function resource($loggedIn) { $routes = array("settings" => function ($action) { return restRequestSettings($action); }, "gallery" => function ($action) { return restRequestGallery(); }, "portfolio" => function ($action) { return restRequestPortfolio($action, $_GET["id"]); }, "account" => function ($action) { return restRequestAccount($action, $_GET["email"]); }, "invite" => function ($action) { return restRequestInvite($action, $_GET["email"]); }); $type = $_GET["type"]; $action = $_GET["action"] ?: "get"; $_GET["email"] = strtolower($_GET["email"]); $standardAction = in_array($action, array("create", "get", "update", "delete", "list")); if ($type === "security") { $resource = restRequestSecurity($action, $_POST["email"], $_POST["password"], $_POST["confirm"], $_POST["invite"]); } elseif (!$loggedIn) { $resource = restError(401); } elseif ($type === "command") { $resource = runCommand($action); } elseif (isset($routes[$type]) && $standardAction) { $resource = $routes[$type]($action); } else { $resource = restError(400); } logEvent("get-resource", $type, $action, $_GET["id"], !getProperty($resource, "error")); return $resource; }
function restRequestInvite($action, $email) { if ($action === "create") { $resource = validEmailFormat($email) ? sendAccountInvite($email) : restError(404); } elseif ($_SESSION["read-only-user"]) { $resource = array(array("to" => "*****@*****.**", "date" => date("Y-m-d"))); } else { $resource = array_values(array_map("displayDate", array_filter(array_values((array) readAccountsDb()->invites), "outstanding"))); } return $resource; }