protected function body() { $inputs = array('lecture' => 'isIndex', 'text' => 'isNotEmpty', 'type' => array('isEnum' => array('text', 'choice', 'multi'))); if (!$this->isInputValid($inputs)) { return false; } $lectureId = $this->getParams('lecture'); $text = $this->getParams('text'); $type = $this->getParams('type'); $id = $this->getParams('id'); $isIdSet = $id !== null && $id !== ''; $options = $this->getParams('options') . ''; $attachments = $this->getParams('attachments') . ''; if (!$this->checkTestGenerationPrivileges($lectureId)) { return $this->death(StringID::InsufficientPrivileges); } $visibleAttachments = CommonQueries::GetAttachmentsVisibleToActiveUser(); $attTmp = $attachments ? explode(';', $attachments) : array(); foreach ($visibleAttachments as $va) { $aId = $va->getId(); $index = array_search($aId, $attTmp); if ($index !== false) { array_splice($attTmp, $index, 1); if ($va->getLecture()->getId() != $lectureId) { return $this->death(StringID::AttachmentBelongsToAnotherLecture); } } } if (count($attTmp)) { return $this->stop(ErrorCause::invalidInput('Following attachment IDs are invalid or inaccessible: ' . implode(', ', $attTmp) . '.', 'attachments')); } /** @var \Question $question */ $question = null; if (!$isIdSet) { $question = new \Question(); } else { $question = Repositories::findEntity(Repositories::Question, $id); if ($question->getLecture()->getId() != $lectureId) { // This must be a weak comparison, because lectureId comes from user and is text. return $this->death(StringID::HackerError); } } $question->setAttachments($attachments); /** @var \Lecture $lecture */ $lecture = Repositories::findEntity(Repositories::Lecture, $lectureId); $question->setLecture($lecture); $question->setOptions($options); $question->setText($text); $question->setType($type); Repositories::persistAndFlush($question); return true; }
protected function body() { $questions = $this->getParams('questions'); if ($questions === null || $questions === '') { return $this->death(StringID::ChooseAtLeastOneQuestion); // Put this in front to have a more specific, comprehensible error message } $inputs = array('description' => 'isNotEmpty', 'count' => 'isNonNegativeInt', 'questions' => 'isNotEmpty'); if (!$this->isInputValid($inputs)) { return false; } $description = $this->getParams('description'); $count = $this->getParams('count'); $questions = $this->getParams('questions'); $questionsArray = explode(',', $questions); $visibleQuestions = CommonQueries::GetQuestionsVisibleToActiveUser(); /** * @var $lecture \Lecture */ $lecture = null; foreach ($visibleQuestions as $vq) { $qId = $vq->getId(); $index = array_search($qId, $questionsArray); if ($index !== false) { array_splice($questionsArray, $index, 1); if ($lecture === null) { $lecture = $vq->getLecture(); } elseif ($lecture->getId() !== $vq->getLecture()->getId()) { return $this->death(StringID::TestCannotContainQuestionsOfDifferentLectures); } } } if (count($questionsArray)) { return $this->stop(ErrorCause::invalidInput('Following question IDs are invalid or inaccessible: ' . implode(', ', $questionsArray) . '.', 'questions')); } if ($lecture === null) { return $this->death(StringID::ChooseAtLeastOneQuestion); } if (!$this->checkTestGenerationPrivileges($lecture->getId())) { return $this->death(StringID::InsufficientPrivileges); } $randomized = $this->generateTest($questions, $count); $xtest = new \Xtest(); $xtest->setDescription($description); $xtest->setCount($count); $xtest->setLecture($lecture); $xtest->setTemplate($questions); $xtest->setGenerated(implode(',', $randomized)); Repositories::persistAndFlush($xtest); return true; }
/** * Checks whether required handler arguments are set and fit supplied constraints [stopping]. * @param array $fields associative array of fields and their validation filters * @code * array( * '<argument name>' => array(\<FILTER\>, ...), * [...] * ) * @endcode * where \<FILTER\> is either filter name string (must be accepted by Validator::validate() * as second argument) or array key-value pair with filter name as key and * filter options array as value, e.g.: * @code * array( * 'id' => array('isId'), * 'name' => array( * 'isAlphaNumeric', * 'hasLength' => array( * 'min_length' => 5, * 'max_length' => 15, * ), * ), * ) * @endcode * @return bool true if arguments for all supplied keys are set and valid to supplied constraints * @see isInputSet() * @see Validator */ protected final function isInputValid($fields) { if (!$this->isInputSet(array_keys($fields))) { return false; } foreach ($fields as $name => $filters) { if ($filters === null) { continue; } if (!is_array($filters)) { $filters = array($filters => array()); } foreach ($filters as $filter => $options) { if (is_int($filter)) { $filter = $options; $options = array(); } $details = Validator::validate($this->getParams($name), $filter, $options); if ($details) { if ($details === true) { return $this->stop(ErrorCode::inputInvalid, null, "key: '{$name}'"); } else { return $this->stop(ErrorCause::invalidInput($details, $name)); } } } } return true; }