->getTalkDataFromRequest($db, $request, $event_id); $talk['event_id'] = $event_id; // create the talk $new_id = $talk_mapper->createTalk($talk); // Update the cache count for the number of talks at this event $event_mapper->cacheTalkCount($event_id); $uri = $request->base . '/' . $request->version . '/talks/' . $new_id; header("Location: " . $uri, true, 201); $new_talk = $this->getTalkById($db, $request, $new_id); $collection = new TalkModelCollection([$new_talk], 1); $list = $collection->getOutputView($request); return $list; }
/** * Moderate a reported comment. * * This action is performed by a user that has administrative rights to the * event that this comment is for. The user provides a decision on the * report. That is, the user can approve the report which means that the * comment remains hidden from view or the user can deny the report which * means that the comment is viewable again. * * @param Request $request the request * @param PDO $db the database adapter */ public function moderateReportedComment($request, $db) { // must be logged in if (!isset($request->user_id) || empty($request->user_id)) { throw new Exception('You must log in to moderate a comment', 401); } $comment_mapper = new EventCommentMapper($db, $request); $commentId = $this->getItemId($request); $commentInfo = $comment_mapper->getCommentInfo($commentId); if (false === $commentInfo) { throw new Exception('Comment not found', 404); } $event_mapper = new EventMapper($db, $request); $event_id = $commentInfo['event_id']; if (false == $event_mapper->thisUserHasAdminOn($event_id)) { throw new Exception("You don't have permission to do that", 403); } $decision = $request->getParameter('decision'); if (!in_array($decision, ['approved', 'denied'])) { throw new Exception('Unexpected decision', 400); } $comment_mapper->moderateReportedComment($decision, $commentId, $request->user_id); $uri = $request->base . '/' . $request->version . '/events/' . $event_id . "/comments"; header("Location: {$uri}", true, 204); exit; }
/** * Create a talk * * @param Request $request * @param PDO $db * * @throws Exception * @return array|bool */ public function createTalkAction(Request $request, PDO $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } $talk['event_id'] = $this->getItemId($request); if (empty($talk['event_id'])) { throw new Exception("POST expects a talk representation sent to a specific event URL", 400); } $event_mapper = new EventMapper($db, $request); $is_admin = $event_mapper->thisUserHasAdminOn($talk['event_id']); if (!$is_admin) { throw new Exception("You do not have permission to add talks to this event", 400); } // get the event so we can get the timezone info $list = $event_mapper->getEventById($talk['event_id'], true); if (count($list['events']) == 0) { throw new Exception('Event not found', 404); } $event = $list['events'][0]; $talk['title'] = filter_var($request->getParameter('talk_title'), FILTER_SANITIZE_STRING); if (empty($talk['title'])) { throw new Exception("The talk title field is required", 400); } $talk['description'] = filter_var($request->getParameter('talk_description'), FILTER_SANITIZE_STRING); if (empty($talk['description'])) { throw new Exception("The talk description field is required", 400); } $talk_types = array("Talk", "Social event", "Keynote", "Workshop", "Event related"); if ($request->getParameter("talk_type") && in_array($request->getParameter("talk_type"), $talk_types)) { $talk['talk_type'] = $request->getParameter("talk_type"); } else { $talk['talk_type'] = "Talk"; } $talk['language'] = filter_var($request->getParameter('language'), FILTER_SANITIZE_STRING); if (empty($talk['language'])) { // default to UK English $talk['language'] = 'English - UK'; } $start_date = $request->getParameter('start_date'); if (empty($start_date)) { throw new Exception("Please give the date and time of the talk", 400); } $tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']); $start_date = new DateTime($request->getParameter("start_date"), $tz); $talk['date'] = $start_date->format('U'); $speakers = $request->getParameter('speakers'); if (is_array($speakers)) { foreach ($speakers as $speaker) { $talk['speakers'][] = filter_var($speaker, FILTER_SANITIZE_STRING); } } $talk_mapper = new TalkMapper($db, $request); $new_id = $talk_mapper->save($talk); // Update the cache count for the number of talks at this event $event_mapper->cacheTalkCount($talk['event_id']); header("Location: " . $request->base . $request->path_info . '/' . $new_id, null, 201); $new_talk = $talk_mapper->getTalkById($new_id); return $new_talk; }
public function createImage($request, $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 401); } $event_id = $this->getItemId($request); $event_mapper = new EventMapper($db, $request); // ensure event exists $existing_event = $event_mapper->getEventById($event_id, false, true); if ($existing_event['meta']['count'] == 0) { throw new Exception('There is no event with ID ' . $event_id); } if (!$event_mapper->thisUserHasAdminOn($event_id)) { throw new Exception("You don't have permission to do that", 403); } if (!isset($_FILES['image'])) { throw new Exception("Image was not supplied", 400); } if ($_FILES['image']['error'] != 0) { throw new Exception("Image upload failed (Code: " . $FILES['image']['error'] . ")", 400); } // check the file meets our expectations $uploaded_name = $_FILES['image']['tmp_name']; list($width, $height, $filetype) = getimagesize($uploaded_name); // must be gif, jpg or png if (!in_array($filetype, [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG], true)) { throw new Exception("Supplied image must be a PNG, JPG or GIF", 400); } // must be square if ($width != $height) { throw new Exception("Supplied image must be square", 400); } // 140px min, 1440px max if ($width < 140) { throw new Exception("Supplied image must be at least 140px square", 400); } if ($width > 1440) { throw new Exception("Supplied image must be no more than 1440px square", 400); } // save the file - overwrite current one if there is one $extensions[IMAGETYPE_GIF] = '.gif'; $extensions[IMAGETYPE_JPEG] = '.jpg'; $extensions[IMAGETYPE_PNG] = '.png'; $saved_filename = 'icon-' . $event_id . '-orig' . $extensions[$filetype]; $event_image_path = $request->getConfigValue('event_image_path'); $result = move_uploaded_file($uploaded_name, $event_image_path . $saved_filename); if (false === $result) { throw new Exception("The file could not be saved"); } // remove old images from database table and record that we saved the file (this is the orig size) $event_mapper->removeImages($event_id); $event_mapper->saveNewImage($event_id, $saved_filename, $width, $height, "orig"); // small is 140px square $orig_image = imagecreatefromstring(file_get_contents($event_image_path . $saved_filename)); imagealphablending($orig_image, false); imagesavealpha($orig_image, true); $small_width = 140; $small_height = 140; $small_image = imagecreatetruecolor($small_width, $small_height); imagealphablending($small_image, false); imagesavealpha($small_image, true); imagecopyresampled($small_image, $orig_image, 0, 0, 0, 0, $small_width, $small_height, $width, $height); $small_filename = str_replace('orig', 'small', $saved_filename); if ($filetype == IMG_JPG) { imagejpeg($small_image, $event_image_path . $small_filename); } elseif ($filetype == IMG_GIF) { imagegif($small_image, $event_image_path . $small_filename); } else { imagepng($small_image, $event_image_path . $small_filename); } $event_mapper->saveNewImage($event_id, $small_filename, $small_width, $small_height, "small"); $location = $request->base . '/' . $request->version . '/events/' . $event_id; header('Location: ' . $location, null, 201); }