public static function setPermissionForAccount($id_account, $permissions_to_set)
{
$ok = true;
$sql = 'DELETE FROM `' . _DB_PREFIX_ . 'webservice_permission` WHERE `id_webservice_account` = ' . (int) $id_account;
if (!Db::getInstance()->execute($sql)) {
$ok = false;
}
if (isset($permissions_to_set)) {
$permissions = array();
$resources = WebserviceRequest::getResources();
$methods = array('GET', 'PUT', 'POST', 'DELETE', 'HEAD');
foreach ($permissions_to_set as $resource_name => $resource_methods) {
if (in_array($resource_name, array_keys($resources))) {
foreach (array_keys($resource_methods) as $method_name) {
if (in_array($method_name, $methods)) {
$permissions[] = array($method_name, $resource_name);
}
}
}
}
$account = new WebserviceKey($id_account);
if ($account->deleteAssociations() && $permissions) {
$sql = 'INSERT INTO `' . _DB_PREFIX_ . 'webservice_permission` (`id_webservice_permission` ,`resource` ,`method` ,`id_webservice_account`) VALUES ';
foreach ($permissions as $permission) {
$sql .= '(NULL , \'' . pSQL($permission[1]) . '\', \'' . pSQL($permission[0]) . '\', ' . (int) $id_account . '), ';
}
$sql = rtrim($sql, ', ');
if (!Db::getInstance()->execute($sql)) {
$ok = false;
}
}
}
return $ok;
}
public function renderForm()
{
$this->fields_form = array('legend' => array('title' => $this->l('Webservice Accounts'), 'icon' => 'icon-lock'), 'input' => array(array('type' => 'textbutton', 'label' => $this->l('Key'), 'name' => 'key', 'id' => 'code', 'required' => true, 'hint' => $this->l('Webservice account key.'), 'button' => array('label' => $this->l('Generate!'), 'attributes' => array('onclick' => 'gencode(32)'))), array('type' => 'textarea', 'label' => $this->l('Key description'), 'name' => 'description', 'rows' => 3, 'cols' => 110, 'hint' => $this->l('Quick description of the key: who it is for, what permissions it has, etc.')), array('type' => 'switch', 'label' => $this->l('Status'), 'name' => 'active', 'required' => false, 'is_bool' => true, 'values' => array(array('id' => 'active_on', 'value' => 1, 'label' => $this->l('Enabled')), array('id' => 'active_off', 'value' => 0, 'label' => $this->l('Disabled')))), array('type' => 'resources', 'label' => $this->l('Permissions'), 'name' => 'resources')));
if (Shop::isFeatureActive()) {
$this->fields_form['input'][] = array('type' => 'shop', 'label' => $this->l('Shop association'), 'name' => 'checkBoxShopAsso');
}
$this->fields_form['submit'] = array('title' => $this->l('Save'));
if (!($obj = $this->loadObject(true))) {
return;
}
$ressources = WebserviceRequest::getResources();
$permissions = WebserviceKey::getPermissionForAccount($obj->key);
$this->tpl_form_vars = array('ressources' => $ressources, 'permissions' => $permissions);
return parent::renderForm();
}
public function renderForm()
{
$this->fields_form = array('legend' => array('title' => $this->l('Webservice Accounts:'), 'image' => '../img/admin/access.png'), 'input' => array(array('type' => 'text', 'label' => $this->l('Key:'), 'name' => 'key', 'id' => 'code', 'size' => 32, 'required' => true, 'desc' => $this->l('Webservice account key')), array('type' => 'textarea', 'label' => $this->l('Key description:'), 'name' => 'description', 'rows' => 3, 'cols' => 110, 'desc' => $this->l('Key description')), array('type' => 'radio', 'label' => $this->l('Status:'), 'name' => 'active', 'required' => false, 'class' => 't', 'is_bool' => true, 'values' => array(array('id' => 'active_on', 'value' => 1, 'label' => $this->l('Enabled')), array('id' => 'active_off', 'value' => 0, 'label' => $this->l('Disabled')))), array('type' => 'resources', 'label' => $this->l('Permissions:'), 'name' => 'resources')));
if (Shop::isFeatureActive()) {
$this->fields_form['input'][] = array('type' => 'shop', 'label' => $this->l('Shop association:'), 'name' => 'checkBoxShopAsso');
}
$this->fields_form['submit'] = array('title' => $this->l(' Save '), 'class' => 'button');
if (!($obj = $this->loadObject(true))) {
return;
}
$ressources = WebserviceRequest::getResources();
$permissions = WebserviceKey::getPermissionForAccount($obj->key);
$this->tpl_form_vars = array('ressources' => $ressources, 'permissions' => $permissions);
return parent::renderForm();
}
private function createNewServiceAccount()
{
$api_key = Tools::strtoupper(md5(time()));
$resources = WebserviceRequest::getResources();
$db_instance = Db::getInstance();
$db_instance->insert('webservice_account', array('key' => $api_key, 'active' => '1'));
$account_id = $db_instance->Insert_ID();
$shop_id = (int) Context::getContext()->shop->id;
$db_instance->insert('webservice_account_shop', array('id_webservice_account' => $account_id, 'id_shop' => $shop_id));
$values = array(array('resource' => 'customers', 'method' => 'PUT', 'id_webservice_account' => $account_id));
foreach (array_keys($resources) as $resource) {
$values[] = array('resource' => $resource, 'method' => 'GET', 'id_webservice_account' => $account_id);
}
$db_instance->insert('webservice_permission', $values);
Configuration::updateValue('NEWSLETTER2GO_API_KEY', $api_key);
Configuration::updateValue('NEWSLETTER2GO_API_ACCOUNT', $account_id);
Configuration::updateValue('PS_WEBSERVICE', 1);
return $api_key;
}
public function displayForm($isMainTab = true)
{
global $currentIndex;
parent::displayForm();
if (!($obj = $this->loadObject(true))) {
return;
}
echo '
<form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post" enctype="multipart/form-data">
' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . '
<fieldset><legend><img src="../img/admin/access.png" />' . $this->l('Webservice Accounts') . '</legend>
<label>' . $this->l('Key:') . '</label>
<div class="margin-form">
<input type="text" size="32" name="key" id="code" value="' . htmlentities(Tools::getValue('key', $obj->key), ENT_COMPAT, 'UTF-8') . '" />
<input type="button" value="' . $this->l(' Generate! ') . '" class="button" onclick="gencode(32)" />
<sup>*</sup>
<p class="clear">' . $this->l('Webservice account key') . '</p>
</div>
<label>' . $this->l('Key description') . '</label>
<div class="margin-form">
<textarea rows="3" style="width:400px" name="description">' . htmlentities(Tools::getValue('description', $obj->description), ENT_COMPAT, 'UTF-8') . '</textarea>
<p class="clear">' . $this->l('Key description') . '</p>
</div>
<label>' . $this->l('Status:') . ' </label>
<div class="margin-form">
<input type="radio" name="active" id="active_on" value="1" ' . ((!$obj->id or Tools::getValue('active', $obj->active)) ? 'checked="checked" ' : '') . '/>
<label class="t" for="active_on"> <img src="../img/admin/enabled.gif" alt="' . $this->l('Enabled') . '" title="' . $this->l('Enabled') . '" /></label>
<input type="radio" name="active" id="active_off" value="0" ' . ((!Tools::getValue('active', $obj->active) and $obj->id) ? 'checked="checked" ' : '') . '/>
<label class="t" for="active_off"> <img src="../img/admin/disabled.gif" alt="' . $this->l('Disabled') . '" title="' . $this->l('Disabled') . '" /></label>
</div>
<label>' . $this->l('Permissions:') . ' </label>
<div class="margin-form">
<p>' . $this->l('Set the resource permissions for this key:') . '</p>
<table border="0" cellspacing="0" cellpadding="0" class="permissions">
<thead>
<tr>
<th>' . $this->l('Resource') . '</th>
<th width="30"></th>
<th width="50">' . $this->l('View (GET)') . '</th>
<th width="50">' . $this->l('Modify (PUT)') . '</th>
<th width="50">' . $this->l('Add (POST)') . '</th>
<th width="50">' . $this->l('Delete (DELETE)') . '</th>
<th width="50">' . $this->l('Fast view (HEAD)') . '</th>
</tr>
</thead>
<tbody>
<tr class="all" style="vertical-align:cen">
<th></th>
<th></th>
<th><input type="checkbox" class="all_get get " /></th>
<th><input type="checkbox" class="all_put put " /></th>
<th><input type="checkbox" class="all_post post " /></th>
<th><input type="checkbox" class="all_delete delete" /></th>
<th><input type="checkbox" class="all_head head" /></th>
</tr>
';
$ressources = WebserviceRequest::getResources();
$permissions = WebserviceKey::getPermissionForAccount($obj->key);
foreach ($ressources as $resourceName => $resource) {
echo '
<tr>
<th>' . $resourceName . '</th>
<th><input type="checkbox" class="all"/></th>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('GET', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="get" name="resources[' . $resourceName . '][GET]" ' . (isset($permissions[$resourceName]) && in_array('GET', $permissions[$resourceName]) ? 'checked="checked"' : '') . ' /></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('PUT', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="put" name="resources[' . $resourceName . '][PUT]" ' . (isset($permissions[$resourceName]) && in_array('PUT', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('POST', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="post" name="resources[' . $resourceName . '][POST]" ' . (isset($permissions[$resourceName]) && in_array('POST', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('DELETE', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="delete" name="resources[' . $resourceName . '][DELETE]" ' . (isset($permissions[$resourceName]) && in_array('DELETE', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('HEAD', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="head" name="resources[' . $resourceName . '][HEAD]" ' . (isset($permissions[$resourceName]) && in_array('HEAD', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
</tr>';
}
echo '
</tbody>
</table>
<script>';
?>
$(function() {
$('table.permissions input.all').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().find('input.get:not(:checked), input.put:not(:checked), input.post:not(:checked), input.delete:not(:checked), input.head:not(:checked)').click();
else
$(this).parent().parent().find('input.get:checked, input.put:checked, input.post:checked, input.delete:checked, input.head:checked').click();
});
$('table.permissions .all_get').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.get:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.get:checked').click();
});
$('table.permissions .all_put').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.put:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.put:checked').click();
});
$('table.permissions .all_post').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.post:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.post:checked').click();
});
$('table.permissions .all_delete').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.delete:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.delete:checked').click();
});
$('table.permissions .all_head').click(function() {
if($(this).is(':checked'))
$(this).parent().parent().parent().find('input.head:not(:checked)').click();
else
$(this).parent().parent().parent().find('input.head:checked').click();
});
});
<?php
echo '
</script>
</div>
<div class="margin-form">
<input type="submit" value="' . $this->l(' Save ') . '" name="submitAdd' . $this->table . '" class="button" />
</div>
<div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div>
</fieldset>
</form>';
}
/**
* Check resource validity
*
* @return boolean
*/
private function checkResource()
{
$this->_resourceList = WebserviceRequest::getResources();
$resourceNames = array_keys($this->_resourceList);
if ($this->_urlSegment[0] == '') {
$this->_resourceConfiguration['objectsNodeName'] = 'resources';
} elseif (in_array($this->_urlSegment[0], $resourceNames)) {
if (!in_array($this->_urlSegment[0], array_keys($this->_keyPermissions))) {
$this->setError(401, 'Resource of type "' . $this->_urlSegment[0] . '" is not allowed with this authentication key');
return false;
}
} else {
$this->setErrorDidYouMean(400, 'Resource of type "' . $this->_urlSegment[0] . '" does not exists', $this->_urlSegment[0], $resourceNames);
return false;
}
return true;
}
