/** * @inheritdoc */ public function exec(Server $server, ConnectionInterface $db, CacheInterface $cache) { $userFactory = new UserFactory($db, $cache); $user = $userFactory->load($_REQUEST['user']); $response = new OperationResponse(); if (!$user) { $response->setStatus(400); $response->setBody(array('error' => 'Argument "user" is referring to a user that does not exist')); } elseif ($this->user->isEqual($user)) { $response->setStatus(400); $response->setBody(array('error' => 'A user can not change admin privileges for its own user account')); } else { $userFactory->setAdminPrivileges($user, $_REQUEST['admin'] == '1'); $response->setStatus(204); } return $response; }
/** * @param array $path * @param \Rocker\Server $server * @return OperationResponse */ public function dispatchRequest(array $path, Server $server) { $op = $this->loadOperation($path); $method = $this->server->request()->getMethod(); // Could not resolve any operation, return 404 if ($op === null) { $response = new OperationResponse(404); $response->setBody(array('error' => 'Operation not found')); return $response; } $op->setRequest($server->request()); $isAuthenticated = $this->authenticate($op, $server); // Handle OPTIONS request if ($method == 'OPTIONS') { $response = new OperationResponse(); // Add allowed request data $requestHeaders = $server->request()->headers('Access-Control-Request-Headers', false); $allowedHeaders = 'Authorization, Content-Type, Content-Length' . ($requestHeaders ? ', ' . $requestHeaders : ''); $response->addHeader('Access-Control-Allow-Headers', ucwords($allowedHeaders)); $response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods())); return $response; } // Wrong method! if (!in_array($method, $op->allowedMethods())) { $response = new OperationResponse(405); $response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods())); $response->setBody(array('error' => 'Wrong request method, only ' . implode(', ', $op->allowedMethods()) . ' is allowed')); } elseif ($op->requiresAuth() && !$isAuthenticated) { $response = new OperationResponse(401); $with = $server->request()->headers('HTTP_X_REQUESTED_WITH'); if (!$with) { $with = $server->request()->headers('X_REQUESTED_WITH'); } if (!$with || strtolower($with) != 'xmlhttprequest') { $authConfig = $this->server->config('application.auth'); $response->setHeaders(array('WWW-Authenticate' => $authConfig['mechanism'])); } $response->addHeader('Access-Control-Allow-Methods', implode(',', $op->allowedMethods())); } elseif ($missingArgs = $this->findMissingArgs($method, $op)) { $response = new OperationResponse(400); $response->setBody(array('error' => 'One or more required arguments is missing (' . implode(', ', $missingArgs) . ')')); } else { $response = $op->exec($this->server, $this->db, $this->cache); } return $response; }
/** * @param \Rocker\Object\ObjectInterface $obj * @param \Rocker\Object\AbstractObjectFactory $factory * @param OperationResponse $response * @param ConnectionInterface $db * @param CacheInterface $cache * @param \Rocker\Server $server */ protected function updateObject($obj, $factory, $response, $db, $cache, $server) { if (isset($_REQUEST['name'])) { $obj->setName($_REQUEST['name']); } if (isset($_REQUEST['meta']) && is_array($_REQUEST['meta'])) { $result = $this->addMetaFromRequestToObject($obj); if ($result !== null) { // Something not okay with the meta values $response->setStatus($result[0]); $response->setBody($result[1]); return; } } try { $factory->update($obj); $response->setBody($this->objectToArray($obj, $server, $db, $cache)); } catch (DuplicationException $e) { $response->setStatus(409); $response->setBody(array('error' => $e->getMessage())); } }