Exemplo n.º 1
0
 /**
  * handler for JSON api requests
  * 
  * @return JSON
  */
 public function handle()
 {
     try {
         // init server and request first
         $server = new Zend_Json_Server();
         $server->setClass('Setup_Frontend_Json', 'Setup');
         $server->setClass('Tinebase_Frontend_Json', 'Tinebase');
         $server->setAutoHandleExceptions(false);
         $server->setAutoEmitResponse(false);
         $request = new Zend_Json_Server_Request_Http();
         Setup_Core::initFramework();
         $method = $request->getMethod();
         $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : '';
         Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method);
         $anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale');
         if (!Setup_Core::configFileExists()) {
             $anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck'));
         }
         // check json key for all methods but some exceptoins
         if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) {
             if (!Setup_Core::isRegistered(Setup_Core::USER)) {
                 Setup_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)');
                 throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
             } else {
                 Setup_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true));
                 throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
             }
         }
         $response = $server->handle($request);
     } catch (Exception $exception) {
         $response = $this->_handleException($server, $request, $exception);
     }
     echo $response;
 }
Exemplo n.º 2
0
 /**
  * create shared tag
  *
  * @return Tinebase_Model_Tag
  */
 protected function _createSharedTag()
 {
     $sharedTag = new Tinebase_Model_Tag(array('type' => Tinebase_Model_Tag::TYPE_SHARED, 'name' => 'tag::shared', 'description' => 'this is a shared tag', 'color' => '#009B31'));
     $savedSharedTag = $this->_instance->createTag($sharedTag);
     $right = new Tinebase_Model_TagRight(array('tag_id' => $savedSharedTag->getId(), 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER, 'account_id' => Setup_Core::getUser()->getId(), 'view_right' => true, 'use_right' => true));
     $this->_instance->setRights($right);
     $this->_tagIdsToDelete[] = $savedSharedTag->getId();
     $this->assertEquals($sharedTag->name, $savedSharedTag->name);
     return $savedSharedTag;
 }
Exemplo n.º 3
0
 /**
  * test get users with pref function
  *
  */
 public function testGetUsersWithPref()
 {
     $this->_instance->{Tinebase_Preference::TIMEZONE} = 'Europe/Nicosia';
     $userIds = $this->_instance->getUsersWithPref(Tinebase_Preference::TIMEZONE, 'Europe/Berlin');
     $this->assertTrue(!in_array(Setup_Core::getUser()->getId(), $userIds), 'admin user should have other timezone setting');
     $this->assertGreaterThan(4, count($userIds), 'too few users found');
     $this->_instance->{Tinebase_Preference::TIMEZONE} = 'Europe/Berlin';
 }
Exemplo n.º 4
0
 /**
  * Returns registry data of setup
  * .
  * @see Tinebase_Application_Json_Abstract
  * 
  * @return mixed array 'variable name' => 'data'
  * 
  * @todo add 'titlePostfix'    => Tinebase_Config::getInstance()->getConfig(Tinebase_Config::PAGETITLEPOSTFIX, NULL, '')->value here?
  */
 public function getRegistryData()
 {
     // anonymous registry
     $registryData = array('configExists' => Setup_Core::configFileExists(), 'version' => array('buildType' => TINE20_BUILDTYPE, 'codeName' => TINE20SETUP_CODENAME, 'packageString' => TINE20SETUP_PACKAGESTRING, 'releaseTime' => TINE20SETUP_RELEASETIME), 'authenticationData' => $this->loadAuthenticationData());
     // authenticated or non existent config
     if (!Setup_Core::configFileExists() || Setup_Core::isRegistered(Setup_Core::USER)) {
         $registryData = array_merge($registryData, $this->checkConfig());
         $registryData = array_merge($registryData, array('acceptedTermsVersion' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? Setup_Controller::getInstance()->getAcceptedTerms() : 0, 'setupChecks' => $this->envCheck(), 'configData' => $this->loadConfig(), 'emailData' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? $this->getEmailConfig() : array(), 'messengerData' => !empty($registryData['checkDB']) && $this->_controller->isInstalled('Tinebase') ? $this->getMessengerConfig() : array()));
     }
     // if setup user is logged in
     if (Setup_Core::isRegistered(Setup_Core::USER)) {
         $registryData += array('currentAccount' => Setup_Core::getUser());
     }
     return $registryData;
 }