public static function handleEditRequest()
{
$GLOBALS['Session']->requireAuthentication();
$User = static::_getRequestedUser();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_SERVER['CONTENT_TYPE'] == 'application/json') {
$requestData = JSON::getRequestData();
} else {
$requestData = $_REQUEST;
}
if (!$GLOBALS['Session']->hasAccountLevel('Administrator')) {
$profileChanges = array_intersect_key($requestData, array_flip(static::$profileFields));
} else {
$profileChanges = $requestData;
}
$User->setFields($profileChanges);
if (static::$onBeforeProfileValidated) {
call_user_func(static::$onBeforeProfileValidated, $User, $profileChanges, $requestData);
}
// validate
if ($User->validate()) {
if (static::$onBeforeProfileSaved) {
call_user_func(static::$onBeforeProfileSaved, $User, $profileChanges, $requestData);
}
// save session
$User->save();
if (static::$onProfileSaved) {
call_user_func(static::$onProfileSaved, $User, $profileChanges, $requestData);
}
// fire created response
return static::respond('profileSaved', array('success' => true, 'data' => $User));
}
// fall through back to form if validation failed
}
return static::respond('profileEdit', array('data' => $User));
}
public static function handleMultiAssignRequest()
{
if (static::$accountLevelAssign) {
$GLOBALS['Session']->requireAccountLevel(static::$accountLevelAssign);
}
if (static::$responseMode == 'json' && in_array($_SERVER['REQUEST_METHOD'], array('POST', 'PUT'))) {
$_REQUEST = JSON::getRequestData();
}
if (empty($_REQUEST['data']) || !is_array($_REQUEST['data'])) {
return static::throwInvalidRequestError('Assign expects "data" field as array of assignments');
}
$className = static::$recordClass;
$results = array();
foreach ($_REQUEST['data'] as $datum) {
if (!($Tag = $className::getByID($datum['TagID']))) {
return static::throwNotFoundError();
}
$TagItem = $Tag->assignItem($datum['ContextClass'], $datum['ContextID']);
if ($TagItem->isNew) {
$results[] = $TagItem;
}
}
return static::respond($className::$pluralNoun . 'Saved', array('success' => true, 'data' => $results));
}
public static function handleMultiDestroyRequest()
{
if (0 === strpos($_SERVER['CONTENT_TYPE'], 'application/json')) {
$_REQUEST = JSON::getRequestData();
}
if (empty($_REQUEST['data']) || !is_array($_REQUEST['data'])) {
return static::throwInvalidRequestError('Handler expects "data" field as array');
}
$className = static::$recordClass;
$results = [];
$failed = [];
foreach ($_REQUEST['data'] as $datum) {
// get record
if (is_numeric($datum)) {
$recordID = $datum;
} elseif (!empty($datum['ID']) && is_numeric($datum['ID'])) {
$recordID = $datum['ID'];
} else {
$failed[] = ['record' => $datum, 'errors' => 'ID missing'];
continue;
}
if (!($Record = $className::getByID($recordID))) {
$failed[] = ['record' => $datum, 'errors' => 'ID not found'];
continue;
}
// check write access
if (!static::checkWriteAccess($Record)) {
$failed[] = ['record' => $datum, 'errors' => 'Write access denied'];
continue;
}
// destroy record
if ($Record->destroy()) {
$results[] = $Record;
}
}
return static::respond(static::getTemplateName($className::$pluralNoun) . 'Destroyed', ['success' => count($results) || !count($failed), 'data' => $results, 'failed' => $failed]);
}
public static function getRequestData()
{
if (0 === strpos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded')) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
return $_POST;
} else {
$data = array();
parse_str(file_get_contents('php://input'), $data);
return $data;
}
} elseif (0 === strpos($_SERVER['CONTENT_TYPE'], 'application/json')) {
return JSON::getRequestData();
} else {
throw new Exception('Incoming content type must be application/json or application/x-www-form-urlencoded');
}
}
<?php
$GLOBALS['Session']->requireAccountLevel('Developer');
$requestData = JSON::getRequestData();
if (!is_array($requestData['nodes'])) {
JSON::error('Expecting array under nodes key');
}
// TODO: something more elegant to prevent non-specified classes from being inherited?
Site::$autoPull = true;
$succeeded = array();
$failed = array();
foreach ($requestData['nodes'] as $updateData) {
$Node = Site::resolvePath($updateData['path']);
if ($Node->Collection->Site == 'Local') {
$failed[] = array('path' => $updateData['path'], 'error' => 'CURRENT_IS_LOCAL', 'message' => 'Current node is local and blocks any remote updates');
continue;
}
if ($Node->SHA1 != $updateData['localSHA1']) {
$failed[] = array('path' => $updateData['path'], 'error' => 'LOCAL_SHA1_MISMATCH', 'message' => 'Current node\'s SHA1 hash does not match that which this update was requested for');
continue;
}
if (empty($updateData['remoteSHA1'])) {
$Node->delete();
} else {
$NewNode = Emergence::resolveFileFromParent($Node->Collection, $Node->Handle, true);
if (!$NewNode) {
$failed[] = array('path' => $updateData['path'], 'error' => 'DOWNLOAD_FAILED', 'message' => 'The remote file failed to download');
continue;
}
if ($NewNode->SHA1 != $updateData['remoteSHA1']) {
$NewNode->destroyRecord();
public static function handleStageMultiRequest()
{
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return static::throwInvalidRequestError('Request must be POST');
}
if (0 === strpos($_SERVER['CONTENT_TYPE'], 'application/json')) {
$_REQUEST = \JSON::getRequestData();
}
try {
$layer = static::$_currentRepo;
} catch (Exception $e) {
return static::throwInvalidRequestError($e->getMessage());
}
static::$responseMode = 'json';
$command = 'add';
$success = true;
if (is_array($_REQUEST['Files'])) {
foreach ($_REQUEST['Files'] as $file) {
$file = escapeshellcmd($file);
$args = [$file];
try {
$output = $layer->getGitWrapper()->run($command, $args);
$operations[] = ['success' => true, 'output' => $output, 'command' => $command, 'args' => $args];
} catch (Exception $e) {
$success = false;
$operations[] = ['success' => false, 'output' => $output, 'command' => $command, 'args' => $args, 'error' => $e->getMessage()];
}
}
}
return static::respond('stage-multi', ['success' => $success, 'operations' => $operations]);
}
