/**
* @inheritdoc
*/
public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache)
{
$userFactory = new UserFactory($db, $cache);
$user = $userFactory->load($_REQUEST['user']);
$response = new OperationResponse();
if (!$user) {
$response->setStatus(400);
$response->setBody(array('error' => 'Argument "user" is referring to a user that does not exist'));
} elseif ($this->user->isEqual($user)) {
$response->setStatus(400);
$response->setBody(array('error' => 'A user can not change admin privileges for its own user account'));
} else {
$userFactory->setAdminPrivileges($user, $_REQUEST['admin'] == '1');
$response->setStatus(204);
}
return $response;
}
/**
* @param $data
* @return \Rocker\Object\User\UserInterface|null
*/
public function basicAuth($data, $server)
{
$parts = explode(':', base64_decode($data));
if (count($parts) == 2 && !is_numeric($parts[0])) {
// don't allow to login using user id
$user = $this->userFactory->load($parts[0]);
if ($user !== null && $user->hasPassword($parts[1])) {
return $user;
}
}
return null;
}
/**
* @inheritdoc
*/
public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache)
{
// add possible config
$this->setConfig($server->config('application.user_object'));
// Create user factory
if (empty($this->conf['factory'])) {
$this->userFactory = new UserFactory($db, $cache);
} else {
$this->userFactory = new $this->conf['factory']($db, $cache);
}
$method = $this->request->getMethod();
$requestedUser = $this->requestedObject() ? $this->userFactory->load($this->requestedObject()) : false;
if (($method == 'POST' || $method == 'DELETE') && $requestedUser && !$this->user->isAdmin() && !$this->user->isEqual($requestedUser)) {
return new OperationResponse(401, array('error' => 'Only admins can edit/remove other users'));
}
if ($method == 'DELETE' && $requestedUser && $requestedUser->isAdmin()) {
return new OperationResponse(403, array('error' => 'A user with admin privileges can not be removed. You have to remove admin privileges first (/api/admin)'));
}
// Trigger event
$server->triggerEvent(strtolower($method) . '.user', $db, $cache);
return parent::exec($server, $db, $cache);
}
public function testMoreAdvancedSearch()
{
$this->truncateDB();
$john = self::$f->createUser('*****@*****.**', 'John', '');
$john->meta()->setByArray(array('gender' => 'Male', 'school' => 'Kenna', 'grade' => 19));
self::$f->update($john);
$jenny = self::$f->createUser('*****@*****.**', 'jenny', '');
$jenny->meta()->setByArray(array('gender' => 'Female', 'school' => 'Jenna', 'grade' => 18));
self::$f->update($jenny);
$axel = self::$f->createUser('*****@*****.**', 'jenny', '');
$axel->meta()->setByArray(array('gender' => 'Male', 'school' => 'Kenna', 'grade' => 18));
self::$f->update($axel);
$sven = self::$f->createUser('*****@*****.**', 'jenny', '');
$sven->meta()->setByArray(array('gender' => 'Male', 'school' => 'Benna', 'grade' => 12));
self::$f->update($sven);
$this->assertEquals(4, self::$f->metaSearch(array())->getNumMatching());
$this->assertEquals(1, self::$f->metaSearch(array('grade<' => 18))->getNumMatching());
$query = array('school' => '*enn*', array('AND' => array('gender' => array('Male', 'Female'))), array('AND' => array('grade>' => 17)));
$this->assertEquals(3, self::$f->metaSearch($query)->getNumMatching());
$query = array('school' => '*enn*', array('AND' => array('gender' => 'Female')), array('AND' => array('grade>' => 17)));
$this->assertEquals(1, self::$f->metaSearch($query)->getNumMatching());
}
/**
* @param Server $server
* @param ConnectionInterface $db
* @param \Rocker\Cache\CacheInterface $cache
* @return array
*/
public static function deleteUserEvent($server, $db, $cache)
{
$userFactory = new UserFactory($db, $cache);
$user = $userFactory->load(basename($server->request()->getPath()));
if ($user !== null && ($files = $user->meta()->get('files', array()))) {
$storage = self::loadStorageClass($server);
self::deleteAllFiles($user, $userFactory, $files, $storage);
}
}