public function export()
{
$result = parent::export();
if ($this->guid) {
$result->guid = $this->guid;
}
return $result;
}
/**
* Executes a method.
* A method is a function which you have previously exposed using expose_function.
*
* @param string $method Method, e.g. "foo.bar"
*
* @return GenericResult The result of the execution.
* @throws APIException, CallException
* @access private
*/
function execute_method($method)
{
global $API_METHODS, $CONFIG;
// method must be exposed
if (!isset($API_METHODS[$method])) {
$msg = elgg_echo('APIException:MethodCallNotImplemented', array($method));
throw new APIException($msg);
}
// function must be callable
if (!isset($API_METHODS[$method]["function"]) || !is_callable($API_METHODS[$method]["function"])) {
$msg = elgg_echo('APIException:FunctionDoesNotExist', array($method));
throw new APIException($msg);
}
// check http call method
if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) {
$msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"]));
throw new CallException($msg);
}
$parameters = get_parameters_for_method($method);
if (verify_parameters($method, $parameters) == false) {
// if verify_parameters fails, it throws exception which is not caught here
}
$serialised_parameters = serialise_parameters($method, $parameters);
// Execute function: Construct function and calling parameters
$function = $API_METHODS[$method]["function"];
$serialised_parameters = trim($serialised_parameters, ", ");
// @todo document why we cannot use call_user_func_array here
$result = eval("return {$function}({$serialised_parameters});");
// Sanity check result
// If this function returns an api result itself, just return it
if ($result instanceof GenericResult) {
return $result;
}
if ($result === false) {
$msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters));
throw new APIException($msg);
}
if ($result === NULL) {
// If no value
$msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters));
throw new APIException($msg);
}
// Otherwise assume that the call was successful and return it as a success object.
return SuccessResult::getInstance($result);
}
/**
* Executes a method.
* A method is a function which you have previously exposed using expose_function.
*
* @param string $method Method, e.g. "foo.bar"
*
* @return GenericResult The result of the execution.
* @throws APIException|CallException
* @access private
*/
function execute_method($method)
{
global $API_METHODS;
// method must be exposed
if (!isset($API_METHODS[$method])) {
$msg = elgg_echo('APIException:MethodCallNotImplemented', array($method));
throw new APIException($msg);
}
// function must be callable
$function = elgg_extract('function', $API_METHODS[$method]);
if (!$function || !is_callable($function)) {
$msg = elgg_echo('APIException:FunctionDoesNotExist', array($method));
throw new APIException($msg);
}
// check http call method
if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) {
$msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"]));
throw new CallException($msg);
}
$parameters = get_parameters_for_method($method);
// may throw exception, which is not caught here
verify_parameters($method, $parameters);
$serialised_parameters = serialise_parameters($method, $parameters);
// Execute function: Construct function and calling parameters
$serialised_parameters = trim($serialised_parameters, ", ");
// Sadly we probably can't get rid of this eval() in 2.x. Doing so would involve
// replacing serialise_parameters(), which does a bunch of weird stuff we need to
// stay BC with 2.x. There are tests for a lot of these quirks in ElggCoreWebServicesApiTest
// particularly in testSerialiseParametersCasting().
$arguments = eval("return [{$serialised_parameters}];");
if ($API_METHODS[$method]['assoc']) {
$argument = array_combine(_elgg_ws_get_parameter_names($method), $arguments);
$result = call_user_func($function, $argument);
} else {
$result = call_user_func_array($function, $arguments);
}
$result = elgg_trigger_plugin_hook('rest:output', $method, $parameters, $result);
// Sanity check result
// If this function returns an api result itself, just return it
if ($result instanceof GenericResult) {
return $result;
}
if ($result === false) {
$msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters));
throw new APIException($msg);
}
if ($result === NULL) {
// If no value
$msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters));
throw new APIException($msg);
}
// Otherwise assume that the call was successful and return it as a success object.
return SuccessResult::getInstance($result);
}
/**
* Executes a method.
* A method is a function which you have previously exposed using expose_function.
*
* @param string $method Method, e.g. "foo.bar"
*
* @return GenericResult The result of the execution.
* @throws APIException|CallException
* @access private
*/
function execute_method($method)
{
global $API_METHODS;
// method must be exposed
if (!isset($API_METHODS[$method])) {
$msg = elgg_echo('APIException:MethodCallNotImplemented', array($method));
throw new APIException($msg);
}
// function must be callable
$function = null;
if (isset($API_METHODS[$method]["function"])) {
$function = $API_METHODS[$method]["function"];
// allow array version of static callback
if (is_array($function) && isset($function[0], $function[1]) && is_string($function[0]) && is_string($function[1])) {
$function = "{$function[0]}::{$function[1]}";
}
}
if (!is_string($function) || !is_callable($function)) {
$msg = elgg_echo('APIException:FunctionDoesNotExist', array($method));
throw new APIException($msg);
}
// check http call method
if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) {
$msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"]));
throw new CallException($msg);
}
$parameters = get_parameters_for_method($method);
// may throw exception, which is not caught here
verify_parameters($method, $parameters);
$serialised_parameters = serialise_parameters($method, $parameters);
// Execute function: Construct function and calling parameters
$serialised_parameters = trim($serialised_parameters, ", ");
// @todo remove the need for eval()
$result = eval("return {$function}({$serialised_parameters});");
$result = elgg_trigger_plugin_hook('rest:output', $method, $parameters, $result);
// Sanity check result
// If this function returns an api result itself, just return it
if ($result instanceof GenericResult) {
return $result;
}
if ($result === false) {
$msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters));
throw new APIException($msg);
}
if ($result === NULL) {
// If no value
$msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters));
throw new APIException($msg);
}
// Otherwise assume that the call was successful and return it as a success object.
return SuccessResult::getInstance($result);
}
/**
* Executes a method.
* A method is a function which you have previously exposed using expose_function.
*
* @param string $method Method, e.g. "foo.bar"
* @param array $parameters Array of parameters in the format "variable" => "value", thse will be sanitised before being fed to your handler.
* @param string $token The authentication token to authorise this method call.
* @return GenericResult The result of the execution.
* @throws APIException, SecurityException
*/
function execute_method($method, array $parameters, $token = "")
{
global $METHODS, $CONFIG;
// Sanity check
$method = sanitise_string($method);
$token = sanitise_string($token);
// See if we can find the method handler
if (isset($METHODS[$method]["function"]) && is_callable($METHODS[$method]["function"])) {
// See if this is being made with the right call method
if (strcmp(get_call_method(), $METHODS[$method]["call_method"]) == 0) {
$serialised_parameters = "";
// If we have parameters then we need to sanitise the parameters.
if (isset($METHODS[$method]["parameters"]) && is_array($METHODS[$method]["parameters"])) {
foreach ($METHODS[$method]["parameters"] as $key => $value) {
if (is_array($value) && isset($value['type'])) {
// Check that the variable is present in the request
if (!isset($parameters[$key]) && (!isset($value['required']) || $value['required'] != true)) {
throw new APIException(sprintf(elgg_echo('APIException:MissingParameterInMethod'), $key, $method));
} else {
// Avoid debug error
if (isset($parameters[$key])) {
// Set variables casting to type.
switch (strtolower($value['type'])) {
case 'int':
case 'integer':
$serialised_parameters .= "," . (int) trim($parameters[$key]);
break;
case 'bool':
case 'boolean':
if (strcasecmp(trim($parameters[$key]), "false") == 0) {
$parameters[$key] = '';
}
$serialised_parameters .= "," . (bool) trim($parameters[$key]);
break;
case 'string':
$serialised_parameters .= ",'" . (string) mysql_real_escape_string(trim($parameters[$key])) . "'";
break;
case 'float':
$serialised_parameters .= "," . (double) trim($parameters[$key]);
break;
case 'array':
$array = "array(";
if (is_array($parameters[$key])) {
foreach ($parameters[$key] as $k => $v) {
$k = sanitise_string($k);
$v = sanitise_string($v);
$array .= "'{$k}'=>'{$v}',";
}
$array = trim($array, ",");
} else {
throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key));
}
$array .= ")";
$serialised_parameters .= $array;
break;
default:
throw new APIException(sprintf(elgg_echo('APIException:UnrecognisedTypeCast'), $value['type'], $key, $method));
}
}
}
} else {
throw new APIException(sprintf(elgg_echo('APIException:InvalidParameter'), $key, $method));
}
}
}
// Execute function: Construct function and calling parameters
$function = $METHODS[$method]["function"];
$serialised_parameters = trim($serialised_parameters, ", ");
$result = eval("return {$function}({$serialised_parameters});");
// Sanity check result
if ($result instanceof GenericResult) {
// If this function returns an api result itself, just return it
return $result;
}
if ($result === FALSE) {
throw new APIException(sprintf(elgg_echo('APIException:FunctionParseError'), $function, $serialised_parameters));
}
if ($result === NULL) {
throw new APIException(sprintf(elgg_echo('APIException:FunctionNoReturn'), $function, $serialised_parameters));
}
// If no value
return SuccessResult::getInstance($result);
// Otherwise assume that the call was successful and return it as a success object.
} else {
throw new CallException(sprintf(elgg_echo('CallException:InvalidCallMethod'), $method, $METHODS[$method]["call_method"]));
}
}
// Return an error if not found
throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method));
}
