예제 #1
0
 /**
  * Map the API request to the corrosponding controller
  *
  * @since  0.1.0
  * @access public
  * @throws Exception
  * @return void
  * @static
  */
 public static function dispatchRequest()
 {
     $request = Gdn::request();
     $requestUri = static::getRequestUri();
     $requestMethod = static::getRequestMethod();
     if (!in_array($requestMethod, static::$supportedMethods)) {
         throw new Exception(t("API.Error.MethodNotAllowed"), 405);
     }
     if (!Gdn::session()->isValid()) {
         $username = getIncomingValue("username");
         $email = getIncomingValue("email");
         if ($username || $email) {
             APIAuth::authenticateRequest();
         }
     }
     $resource = val(1, $requestUri);
     $apiClass = ucfirst($resource) . "API";
     if (!class_exists($apiClass)) {
         throw new Exception(sprintf(t("API.Error.Class.Invalid"), $apiClass), 404);
     }
     if (!is_subclass_of($apiClass, "APIMapper")) {
         throw new Exception(t("API.Error.Mapper"), 500);
     }
     $apiClass = new $apiClass();
     $isWriteMethod = in_array($requestMethod, ["post", "put", "delete"]);
     $requestArguments = $isWriteMethod ? static::getRequestArguments() : [];
     $dispatch = static::map($resource, $apiClass, $requestUri, $requestMethod, $requestArguments);
     $controller = $dispatch["controller"];
     if (!$controller) {
         throw new Exception(t("API.Error.Controller.Missing"), 500);
     }
     $inputData = array_merge($requestArguments, $dispatch["arguments"]);
     if ($isWriteMethod) {
         // Set the transient key since we no longer have a front-end that
         // takes care of doing it for us
         $inputData["TransientKey"] = Gdn::session()->transientKey();
         // Authentication is always required for write-methods
         $dispatch["authenticate"] = true;
         // As Garden doesn"t take PUT and DELETE requests into account when
         // verifying requests using IsPostBack() and IsAuthencatedPostBack(),
         // we need to mask PUTs and DELETEs as POSTs.
         $request->requestMethod("post");
         // Add any API-specific arguments to the requests arguments
         $request->setRequestArguments(Gdn_Request::INPUT_POST, $inputData);
         // Set the PHP $_POST global as the result of any form data picked
         // up by Garden.
         $_POST = $request->post();
     }
     if ($dispatch["authenticate"] && !Gdn::session()->isValid()) {
         throw new Exception(t("API.Error.AuthRequired"), 401);
     }
     $application = $dispatch["application"];
     if ($application) {
         Gdn_Autoloader::attachApplication($application);
     }
     $method = $dispatch["method"];
     $arguments = $dispatch["arguments"];
     Gdn::request()->withControllerMethod($controller, $method, $arguments);
 }
예제 #2
0
 static function addPublicRoleToNewGroup($groupId)
 {
     // TODO: Hook up super-admin group to config variable
     $roleId = DBConn::selectOne("SELECT r.id FROM " . DBConn::prefix() . "auth_roles AS r " . "WHERE r.slug = :slug LIMIT 1;", array(':slug' => 'public'));
     if ($roleId) {
         $validGroup = array(':auth_group_id' => $groupId, ':auth_role_id' => $roleId->id, ':created_user_id' => APIAuth::getUserId());
         return DBConn::insert("INSERT INTO " . DBConn::prefix() . "auth_lookup_group_role(auth_group_id, auth_role_id, created_user_id) " . "VALUES (:auth_group_id, :auth_role_id, :created_user_id);", $validGroup);
     }
     return false;
 }
예제 #3
0
 public function addRoutes($slimApp, $debugEnabled)
 {
     $authenticateForRole = function ($role = 'public') use($slimApp) {
         return function () use($slimApp, $role) {
             APIAuth::isAuthorized($slimApp, $role);
         };
     };
     $this->addDefaultRoutes($slimApp);
     //$this->addErrorRoutes($slimApp, $debugEnabled);
     /*
     TestRoutes::addRoutes($slimApp, $authenticateForRole);
     ActionRoutes::addRoutes($slimApp, $authenticateForRole);
     AuthRoutes::addRoutes($slimApp, $authenticateForRole);
     DatatableRoutes::addRoutes($slimApp, $authenticateForRole);
     EmailRoutes::addRoutes($slimApp, $authenticateForRole);
     FieldRoutes::addRoutes($slimApp, $authenticateForRole);
     GroupRoutes::addRoutes($slimApp, $authenticateForRole);
     RoleRoutes::addRoutes($slimApp, $authenticateForRole);
     ListRoutes::addRoutes($slimApp, $authenticateForRole);
     SystemRoutes::addRoutes($slimApp, $authenticateForRole);
     ConfigRoutes::addRoutes($slimApp, $authenticateForRole);
     UserRoutes::addRoutes($slimApp, $authenticateForRole);
     */
 }
예제 #4
0
 /**
  * Render the settings menu in the dashboard
  *
  * This function sets up and renders a settings page where the API
  * configuration can be changed.
  *
  * @since  0.1.0
  * @access public
  * @param  SettingsController $sender
  * @return void
  */
 public function SettingsController_API_create($sender)
 {
     $sender->permission("Garden.Settings.Manage");
     $form = $sender->Form;
     if ($form->authenticatedPostBack()) {
         $secret = c("API.Secret");
         $regen = $form->buttonExists(t("API.Settings.Refresh.Label"));
         if ($regen) {
             $secret = APIAuth::generateUniqueID();
         }
         $save = [];
         $save["API.Secret"] = $secret;
         if ($form->errorCount() == 0) {
             saveToConfig($save);
             if ($regen) {
                 $icon = "<span class=\"InformSprite Refresh\"></span>";
                 $text = t("API.Settings.Refresh.Notification");
                 $class = "Dismissable HasSprite";
                 $sender->informMessage($icon . $text, $class);
             }
         }
     } else {
         $data = [];
         $data["Secret"] = c("API.Secret");
         $form->setData($data);
     }
     $sender->addSideMenu();
     $sender->setData("Title", t("API.Settings.Title"));
     $sender->render("API", "settings", "api");
 }