public function handleInvalidate(RequestItem $request)
{
$this->checkService();
if (!$request->getToken()->getAppId() && !$request->getToken()->getAppUrl()) {
throw new SocialSpiException("Can't invalidate content without specifying application", ResponseError::$BAD_REQUEST);
}
$isBackendInvalidation = AuthenticationMode::$OAUTH_CONSUMER_REQUEST == $request->getToken()->getAuthenticationMode();
$invalidationKeys = $request->getListParameter('invalidationKeys');
$resources = array();
$userIds = array();
if ($request->getToken()->getViewerId()) {
$userIds[] = $request->getToken()->getViewerId();
}
foreach ($invalidationKeys as $key) {
if (strpos($key, 'http') !== false) {
if (!$isBackendInvalidation) {
throw new SocialSpiException('Cannot flush application resources from a gadget. Must use OAuth consumer request');
}
$resources[] = $key;
} else {
if ($key == '@viewer') {
continue;
}
if (!$isBackendInvalidation) {
throw new SocialSpiException('Cannot invalidate the content for a user other than the viewer from a gadget.');
}
$userIds[] = $key;
}
}
$this->service->invalidateApplicationResources($resources, $request->getToken());
$this->service->invalidateUserResources($userIds, $request->getToken());
}
public function handleItem(RequestItem $requestItem)
{
try {
$token = $requestItem->getToken();
$method = strtolower($requestItem->getMethod());
if ($token->isAnonymous() && !in_array($method, self::$GET_SYNONYMS)) {
// Anonymous requests are only allowed to GET data (not create/edit/delete)
throw new SocialSpiException("[{$method}] not allowed for anonymous users", ResponseError::$BAD_REQUEST);
} elseif (in_array($method, self::$GET_SYNONYMS)) {
$parameters = $requestItem->getParameters();
if (in_array("@supportedFields", $parameters, true)) {
$response = $this->getSupportedFields($parameters);
} else {
$response = $this->handleGet($requestItem);
}
} elseif (in_array($method, self::$UPDATE_SYNONYMS)) {
$response = $this->handlePut($requestItem);
} elseif (in_array($method, self::$DELETE_SYNONYMS)) {
$response = $this->handleDelete($requestItem);
} elseif (in_array($method, self::$CREATE_SYNONYMS)) {
$response = $this->handlePost($requestItem);
} else {
throw new SocialSpiException("Unserviced Http method type", ResponseError::$BAD_REQUEST);
}
} catch (SocialSpiException $e) {
$response = new ResponseItem($e->getCode(), $e->getMessage());
} catch (Exception $e) {
$response = new ResponseItem(ResponseError::$INTERNAL_ERROR, "Internal error: " . $e->getMessage());
}
return $response;
}
/**
* /messages/{groupId}/outbox/{msgId}
* /messages/{groupId}/outbox
*
* @param RequestItem $requestItem
* @return responseItem
*/
public function handlePost(RequestItem $requestItem)
{
$requestItem->applyUrlTemplate(self::$MESSAGES_PATH);
$userIds = $requestItem->getUsers();
$message = $requestItem->getParameter('message');
$optionalMessageId = $requestItem->getParameter('msgId');
return $this->service->createMessage($userIds[0], $requestItem->getAppId(), $message, $optionalMessageId, $requestItem->getToken());
}
/**
* /groups/{userId}
*
* examples:
* /groups/john.doe?fields=count
* /groups/@me
*
* @param RequestItem $requestItem
* @return ResponseItem
*/
public function handleGet(RequestItem $requestItem)
{
$this->checkService();
$requestItem->applyUrlTemplate(self::$GROUPS_PATH);
$userIds = $requestItem->getUsers();
if (count($userIds) < 1) {
throw new InvalidArgumentException("No userId(s) specified");
}
return $this->service->getPersonGroups($userIds[0], $requestItem->getGroup(), $requestItem->getToken());
}
/**
* Allowed end-points /people/{userId}+/{groupId} /people/{userId}/{groupId}/{optionalPersonId}+
*
* examples: /people/john.doe/@all /people/john.doe/@friends /people/john.doe/@self
*/
public function handleGet(RequestItem $request)
{
$request->applyUrlTemplate(self::$PEOPLE_PATH);
$groupId = $request->getGroup();
$optionalPersonId = $request->getListParameter("personId");
$fields = $request->getFields(self::$DEFAULT_FIELDS);
$userIds = $request->getUsers();
// Preconditions
if (count($userIds) < 1) {
throw new IllegalArgumentException("No userId specified");
} elseif (count($userIds) > 1 && count($optionalPersonId) != 0) {
throw new IllegalArgumentException("Cannot fetch personIds for multiple userIds");
}
$options = new CollectionOptions();
$options->setSortBy($request->getSortBy());
$options->setSortOrder($request->getSortOrder());
$options->setFilterBy($request->getFilterBy());
$options->setFilterOperation($request->getFilterOperation());
$options->setFilterValue($request->getFilterValue());
$options->setStartIndex($request->getStartIndex());
$options->setCount($request->getCount());
// personId: Array ( [0] => 8 )
if (count($userIds) == 1) {
if (count($optionalPersonId) == 0) {
if ($groupId->getType() == 'self') {
return $this->personService->getPerson($userIds[0], $groupId, $fields, $request->getToken());
} else {
return $this->personService->getPeople($userIds, $groupId, $options, $fields, $request->getToken());
}
} elseif (count($optionalPersonId) == 1) {
return $this->personService->getPerson($optionalPersonId[0], $groupId, $fields, $request->getToken());
} else {
$personIds = array();
foreach ($optionalPersonId as $pid) {
$personIds[] = new UserId('userId', $pid);
}
// Every other case is a collection response of optional person ids
return $this->personService->getPeople($personIds, new GroupId('self', null), $options, $fields, $request->getToken());
}
}
// Every other case is a collection response.
return $this->personService->getPeople($userIds, $groupId, $options, $fields, $request->getToken());
}
/**
* Updates the album. The URI structure: /{userId}/{groupId}/{albumId}
*/
public function handlePut(RequestItem $requestItem)
{
$this->checkService();
$requestItem->applyUrlTemplate(self::$ALBUM_PATH);
$userIds = $requestItem->getUsers();
$groupId = $requestItem->getGroup();
$albumIds = $requestItem->getListParameter('albumId');
$album = $requestItem->getParameter('album');
HandlerPreconditions::requireSingular($userIds, "userId must be singular value");
HandlerPreconditions::requireNotEmpty($groupId, "groupId must be specified.");
HandlerPreconditions::requireSingular($albumIds, "albumId must be singular value.");
HandlerPreconditions::requireNotEmpty($album, "album must be specified.");
$album['id'] = $albumIds[0];
return $this->service->updateAlbum($userIds[0], $groupId, $album, $requestItem->getToken());
}
/**
* /appdata/{userId}/{groupId}/{appId}
* - fields={field1, field2}
*
* examples:
* /appdata/john.doe/@friends/app?fields=count
* /appdata/john.doe/@self/app
*
* The post data should be a regular json object. All of the fields vars will
* be pulled from the values and set on the person object. If there are no
* fields vars then all of the data will be overridden.
*/
public function handlePost(RequestItem $requestItem)
{
$this->checkService();
$requestItem->applyUrlTemplate(self::$APP_DATA_PATH);
$userIds = $requestItem->getUsers();
if (count($userIds) < 1) {
throw new InvalidArgumentException("No userId specified");
} elseif (count($userIds) > 1) {
throw new InvalidArgumentException("Multiple userIds not supported");
}
$values = $requestItem->getParameter("data");
// this used to be $requestItem->getFields() instead of using the fields, but that makes no sense to me
// better to detect the fields depending on input right?
$fields = array();
foreach (array_keys($values) as $key) {
$fields[] = $key;
if (!$this->isValidKey($key)) {
throw new SocialSpiException("One or more of the app data keys are invalid: " . $key, ResponseError::$BAD_REQUEST);
}
}
$this->service->updatePersonData($userIds[0], $requestItem->getGroup(), $requestItem->getAppId(), $fields, $values, $requestItem->getToken());
}
/**
* /activities/{userId}/@self
*
* examples:
* /activities/@viewer/@self/@app
* /activities/john.doe/@self
* - postBody is an activity object
*
* @param RequestItem $requestItem
* @return ResponseItem
*/
public function handlePost(RequestItem $requestItem)
{
$this->checkService();
$requestItem->applyUrlTemplate(self::$ACTIVITY_ID_PATH);
$userIds = $requestItem->getUsers();
$activityIds = $requestItem->getListParameter("activityId");
if (empty($userIds)) {
throw new InvalidArgumentException("No userId specified");
} elseif (count($userIds) > 1) {
throw new InvalidArgumentException("Multiple userIds not supported");
}
// TODO This seems reasonable to allow on PUT but we don't have an update verb.
if (!empty($activityIds)) {
throw new InvalidArgumentException("Cannot specify activityId in create");
}
/*
* Note, on just about all types of social networks you would only allow activities to be created when the owner == viewer, and the userId == viewer as well, in code this would mean:
* if ($token->getOwnerId() != $token->getViewerId() || $token->getViewerId() != $userId->getUserId($token)) {
* throw new SocialSpiException("Create activity permission denied.", ResponseError::$UNAUTHORIZED);
* }
*/
return $this->service->createActivity($userIds[0], $requestItem->getGroup(), $requestItem->getAppId(), $requestItem->getFields(), $requestItem->getParameter("activity"), $requestItem->getToken());
}
/**
* /activities/{userId}/@self
*
* examples:
* /activities/@viewer/@self/@app
* /activities/john.doe/@self
* - postBody is an activity object
*/
public function handlePost(RequestItem $requestItem)
{
$requestItem->applyUrlTemplate(self::$ACTIVITY_ID_PATH);
$userIds = $requestItem->getUsers();
$activityIds = $requestItem->getListParameter("activityId");
if (empty($userIds)) {
throw new InvalidArgumentException("No userId specified");
} elseif (count($userIds) > 1) {
throw new InvalidArgumentException("Multiple userIds not supported");
}
// TODO This seems reasonable to allow on PUT but we don't have an update verb.
if (!empty($activityIds)) {
throw new InvalidArgumentException("Cannot specify activityId in create");
}
return $this->service->createActivity($userIds[0], $requestItem->getGroup(), $requestItem->getAppId(), $requestItem->getFields(), $requestItem->getParameter("activity"), $requestItem->getToken());
}
/**
* Allowed end-points /people/{userId}+/{groupId} /people/{userId}/{groupId}/{optionalPersonId}+
*
* examples: /people/john.doe/@all /people/john.doe/@friends /people/john.doe/@self
*/
public function handleGet(RequestItem $request)
{
$this->checkService();
$request->applyUrlTemplate(self::$PEOPLE_PATH);
$groupId = $request->getGroup();
$optionalPersonId = $request->getListParameter("personId");
$fields = $request->getFields(self::$DEFAULT_FIELDS);
$userIds = $request->getUsers();
// Preconditions
if (count($userIds) < 1) {
throw new IllegalArgumentException("No userId specified");
} elseif (count($userIds) > 1 && count($optionalPersonId) != 0) {
throw new IllegalArgumentException("Cannot fetch personIds for multiple userIds");
}
$options = new CollectionOptions();
$options->setSortBy($request->getSortBy());
$options->setSortOrder($request->getSortOrder());
$options->setFilterBy($request->getFilterBy());
$options->setFilterOperation($request->getFilterOperation());
$options->setFilterValue($request->getFilterValue());
$options->setStartIndex($request->getStartIndex());
$options->setCount($request->getCount());
$token = $request->getToken();
$groupType = $groupId->getType();
// handle Anonymous Viewer exceptions
$containAnonymousUser = false;
if ($token->isAnonymous()) {
// Find out whether userIds contains
// a) @viewer, b) @me, c) SecurityToken::$ANONYMOUS
foreach ($userIds as $key => $id) {
if (in_array($id->getType(), self::$ANONYMOUS_ID_TYPE) || $id->getType() == 'userId' && $id->getUserId($token) == SecurityToken::$ANONYMOUS) {
$containAnonymousUser = true;
unset($userIds[$key]);
}
}
if ($containAnonymousUser) {
$userIds = array_values($userIds);
// Skip any requests if groupId is not @self or @all, since anonymous viewer won't have friends.
if ($groupType != 'self' && $groupType != 'all') {
throw new Exception("Can't get friend from an anonymous viewer.");
}
}
}
if ($containAnonymousUser && count($userIds) == 0) {
return self::$ANONYMOUS_VIEWER;
}
$service = $this->service;
$ret = null;
if (count($userIds) == 1) {
if (count($optionalPersonId) == 0) {
if ($groupType == 'self') {
$ret = $service->getPerson($userIds[0], $groupId, $fields, $token);
} else {
$ret = $service->getPeople($userIds, $groupId, $options, $fields, $token);
}
} elseif (count($optionalPersonId) == 1) {
$ret = $service->getPerson($optionalPersonId[0], $groupId, $fields, $token);
} else {
$personIds = array();
foreach ($optionalPersonId as $pid) {
$personIds[] = new UserId('userId', $pid);
}
// Every other case is a collection response of optional person ids
$ret = $service->getPeople($personIds, new GroupId('self', null), $options, $fields, $token);
}
} else {
// Every other case is a collection response.
$ret = $service->getPeople($userIds, $groupId, $options, $fields, $token);
}
// Append anonymous viewer
if ($containAnonymousUser) {
if (is_array($ret)) {
// Single user
$people = array($ret, self::$ANONYMOUS_VIEWER);
$ret = new RestfulCollection($people, $options->getStartIndex(), 2);
$ret->setItemsPerPage($options->getCount());
} else {
// Multiple users
$ret->entry[] = self::$ANONYMOUS_VIEWER;
$ret->totalResults += 1;
}
}
return $ret;
}
/**
* Updates a message or a message collection.
*/
public function handlePut(RequestItem $requestItem)
{
$this->checkService();
$requestItem->applyUrlTemplate(self::$MESSAGES_PATH);
$userIds = $requestItem->getUsers();
HandlerPreconditions::requireSingular($userIds, "UserId is not singular.");
$msgCollId = $requestItem->getParameter("msgCollId");
HandlerPreconditions::requireNotEmpty($msgCollId, "msgCollId is required.");
$messageIds = $requestItem->getListParameter("messageId");
if (empty($messageIds)) {
// Updates message collection.
$messageCollection = $requestItem->getParameter("entity");
$messageCollection['id'] = $msgCollId;
HandlerPreconditions::requireNotEmpty($messageCollection, "Can't parse message collection.");
return $this->service->updateMessageCollection($userIds[0], $messageCollection, $requestItem->getToken());
} else {
// Updates a message.
HandlerPreconditions::requireSingular($messageIds, "Message id is not singular.");
$message = $requestItem->getParameter("entity");
$message['id'] = $messageIds[0];
HandlerPreconditions::requireNotEmpty($message, "Can't parse message.");
return $this->service->updateMessage($userIds[0], $msgCollId, $message, $requestItem->getToken());
}
}
