/** * Get group information, create the group if it doesn't exist * GET /api/customData/:groupId * * returns: * { * Status: OK/failed, * data: { * id: x, * fields: [ * "field1", * "field2" * ] * } * } */ public function get($params) { $this->requireAuthentication(); // Get group id, if none given, default to current group $groupId = isset($params['url'][2]) ? (int) $params['url'][2] : $this->user['area']; $groupAccessor = new \TMT\accessor\CustomGroupData(); $areaAccessor = new \TMT\accessor\AreaAccessor(); if (!$areaAccessor->checkAreaRights($this->user['netId'], $groupId)) { $this->error("You do not have rights to this group"); return; } try { $group = $groupAccessor->get($groupId); } catch (\TMT\exception\CustomGroupDataException $e) { if ($e->getCode() === 2) { // Group does not exist try { $groupAccessor->create(array(), $groupId); $group = $groupAccessor->get($groupId); } catch (\TMT\exception\CustomGroupDataException $e2) { $this->error($e2->getMessage()); return; } } else { $this->error($e->getMessage()); return; } } $this->respond($group); }
/** * Populates this class' session array with the following variables * netId * area * * If the user is not authenticated, this function does nothing */ protected function getUserInfo() { // If the user is not authenticated, don't try to retrieve netId or area if (!$this->authenticated) { return; } // Pull information from CAS or LDAP, whichever way the user is authenticated if (isset($_SESSION['ldap'])) { $this->user['netId'] = $_SESSION['user']; } else { if (\phpCAS::checkAuthentication()) { $this->user['netId'] = \phpCAS::getUser(); } else { // This should never happen because they would somehow have authenticated set to true // and not be logged in to CAS or LDAP $this->user['netId'] = null; } } // In case a problem occurred and netId was not set, don't try to get area if ($this->user['netId'] == null) { return; } // Pull area $areaAcc = new \TMT\accessor\AreaAccessor(); $employeeAcc = new \TMT\accessor\Employee(); $employee = $employeeAcc->get($this->user['netId']); if (isset($_COOKIE['area'])) { if ($areaAcc->checkAreaRights($this->user['netId'], $_COOKIE['area'])) { $this->user['area'] = $_COOKIE['area']; } else { // The cookie was changed to an area the user does not have rights to // So unset the cookie and change to default area unset($_COOKIE['area']); setcookie("area", "", time() - 3600, '/'); $this->user['area'] = $employee->area; } } else { // Cookie not set, use default area $this->user['area'] = $employee->area; } $area = $areaAcc->get($this->user['area']); $this->user['guid'] = $employee->guid; $this->user['areaGuid'] = $area->guid; }
/** * Removes a user from a group * This should be used in conjunction with * revoking a user's access to an area, it * will remove all data for this user for * this group. * * NOTE: This will delete the embedded document * for the given user that holds the group * information, but if the api is called to * get the same user with the same group, * it will be recreated with empty data, * unless the user's rights to the group * have been revoked. * * DELETE /api/userGroupData/:netId/:group * * returns: * { * status: OK, * data: success * } */ public function delete($params) { $this->requireAuthentication(); $this->forcePermission("update", "1450ff35-82a7-45ed-adcf-ffa254ebafa2"); $userAccessor = new \TMT\accessor\UserGroupData(); $areaAccessor = new \TMT\accessor\AreaAccessor(); $netId = isset($params['url'][2]) ? $params['url'][2] : null; $group = isset($params['url'][3]) ? (int) $params['url'][3] : null; if ($netId == null || $group == null) { $this->error("Invalid netId or group"); return; } // Ensure both user and employee have rights to access the group if (!$areaAccessor->checkAreaRights($this->user['netId'], $group)) { $this->error("You do not have rights to access this employee's data"); return; } $userAccessor->removeGroup($netId, $group); $this->respond("success"); }