private function getParam($param)
{
$param_value = \LockerRequest::getParam($param);
$value = json_decode($param_value, true);
if ($value === null && $param_value === null) {
throw new Exceptions\Exception("Expected `{$param}` to be defined as a URL parameter.");
} else {
if ($value === null) {
throw new Exceptions\Exception("Expected the value of `{$param}` to be valid JSON in the URL parameter.");
}
}
return $value;
}
/**
* Updates (PUTs) Statement with the given id.
* @param [String => mixed] $options
* @return Response
*/
public function update($options)
{
$this->createStatements($options, function ($statements) {
$statement_id = \LockerRequest::getParam(StatementController::STATEMENT_ID);
// Returns a error if identifier is not present.
if (!$statement_id) {
throw new Exceptions\Exception('A statement ID is required to PUT.');
}
// Adds the ID to the statement.
$statements[0]->id = $statement_id;
return $statements;
});
return IlluminateResponse::make('', 204, $this->getCORSHeaders());
}
/**
* Handles routing to single and multiple document delete requests
*
* @param int $id
* @return Response
*/
public function destroy()
{
// Runs filters.
if ($result = $this->checkVersion()) {
return $result;
}
$singleDelete = \LockerRequest::hasParam($this->identifier);
if ($singleDelete) {
$data = $this->getShowData();
} else {
$data = $this->getIndexData();
}
return $this->completeDelete($data, $singleDelete);
}
protected function validatedParam($type, $param, $default = null)
{
$paramValue = \LockerRequest::getParam($param, $default);
$value = $this->decodeValue($paramValue);
if (isset($value)) {
$this->validateValue($param, $value, $type);
}
return $value;
}
/**
* Gets the username and password from the authorization string.
* @return [String] Formed of [Username, Password]
*/
static function getUserPassFromAuth()
{
$authorization = \LockerRequest::header('Authorization');
if ($authorization !== null && strpos($authorization, 'Basic') === 0) {
list($username, $password) = Helpers::getUserPassFromBAuth($authorization);
} else {
if ($authorization !== null && strpos($authorization, 'Bearer') === 0) {
list($username, $password) = Helpers::getUserPassFromOAuth($authorization);
} else {
throw new Exceptions\Exception('Invalid auth', 400);
}
}
return [$username, $password];
}
/**
* Checks and gets the updated header.
* @return String The updated timestamp ISO 8601 formatted.
*/
public function getUpdatedValue()
{
$updated = \LockerRequest::header('Updated');
// Checks the updated parameter.
if (!empty($updated)) {
if (!$this->validateTimestamp($updated)) {
\App::abort(400, sprintf("`%s` is not an valid ISO 8601 formatted timestamp", $updated));
}
} else {
$updated = Carbon::now()->toISO8601String();
}
return $updated;
}
/**
* Grab site stats
* @return Response
**/
public function getGraphData()
{
$startDate = \LockerRequest::getParam('graphStartDate');
$endDate = \LockerRequest::getParam('graphEndDate');
$startDate = !$startDate ? null : new \Carbon\Carbon($startDate);
$endDate = !$endDate ? null : new \Carbon\Carbon($endDate);
$admin_dashboard = new \app\locker\data\dashboards\AdminDashboard();
$graph_data = $admin_dashboard->getGraphData($startDate, $endDate);
return Response::json($graph_data);
}
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
$token = Request::ajax() ? LockerRequest::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() !== $token) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/**
* Checks params to comply with requirements.
* https://github.com/adlnet/xAPI-Spec/blob/master/xAPI.md#723-getstatements
**/
private function validateIds()
{
// Attempts to get IDs from the params.
$statementId = \LockerRequest::getParam(self::STATEMENT_ID);
$voidedId = \LockerRequest::getParam(self::VOIDED_ID);
// Returns an error if both `statementId` and `voidedId` are set.
if ($statementId && $voidedId) {
throw new Exceptions\Exception('You can\'t request based on both`' . self::STATEMENT_ID . '` and `' . self::VOIDED_ID . '`');
} else {
if ($statementId || $voidedId) {
$allowedParams = ['content', self::STATEMENT_ID, self::VOIDED_ID, 'attachments', 'format'];
// Returns an error if a $key is not an allowed param.
foreach ($this->params as $key => $value) {
if (!in_array($key, $allowedParams)) {
throw new Exceptions\Exception('When using `' . self::STATEMENT_ID . '` or `' . self::VOIDED_ID . '`, the only other parameters allowed are `attachments` and/or `format`.');
}
}
}
}
}
