/**
* Get group information, create the group if it doesn't exist
* GET /api/customData/:groupId
*
* returns:
* {
* Status: OK/failed,
* data: {
* id: x,
* fields: [
* "field1",
* "field2"
* ]
* }
* }
*/
public function get($params)
{
$this->requireAuthentication();
// Get group id, if none given, default to current group
$groupId = isset($params['url'][2]) ? (int) $params['url'][2] : $this->user['area'];
$groupAccessor = new \TMT\accessor\CustomGroupData();
$areaAccessor = new \TMT\accessor\AreaAccessor();
if (!$areaAccessor->checkAreaRights($this->user['netId'], $groupId)) {
$this->error("You do not have rights to this group");
return;
}
try {
$group = $groupAccessor->get($groupId);
} catch (\TMT\exception\CustomGroupDataException $e) {
if ($e->getCode() === 2) {
// Group does not exist
try {
$groupAccessor->create(array(), $groupId);
$group = $groupAccessor->get($groupId);
} catch (\TMT\exception\CustomGroupDataException $e2) {
$this->error($e2->getMessage());
return;
}
} else {
$this->error($e->getMessage());
return;
}
}
$this->respond($group);
}
/**
* Populates this class' session array with the following variables
* netId
* area
*
* If the user is not authenticated, this function does nothing
*/
protected function getUserInfo()
{
// If the user is not authenticated, don't try to retrieve netId or area
if (!$this->authenticated) {
return;
}
// Pull information from CAS or LDAP, whichever way the user is authenticated
if (isset($_SESSION['ldap'])) {
$this->user['netId'] = $_SESSION['user'];
} else {
if (\phpCAS::checkAuthentication()) {
$this->user['netId'] = \phpCAS::getUser();
} else {
// This should never happen because they would somehow have authenticated set to true
// and not be logged in to CAS or LDAP
$this->user['netId'] = null;
}
}
// In case a problem occurred and netId was not set, don't try to get area
if ($this->user['netId'] == null) {
return;
}
// Pull area
$areaAcc = new \TMT\accessor\AreaAccessor();
$employeeAcc = new \TMT\accessor\Employee();
$employee = $employeeAcc->get($this->user['netId']);
if (isset($_COOKIE['area'])) {
if ($areaAcc->checkAreaRights($this->user['netId'], $_COOKIE['area'])) {
$this->user['area'] = $_COOKIE['area'];
} else {
// The cookie was changed to an area the user does not have rights to
// So unset the cookie and change to default area
unset($_COOKIE['area']);
setcookie("area", "", time() - 3600, '/');
$this->user['area'] = $employee->area;
}
} else {
// Cookie not set, use default area
$this->user['area'] = $employee->area;
}
$area = $areaAcc->get($this->user['area']);
$this->user['guid'] = $employee->guid;
$this->user['areaGuid'] = $area->guid;
}
/**
* Removes a user from a group
* This should be used in conjunction with
* revoking a user's access to an area, it
* will remove all data for this user for
* this group.
*
* NOTE: This will delete the embedded document
* for the given user that holds the group
* information, but if the api is called to
* get the same user with the same group,
* it will be recreated with empty data,
* unless the user's rights to the group
* have been revoked.
*
* DELETE /api/userGroupData/:netId/:group
*
* returns:
* {
* status: OK,
* data: success
* }
*/
public function delete($params)
{
$this->requireAuthentication();
$this->forcePermission("update", "1450ff35-82a7-45ed-adcf-ffa254ebafa2");
$userAccessor = new \TMT\accessor\UserGroupData();
$areaAccessor = new \TMT\accessor\AreaAccessor();
$netId = isset($params['url'][2]) ? $params['url'][2] : null;
$group = isset($params['url'][3]) ? (int) $params['url'][3] : null;
if ($netId == null || $group == null) {
$this->error("Invalid netId or group");
return;
}
// Ensure both user and employee have rights to access the group
if (!$areaAccessor->checkAreaRights($this->user['netId'], $group)) {
$this->error("You do not have rights to access this employee's data");
return;
}
$userAccessor->removeGroup($netId, $group);
$this->respond("success");
}
