public function testUserCanAccessMethod_projectPageDto_NotAMember_false()
{
$userId = self::$environ->createUser('user', 'user', '*****@*****.**', SystemRoles::USER);
$project = self::$environ->createProject('projectForTest', 'projTestCode');
$project->appName = 'sfchecks';
$project->write();
$projectId = $project->id->asString();
$project = ProjectModel::getById($projectId);
$rh = new RightsHelper($userId, $project, self::$environ->website);
$result = $rh->userCanAccessMethod('project_pageDto', array());
$this->assertFalse($result);
}
public function view(Application $app, $folder = '', $scriptName = '', $runType = 'test')
{
if (!file_exists("Api/Library/Shared/Script/{$folder}/{$scriptName}.php")) {
$app->abort(404, $this->website->base);
// this terminates PHP
} else {
$userId = (string) $app['session']->get('user_id');
if (!RightsHelper::hasSiteRight($userId, Domain::PROJECTS + Operation::DELETE)) {
$app->abort(403, 'You have insufficient privileges to run scripts');
// this terminates PHP
} else {
try {
$className = "Api\\Library\\Shared\\Script\\{$folder}\\{$scriptName}";
$script = new $className();
$this->data['scriptname'] = $className . '->run()';
$this->data['insert'] = '';
$this->data['output'] = '';
if (strtolower($folder) == 'control' and strtolower($scriptName) == 'panel') {
$this->data['insert'] .= $script->run($userId, $runType);
} else {
if ($runType != 'run') {
$this->data['output'] .= "--------------- THIS IS A TEST RUN - The database should not be modified ----------------\n\n";
}
$this->data['output'] .= $script->run($userId, $runType);
}
return $this->renderPage($app, 'textoutput');
} catch (\Exception $e) {
$app->abort(500, "Looks like there was a problem with the script {$className}");
// this terminates PHP
}
}
}
}
/**
* @param string $projectId
* @param string $textId
* @param string $userId
* @returns array - the DTO array
*/
public static function encode($projectId, $textId, $userId)
{
$user = new UserModel($userId);
$project = new SfchecksProjectModel($projectId);
$text = new TextModel($project, $textId);
$questionList = new QuestionAnswersListModel($project, $textId);
$questionList->read();
$data = array();
$data['text'] = JsonEncoder::encode($text);
$data['archivedQuestions'] = array();
foreach ($questionList->entries as $questionData) {
$question = new QuestionModel($project, $questionData['id']);
if ($question->isArchived) {
// Just want answer count, not whole list
$questionData['answerCount'] = count($questionData['answers']);
$responseCount = 0;
// "Reponses" = answers + comments
foreach ($questionData['answers'] as $a) {
$commentCount = count($a['comments']);
$responseCount += $commentCount + 1;
// +1 for this answer
}
$questionData['responseCount'] = $responseCount;
unset($questionData['answers']);
$questionData['dateModified'] = $question->dateModified->asDateTimeInterface()->format(\DateTime::RFC2822);
$data['archivedQuestions'][] = $questionData;
}
}
$data['rights'] = RightsHelper::encode($user, $project);
$data['bcs'] = BreadCrumbHelper::encode('settings', $project, $text, null);
return $data;
}
public function view(Application $app, $folder = '', $scriptName = '', $runType = 'test')
{
$this->data['controlpanel'] = false;
$this->data['runtype'] = $runType;
if (!file_exists("Api/Library/Shared/Script/{$folder}/{$scriptName}.php")) {
// show list of scripts
$this->data['scriptnames'] = $this->scriptBaseNames();
$this->data['controlpanel'] = true;
return $this->renderPage($app, 'scriptoutput');
} else {
// run script and render output
$this->data['scriptrunurl'] = "/script/{$folder}/{$scriptName}/run";
$userId = SilexSessionHelper::getUserId($app);
if (!RightsHelper::hasSiteRight($userId, Domain::PROJECTS + Operation::DELETE)) {
$app->abort(403, 'You have insufficient privileges to run scripts');
// this terminates PHP
} else {
try {
$className = "Api\\Library\\Shared\\Script\\{$folder}\\{$scriptName}";
$script = new $className();
$this->data['scriptname'] = $className . '->run()';
$this->data['output'] = '';
if ($runType != 'run') {
$this->data['scriptname'] = "[TEST RUN] " . $this->data['scriptname'];
}
$this->data['output'] .= $script->run($userId, $runType);
return $this->renderPage($app, 'scriptoutput');
} catch (\Exception $e) {
var_dump($e);
$app->abort(500, "Looks like there was a problem with the script {$className}");
// this terminates PHP
}
}
}
}
/**
* @param string $projectId
* @param string $textId
* @param string $userId
* @return array - the DTO array
* @throws ResourceNotAvailableException
*/
public static function encode($projectId, $textId, $userId)
{
$project = new SfchecksProjectModel($projectId);
$text = new TextModel($project, $textId);
$user = new UserModel($userId);
if (($project->isArchived || $text->isArchived) && $project->users[$userId]->role != ProjectRoles::MANAGER) {
throw new ResourceNotAvailableException("This Text is no longer available. If this is incorrect contact your project manager.");
}
$questionList = new QuestionAnswersListModel($project, $textId);
$questionList->read();
$data = array();
$data['rights'] = RightsHelper::encode($user, $project);
$data['entries'] = array();
$data['project'] = array('id' => $projectId, 'name' => $project->projectName, 'slug' => $project->databaseName(), 'allowAudioDownload' => $project->allowAudioDownload);
$data['text'] = JsonEncoder::encode($text);
$usxHelper = new UsxHelper($text->content);
$data['text']['content'] = $usxHelper->toHtml();
foreach ($questionList->entries as $questionData) {
$question = new QuestionModel($project, $questionData['id']);
if (!$question->isArchived) {
// Just want answer count, not whole list
$questionData['answerCount'] = count($questionData['answers']);
$responseCount = 0;
// "Reponses" = answers + comments
foreach ($questionData['answers'] as $a) {
$commentCount = count($a['comments']);
$responseCount += $commentCount + 1;
// +1 for this answer
}
$questionData['responseCount'] = $responseCount;
unset($questionData['answers']);
$questionData['dateCreated'] = $question->dateCreated->asDateTimeInterface()->format(\DateTime::RFC2822);
$data['entries'][] = $questionData;
}
}
// sort Questions with newest at the top
usort($data['entries'], function ($a, $b) {
$sortOn = 'dateCreated';
if (array_key_exists($sortOn, $a) && array_key_exists($sortOn, $b)) {
return strtotime($a[$sortOn]) < strtotime($b[$sortOn]) ? 1 : -1;
} else {
return 0;
}
});
$data['count'] = count($data['entries']);
return $data;
}
/**
* Encodes a QuestionModel and related data for $questionId
* @param string $projectId
* @param string $questionId
* @param string $userId
* @return array - The DTO.
*/
public static function encode($projectId, $questionId, $userId)
{
$user = new UserModel($userId);
$project = new SfchecksProjectModel($projectId);
$question = new QuestionModel($project, $questionId);
$textId = $question->textRef->asString();
$text = new TextModel($project, $textId);
if (($text->isArchived || $question->isArchived) && $project->users[$userId]->role != ProjectRoles::MANAGER) {
throw new ResourceNotAvailableException("This Question is no longer available. If this is incorrect contact your project manager.");
}
$usxHelper = new UsxHelper($text->content);
//echo $usxHelper->toHtml();
//echo $text->content;
$votes = new UserVoteModel($userId, $projectId, $questionId);
$votesDto = array();
foreach ($votes->votes as $vote) {
$votesDto[$vote->answerRef->id] = true;
}
$unreadAnswerModel = new UnreadAnswerModel($userId, $project->id->asString(), $questionId);
$unreadAnswers = $unreadAnswerModel->unreadItems();
$unreadAnswerModel->markAllRead();
$unreadAnswerModel->write();
$unreadCommentModel = new UnreadCommentModel($userId, $project->id->asString(), $questionId);
$unreadComments = $unreadCommentModel->unreadItems();
$unreadCommentModel->markAllRead();
$unreadCommentModel->write();
$unreadActivityModel = new UnreadActivityModel($userId, $projectId);
$unreadActivity = $unreadActivityModel->unreadItems();
$dto = array();
$dto['question'] = QuestionCommentDtoEncoder::encode($question);
$dto['votes'] = $votesDto;
$dto['text'] = JsonEncoder::encode($text);
$dto['text']['content'] = $usxHelper->toHtml();
$dto['project'] = JsonEncoder::encode($project);
$dto['project']['slug'] = $project->databaseName();
$dto['rights'] = RightsHelper::encode($user, $project);
$dto['unreadAnswers'] = $unreadAnswers;
$dto['unreadComments'] = $unreadComments;
$dto['unreadActivityCount'] = count($unreadActivity);
return $dto;
}
/**
* @param string $projectId
* @param string $userId
* @returns array - the DTO array
*/
public static function encode($projectId, $userId)
{
$userModel = new UserModel($userId);
$projectModel = new SfchecksProjectModel($projectId);
$textList = new TextListModel($projectModel);
$textList->read();
$list = $projectModel->listUsers();
$data = array();
$data['count'] = count($list->entries);
$data['entries'] = array_values($list->entries);
// re-index array
$data['project'] = ProjectSettingsDtoEncoder::encode($projectModel);
unset($data['project']['users']);
$data['archivedTexts'] = array();
foreach ($textList->entries as $entry) {
$textModel = new TextModel($projectModel, $entry['id']);
if ($textModel->isArchived) {
$questionList = $textModel->listQuestionsWithAnswers();
// Just want count of questions and responses, not whole list
$entry['questionCount'] = $questionList->count;
$responseCount = 0;
// "Responses" = answers + comments
foreach ($questionList->entries as $q) {
foreach ($q['answers'] as $a) {
$commentCount = count($a['comments']);
$responseCount += $commentCount + 1;
// +1 for this answer
}
}
$entry['responseCount'] = $responseCount;
$entry['dateModified'] = $textModel->dateModified->asDateTimeInterface()->format(\DateTime::RFC2822);
$data['archivedTexts'][] = $entry;
}
}
$data['rights'] = RightsHelper::encode($userModel, $projectModel);
$data['bcs'] = BreadCrumbHelper::encode('settings', $projectModel, null, null);
return $data;
}
/**
* @param string $projectId
* @param string $userId
* @param \libraries\shared\Website $website
* @param string $commentId
* @param string $replyId
* @throws \Exception
*/
public static function deleteReply($projectId, $userId, $website, $commentId, $replyId)
{
// if the userId is different from the author, throw if user does not have DELETE privilege
$project = new LexiconProjectModel($projectId);
$comment = new LexCommentModel($project, $commentId);
$reply = $comment->getReply($replyId);
if ($reply->authorInfo->createdByUserRef->asString() != $userId) {
// if the userId is different from the author, throw if user does not have DELETE privilege
$rh = new RightsHelper($userId, $project, $website);
if (!$rh->userHasProjectRight(Domain::COMMENTS + Operation::DELETE)) {
throw new \Exception("No permission to delete other people's comment replies!");
}
}
$comment->deleteReply($replyId);
$comment->write();
}
/**
* @param string $projectId
* @param string $userId
* @returns array - the DTO array
* @throws ResourceNotAvailableException
*/
public static function encode($projectId, $userId)
{
$user = new UserModel($userId);
$project = new SfchecksProjectModel($projectId);
if ($project->isArchived && $project->users[$userId]->role != ProjectRoles::MANAGER) {
throw new ResourceNotAvailableException("This Project is no longer available. If this is incorrect contact your project manager.");
}
$textList = new TextListModel($project);
$textList->read();
$data = array();
$data['rights'] = RightsHelper::encode($user, $project);
$data['project'] = array('name' => $project->projectName, 'id' => $projectId);
if ($project->isArchived) {
$data['project']['name'] .= " [ARCHIVED]";
}
$data['texts'] = array();
foreach ($textList->entries as $entry) {
$text = new TextModel($project, $entry['id']);
if (!$text->isArchived) {
$questionList = $text->listQuestionsWithAnswers();
// Just want count of questions and responses, not whole list
$entry['questionCount'] = 0;
$responseCount = 0;
// "Responses" = answers + comments
foreach ($questionList->entries as $q) {
$question = new QuestionModel($project, $q['id']);
if (!$question->isArchived) {
$entry['questionCount']++;
foreach ($q['answers'] as $a) {
$commentCount = count($a['comments']);
$responseCount += $commentCount + 1;
// +1 for this answer
}
}
}
$entry['responseCount'] = $responseCount;
$entry['dateCreated'] = $text->dateCreated->asDateTimeInterface()->format(\DateTime::RFC2822);
$data['texts'][] = $entry;
}
}
// sort Texts with newest at the top
usort($data['texts'], function ($a, $b) {
$sortOn = 'dateCreated';
if (array_key_exists($sortOn, $a) && array_key_exists($sortOn, $b)) {
return strtotime($a[$sortOn]) < strtotime($b[$sortOn]) ? 1 : -1;
} else {
return 0;
}
});
// future support for members
$data['members'] = array();
// unread activity count
$unreadActivity = new UnreadActivityModel($userId, $projectId);
$unreadItems = $unreadActivity->unreadItems();
$data['activityUnreadCount'] = count($unreadItems);
// unread broadcast messages
$unreadMessages = new UnreadMessageModel($userId, $projectId);
$messageIds = $unreadMessages->unreadItems();
$messages = array();
foreach ($messageIds as $messageId) {
$message = new MessageModel($project, $messageId);
$messages[] = array('id' => $message->id->asString(), 'subject' => $message->subject, 'content' => $message->content);
}
$data['broadcastMessages'] = $messages;
return $data;
}
public function checkPermissions($methodName, $params)
{
if (!self::isAnonymousMethod($methodName)) {
if (!$this->userId) {
throw new UserNotAuthenticatedException("Your session has timed out. Please login again.");
}
try {
$projectModel = ProjectModel::getById($this->projectId);
} catch (\Exception $e) {
$projectModel = null;
}
$rightsHelper = new RightsHelper($this->userId, $projectModel, $this->website);
if (!$rightsHelper->userCanAccessMethod($methodName, $params)) {
throw new UserUnauthorizedException("Insufficient privileges accessing API method '{$methodName}'");
}
}
}