/** * Map the API request to the corrosponding controller * * @since 0.1.0 * @access public * @throws Exception * @return void * @static */ public static function dispatchRequest() { $request = Gdn::request(); $requestUri = static::getRequestUri(); $requestMethod = static::getRequestMethod(); if (!in_array($requestMethod, static::$supportedMethods)) { throw new Exception(t("API.Error.MethodNotAllowed"), 405); } if (!Gdn::session()->isValid()) { $username = getIncomingValue("username"); $email = getIncomingValue("email"); if ($username || $email) { APIAuth::authenticateRequest(); } } $resource = val(1, $requestUri); $apiClass = ucfirst($resource) . "API"; if (!class_exists($apiClass)) { throw new Exception(sprintf(t("API.Error.Class.Invalid"), $apiClass), 404); } if (!is_subclass_of($apiClass, "APIMapper")) { throw new Exception(t("API.Error.Mapper"), 500); } $apiClass = new $apiClass(); $isWriteMethod = in_array($requestMethod, ["post", "put", "delete"]); $requestArguments = $isWriteMethod ? static::getRequestArguments() : []; $dispatch = static::map($resource, $apiClass, $requestUri, $requestMethod, $requestArguments); $controller = $dispatch["controller"]; if (!$controller) { throw new Exception(t("API.Error.Controller.Missing"), 500); } $inputData = array_merge($requestArguments, $dispatch["arguments"]); if ($isWriteMethod) { // Set the transient key since we no longer have a front-end that // takes care of doing it for us $inputData["TransientKey"] = Gdn::session()->transientKey(); // Authentication is always required for write-methods $dispatch["authenticate"] = true; // As Garden doesn"t take PUT and DELETE requests into account when // verifying requests using IsPostBack() and IsAuthencatedPostBack(), // we need to mask PUTs and DELETEs as POSTs. $request->requestMethod("post"); // Add any API-specific arguments to the requests arguments $request->setRequestArguments(Gdn_Request::INPUT_POST, $inputData); // Set the PHP $_POST global as the result of any form data picked // up by Garden. $_POST = $request->post(); } if ($dispatch["authenticate"] && !Gdn::session()->isValid()) { throw new Exception(t("API.Error.AuthRequired"), 401); } $application = $dispatch["application"]; if ($application) { Gdn_Autoloader::attachApplication($application); } $method = $dispatch["method"]; $arguments = $dispatch["arguments"]; Gdn::request()->withControllerMethod($controller, $method, $arguments); }
static function addPublicRoleToNewGroup($groupId) { // TODO: Hook up super-admin group to config variable $roleId = DBConn::selectOne("SELECT r.id FROM " . DBConn::prefix() . "auth_roles AS r " . "WHERE r.slug = :slug LIMIT 1;", array(':slug' => 'public')); if ($roleId) { $validGroup = array(':auth_group_id' => $groupId, ':auth_role_id' => $roleId->id, ':created_user_id' => APIAuth::getUserId()); return DBConn::insert("INSERT INTO " . DBConn::prefix() . "auth_lookup_group_role(auth_group_id, auth_role_id, created_user_id) " . "VALUES (:auth_group_id, :auth_role_id, :created_user_id);", $validGroup); } return false; }
public function addRoutes($slimApp, $debugEnabled) { $authenticateForRole = function ($role = 'public') use($slimApp) { return function () use($slimApp, $role) { APIAuth::isAuthorized($slimApp, $role); }; }; $this->addDefaultRoutes($slimApp); //$this->addErrorRoutes($slimApp, $debugEnabled); /* TestRoutes::addRoutes($slimApp, $authenticateForRole); ActionRoutes::addRoutes($slimApp, $authenticateForRole); AuthRoutes::addRoutes($slimApp, $authenticateForRole); DatatableRoutes::addRoutes($slimApp, $authenticateForRole); EmailRoutes::addRoutes($slimApp, $authenticateForRole); FieldRoutes::addRoutes($slimApp, $authenticateForRole); GroupRoutes::addRoutes($slimApp, $authenticateForRole); RoleRoutes::addRoutes($slimApp, $authenticateForRole); ListRoutes::addRoutes($slimApp, $authenticateForRole); SystemRoutes::addRoutes($slimApp, $authenticateForRole); ConfigRoutes::addRoutes($slimApp, $authenticateForRole); UserRoutes::addRoutes($slimApp, $authenticateForRole); */ }
/** * Render the settings menu in the dashboard * * This function sets up and renders a settings page where the API * configuration can be changed. * * @since 0.1.0 * @access public * @param SettingsController $sender * @return void */ public function SettingsController_API_create($sender) { $sender->permission("Garden.Settings.Manage"); $form = $sender->Form; if ($form->authenticatedPostBack()) { $secret = c("API.Secret"); $regen = $form->buttonExists(t("API.Settings.Refresh.Label")); if ($regen) { $secret = APIAuth::generateUniqueID(); } $save = []; $save["API.Secret"] = $secret; if ($form->errorCount() == 0) { saveToConfig($save); if ($regen) { $icon = "<span class=\"InformSprite Refresh\"></span>"; $text = t("API.Settings.Refresh.Notification"); $class = "Dismissable HasSprite"; $sender->informMessage($icon . $text, $class); } } } else { $data = []; $data["Secret"] = c("API.Secret"); $form->setData($data); } $sender->addSideMenu(); $sender->setData("Title", t("API.Settings.Title")); $sender->render("API", "settings", "api"); }