/** * @param OperationResponse $response */ public function handleResponse(OperationResponse $response) { // Add headers declared by the operation response $this->server->response()->status($response->getStatus()); $this->server->response()->header('Access-Control-Allow-Origin', '*'); foreach ($response->getHeaders() as $name => $val) { $this->server->response()->header($name, $val); } // Call output event $this->server->triggerEvent('output', $this->db, $this->cache); // Filter body content $body = $this->server->applyFilter('body', $response->getBody(), $this->db, $this->cache); // Output body if ($this->server->config('application.output') === 'xml') { $this->outputXML($body); } else { $this->outputJSON($body); } }
/** * @inheritdoc */ public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache) { // add possible config $this->setConfig($server->config('application.user_object')); // Create user factory if (empty($this->conf['factory'])) { $this->userFactory = new UserFactory($db, $cache); } else { $this->userFactory = new $this->conf['factory']($db, $cache); } $method = $this->request->getMethod(); $requestedUser = $this->requestedObject() ? $this->userFactory->load($this->requestedObject()) : false; if (($method == 'POST' || $method == 'DELETE') && $requestedUser && !$this->user->isAdmin() && !$this->user->isEqual($requestedUser)) { return new OperationResponse(401, array('error' => 'Only admins can edit/remove other users')); } if ($method == 'DELETE' && $requestedUser && $requestedUser->isAdmin()) { return new OperationResponse(403, array('error' => 'A user with admin privileges can not be removed. You have to remove admin privileges first (/api/admin)')); } // Trigger event $server->triggerEvent(strtolower($method) . '.user', $db, $cache); return parent::exec($server, $db, $cache); }
/** * @inheritdoc */ public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache) { $factory = $this->createFactory($db, $cache); $method = $this->request->getMethod(); $requestedObj = $this->requestedObject() ? $factory->load($this->requestedObject()) : null; $response = new OperationResponse(); // Trigger event $server->triggerEvent(strtolower($method) . '.object', $db, $cache); // Create object if ($method == 'POST' && $this->requestedObject() === false) { $this->createNewObject($factory, $response, $db, $cache, $server); } else { // object not found if (empty($requestedObj) && empty($_GET[self::SEARCH_QUERY_ARG])) { $response->setStatus(404); $response->setBody(array('error' => 'object not found -> ' . $_SERVER['QUERY_STRING'])); } else { // Update object if ($method == 'POST') { $this->updateObject($requestedObj, $factory, $response, $db, $cache, $server); } elseif ($method == 'DELETE') { $factory->delete($requestedObj); $response->setStatus(204); } else { // Search for object if (isset($_REQUEST[self::SEARCH_QUERY_ARG])) { /* @var SearchResult $result */ $search = $this->searchObjects($factory, $db, $cache, $server); list($offset, $limit, $query, $result, $objects) = $search; $response->setBody(array('query' => $query, 'matching' => $result->getNumMatching(), 'offset' => $offset, 'limit' => $limit, 'objects' => $objects)); } else { $response->setBody($this->objectToArray($requestedObj, $server, $db, $cache)); } } } } return $response; }