public function postProcess()
{
/* PrestaShop demo mode */
if (_PS_MODE_DEMO_) {
$this->_errors[] = Tools::displayError('This functionnality has been disabled.');
return;
}
/* PrestaShop demo mode*/
if (Tools::getValue('key') && strlen(Tools::getValue('key')) < 32) {
$this->_errors[] = Tools::displayError($this->l('Key length must be 32 character long'));
}
if (WebserviceKey::keyExists(Tools::getValue('key')) && !Tools::getValue('id_webservice_account')) {
$this->_errors[] = Tools::displayError($this->l('Key already exists'));
}
return parent::postProcess();
}
protected function afterUpdate($object)
{
Tools::generateHtaccess();
WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array()));
}
$input_xml = $_REQUEST['xml'];
} else {
// if no XML
$input_xml = NULL;
// if a XML is in PUT
if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
$putresource = fopen("php://input", "r");
while ($putData = fread($putresource, 1024)) {
$input_xml .= $putData;
}
fclose($putresource);
}
}
$params = $_GET;
unset($params['url']);
$class_name = WebserviceKey::getClassFromKey($key);
$bad_class_name = false;
if (!class_exists($class_name)) {
$class_name = 'WebserviceRequest';
$bad_class_name = true;
}
// fetch the request
WebserviceRequest::$ws_current_classname = $class_name;
$request = call_user_func(array($class_name, 'getInstance'));
$result = $request->fetch($key, $method, $_GET['url'], $params, $bad_class_name, $input_xml);
// display result
if (ob_get_length() != 0) {
header('Content-Type: application/javascript');
}
// Useful for debug...
// Manage cache
/**
* Check request authentication
*
* @return boolean
*/
protected function authenticate()
{
if (!$this->hasErrors()) {
if (is_null($this->_key)) {
$this->setError(401, 'Please enter the authentication key as the login. No password required', 16);
} else {
if (empty($this->_key)) {
$this->setError(401, 'Authentication key is empty', 17);
} elseif (strlen($this->_key) != '32') {
$this->setError(401, 'Invalid authentication key format', 18);
} else {
$keyValidation = WebserviceKey::isKeyActive($this->_key);
if (is_null($keyValidation)) {
$this->setError(401, 'Authentification key does not exist', 19);
} elseif ($keyValidation === true) {
$this->keyPermissions = WebserviceKey::getPermissionForAccount($this->_key);
} else {
$this->setError(401, 'Authentification key is not active', 20);
}
if (!$this->keyPermissions) {
$this->setError(401, 'No permission for this authentication key', 21);
}
}
}
if ($this->hasErrors()) {
header('WWW-Authenticate: Basic realm="Welcome to PrestaShop Webservice, please enter the authentication key as the login. No password required."');
$this->objOutput->setStatus(401);
return false;
} else {
// only now we can say the access is authenticated
$this->_authenticated = true;
return true;
}
}
}
public static function setPermissionForAccount($id_account, $permissions_to_set)
{
$ok = true;
$sql = 'DELETE FROM `' . _DB_PREFIX_ . 'webservice_permission` WHERE `id_webservice_account` = ' . (int) $id_account;
if (!Db::getInstance()->execute($sql)) {
$ok = false;
}
if (isset($permissions_to_set)) {
$permissions = array();
$resources = WebserviceRequest::getResources();
$methods = array('GET', 'PUT', 'POST', 'DELETE', 'HEAD');
foreach ($permissions_to_set as $resource_name => $resource_methods) {
if (in_array($resource_name, array_keys($resources))) {
foreach (array_keys($resource_methods) as $method_name) {
if (in_array($method_name, $methods)) {
$permissions[] = array($method_name, $resource_name);
}
}
}
}
$account = new WebserviceKey($id_account);
if ($account->deleteAssociations() && $permissions) {
$sql = 'INSERT INTO `' . _DB_PREFIX_ . 'webservice_permission` (`id_webservice_permission` ,`resource` ,`method` ,`id_webservice_account`) VALUES ';
foreach ($permissions as $permission) {
$sql .= '(NULL , \'' . pSQL($permission[1]) . '\', \'' . pSQL($permission[0]) . '\', ' . (int) $id_account . '), ';
}
$sql = rtrim($sql, ', ');
if (!Db::getInstance()->execute($sql)) {
$ok = false;
}
}
}
return $ok;
}
public function displayForm($isMainTab = true)
{
global $currentIndex;
parent::displayForm();
if (!($obj = $this->loadObject(true))) {
return;
}
echo '
<form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post" enctype="multipart/form-data">
' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . '
<fieldset><legend><img src="../img/admin/access.png" />' . $this->l('Webservice Accounts') . '</legend>
<label>' . $this->l('Key:') . '</label>
<div class="margin-form">
<input type="text" size="32" name="key" id="code" value="' . htmlentities(Tools::getValue('key', $obj->key), ENT_COMPAT, 'UTF-8') . '" />
<input type="button" value="' . $this->l(' Generate! ') . '" class="button" onclick="gencode(32)" />
<sup>*</sup>
<p class="clear">' . $this->l('Webservice account key') . '</p>
</div>
<label>' . $this->l('Key description') . '</label>
<div class="margin-form">
<textarea rows="3" style="width:400px" name="description">' . htmlentities(Tools::getValue('description', $obj->description), ENT_COMPAT, 'UTF-8') . '</textarea>
<p class="clear">' . $this->l('Key description') . '</p>
</div>
<label>' . $this->l('Status:') . ' </label>
<div class="margin-form">
<input type="radio" name="active" id="active_on" value="1" ' . ((!$obj->id or Tools::getValue('active', $obj->active)) ? 'checked="checked" ' : '') . '/>
<label class="t" for="active_on"> <img src="../img/admin/enabled.gif" alt="' . $this->l('Enabled') . '" title="' . $this->l('Enabled') . '" /></label>
<input type="radio" name="active" id="active_off" value="0" ' . ((!Tools::getValue('active', $obj->active) and $obj->id) ? 'checked="checked" ' : '') . '/>
<label class="t" for="active_off"> <img src="../img/admin/disabled.gif" alt="' . $this->l('Disabled') . '" title="' . $this->l('Disabled') . '" /></label>
</div>
<label>' . $this->l('Permissions:') . ' </label>
<div class="margin-form">
<p>' . $this->l('Set the resource permissions for this key:') . '</p>
<table border="0" cellspacing="0" cellpadding="0" class="permissions">
<thead>
<tr>
<th>' . $this->l('Resource') . '</th>
<th width="30"></th>
<th width="50">' . $this->l('View (GET)') . '</th>
<th width="50">' . $this->l('Modify (PUT)') . '</th>
<th width="50">' . $this->l('Add (POST)') . '</th>
<th width="50">' . $this->l('Delete (DELETE)') . '</th>
<th width="50">' . $this->l('Fast view (HEAD)') . '</th>
</tr>
</thead>
<tbody>
<tr class="all" style="vertical-align:cen">
<th></th>
<th></th>
<th><input type="checkbox" class="all_get get " /></th>
<th><input type="checkbox" class="all_put put " /></th>
<th><input type="checkbox" class="all_post post " /></th>
<th><input type="checkbox" class="all_delete delete" /></th>
<th><input type="checkbox" class="all_head head" /></th>
</tr>
';
$ressources = WebserviceRequest::getResources();
$permissions = WebserviceKey::getPermissionForAccount($obj->key);
foreach ($ressources as $resourceName => $resource) {
echo '
<tr>
<th>' . $resourceName . '</th>
<th><input type="checkbox" class="all"/></th>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('GET', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="get" name="resources[' . $resourceName . '][GET]" ' . (isset($permissions[$resourceName]) && in_array('GET', $permissions[$resourceName]) ? 'checked="checked"' : '') . ' /></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('PUT', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="put" name="resources[' . $resourceName . '][PUT]" ' . (isset($permissions[$resourceName]) && in_array('PUT', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('POST', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="post" name="resources[' . $resourceName . '][POST]" ' . (isset($permissions[$resourceName]) && in_array('POST', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('DELETE', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="delete" name="resources[' . $resourceName . '][DELETE]" ' . (isset($permissions[$resourceName]) && in_array('DELETE', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('HEAD', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="head" name="resources[' . $resourceName . '][HEAD]" ' . (isset($permissions[$resourceName]) && in_array('HEAD', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
</tr>';
}
echo '
</tbody>
</table>
<script>';
?>
$(function() {
$('table.permissions input.all').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().find('input.get:not(:checked), input.put:not(:checked), input.post:not(:checked), input.delete:not(:checked), input.head:not(:checked)').click();
else
$(this).parent().parent().find('input.get:checked, input.put:checked, input.post:checked, input.delete:checked, input.head:checked').click();
});
$('table.permissions .all_get').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.get:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.get:checked').click();
});
$('table.permissions .all_put').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.put:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.put:checked').click();
});
$('table.permissions .all_post').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.post:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.post:checked').click();
});
$('table.permissions .all_delete').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.delete:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.delete:checked').click();
});
$('table.permissions .all_head').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.head:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.head:checked').click();
});
});
<?php
echo '
</script>
</div>
<div class="margin-form">
<input type="submit" value="' . $this->l(' Save ') . '" name="submitAdd' . $this->table . '" class="button" />
</div>
<div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div>
</fieldset>
</form>';
}
public function postProcess()
{
if (Tools::getValue('key') && strlen(Tools::getValue('key')) < 32) {
$this->_errors[] = Tools::displayError($this->l('Key length must be 32 character long'));
}
if (WebserviceKey::keyExists(Tools::getValue('key')) && !Tools::getValue('id_webservice_account')) {
$this->_errors[] = Tools::displayError($this->l('Key already exists'));
}
return parent::postProcess();
}
