diff --git a/restapi/index.php b/restapi/index.php index d20795e33..4a6bf11f2 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -25,24 +25,21 @@ use Psr\Http\Server\MiddlewareInterface; use DI\ContainerBuilder; use Slim\Factory\AppFactory; -final class JsonRenderer -{ +final class JsonRenderer { /* {{{ */ public function json( ResponseInterface $response, array $data = null ): ResponseInterface { $response = $response->withHeader('Content-Type', 'application/json'); - - $response->getBody()->write( - (string)json_encode( - $data, - JSON_UNESCAPED_SLASHES | JSON_PARTIAL_OUTPUT_ON_ERROR - ) - ); - + $response->getBody()->write( + (string)json_encode( + $data, + JSON_UNESCAPED_SLASHES | JSON_PARTIAL_OUTPUT_ON_ERROR + ) + ); return $response; } -} +} /* }}} */ final class SeedDMS_RestapiController { /* {{{ */ protected $container; @@ -1730,12 +1727,9 @@ final class SeedDMS_RestapiController { /* {{{ */ $dms = $this->container->get('dms'); $userobj = $this->container->get('userobj'); - if(!$userobj) { - return $this->renderer->json($response, array('success'=>false, 'message'=>'Not logged in', 'data'=>''))->withStatus(403); - } - if(!$userobj->isAdmin()) { - return $this->renderer->json($response, array('success'=>false, 'message'=>'No access on document', 'data'=>''))->withStatus(403); - } + $check = $this->checkIfAdmin($request, $response); + if ($check !== true) + return $check; if(!ctype_digit($args['id']) || $args['id'] == 0) { return $this->renderer->json($response, array('success'=>false, 'message'=>'No document given', 'data'=>''))->withStatus(400); @@ -2106,8 +2100,8 @@ final class SeedDMS_RestapiController { /* {{{ */ function checkIfAdmin($request, $response) { /* {{{ */ $dms = $this->container->get('dms'); - if(!$this->container->has('userobj')) - echo "no user object"; +// if(!$this->container->has('userobj')) +// echo "no user object"; if(!$this->container->has('userobj') || !($userobj = $this->container->get('userobj'))) { return $this->renderer->json($response, ['success'=>false, 'message'=>'Not logged in', 'data'=>''])->withStatus(403); @@ -2245,7 +2239,7 @@ final class SeedDMS_RestapiController { /* {{{ */ return $check; $params = $request->getParsedBody(); - if ($params['quota'] == null) { + if ($params['quota'] == null || !ctype_digit($params['quota'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'You must supply a new quota', 'data'=>''))->withStatus(400); } @@ -2434,6 +2428,7 @@ final class SeedDMS_RestapiController { /* {{{ */ $check = $this->checkIfAdmin($request, $response); if($check !== true) return $check; + if(ctype_digit($args['id'])) $group = $dms->getGroup($args['id']); else { @@ -2456,21 +2451,21 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; - if(ctype_digit($args['id'])) + if (ctype_digit($args['id'])) $group = $dms->getGroup($args['id']); else { $group = $dms->getGroupByName($args['id']); } - $params = $request->getParsedBody(); + $params = $request->getParsedBody(); if (empty($params['userid'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Missing userid', 'data'=>''))->withStatus(400); } $userId = $params['userid']; - if(ctype_digit($userId)) + if (ctype_digit($userId)) $user = $dms->getUser($userId); else { $user = $dms->getUserByLogin($userId); @@ -2482,20 +2477,16 @@ final class SeedDMS_RestapiController { /* {{{ */ $operationResult = false; - if ($operationType == 'add') - { + if ($operationType == 'add') { $operationResult = $group->addUser($user); } - if ($operationType == 'remove') - { + if ($operationType == 'remove') { $operationResult = $group->removeUser($user); } - if ($operationResult === false) - { + if ($operationResult === false) { $message = 'Could not add user to the group.'; - if ($operationType == 'remove') - { + if ($operationType == 'remove') { $message = 'Could not remove user from group.'; } return $this->renderer->json($response, array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''))->withStatus(500); @@ -2522,8 +2513,9 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; + $params = $request->getParsedBody(); if (!isset($params['enable'])) { @@ -2560,12 +2552,9 @@ final class SeedDMS_RestapiController { /* {{{ */ $dms = $this->container->get('dms'); $userobj = $this->container->get('userobj'); - if(!$userobj) { - return $this->renderer->json($response, array('success'=>false, 'message'=>'Not logged in', 'data'=>''))->withStatus(403); - } - if(!$userobj->isAdmin()) { - return $this->renderer->json($response, array('success'=>false, 'message'=>'No access on folder', 'data'=>''))->withStatus(403); - } + $check = $this->checkIfAdmin($request, $response); + if ($check !== true) + return $check; if(!ctype_digit($args['id']) || $args['id'] == 0) { return $this->renderer->json($response, array('success'=>false, 'message'=>'No folder given', 'data'=>''))->withStatus(400); @@ -2631,51 +2620,40 @@ final class SeedDMS_RestapiController { /* {{{ */ $params = $request->getParsedBody(); $userOrGroupIdInput = $params['id']; - if ($operationType == 'add') - { - if ($params['id'] == null) - { + if ($operationType == 'add') { + if ($params['id'] == null) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Please PUT the user or group Id', 'data'=>''))->withStatus(400); } - if ($params['mode'] == null) - { + if ($params['mode'] == null) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Please PUT the access mode', 'data'=>''))->withStatus(400); } $modeInput = $params['mode']; $mode = M_NONE; - if ($modeInput == 'read') - { + if ($modeInput == 'read') { $mode = M_READ; } - if ($modeInput == 'readwrite') - { + if ($modeInput == 'readwrite') { $mode = M_READWRITE; } - if ($modeInput == 'all') - { + if ($modeInput == 'all') { $mode = M_ALL; } } - $userOrGroupId = $userOrGroupIdInput; - if(!ctype_digit($userOrGroupIdInput) && $userOrGroup == 'user') - { + if (!ctype_digit($userOrGroupIdInput) && $userOrGroup == 'user') { $userOrGroupObj = $dms->getUserByLogin($userOrGroupIdInput); } - if(!ctype_digit($userOrGroupIdInput) && $userOrGroup == 'group') - { + if (!ctype_digit($userOrGroupIdInput) && $userOrGroup == 'group') { $userOrGroupObj = $dms->getGroupByName($userOrGroupIdInput); } - if(ctype_digit($userOrGroupIdInput) && $userOrGroup == 'user') - { + if (ctype_digit($userOrGroupIdInput) && $userOrGroup == 'user') { $userOrGroupObj = $dms->getUser($userOrGroupIdInput); } - if(ctype_digit($userOrGroupIdInput) && $userOrGroup == 'group') - { + if (ctype_digit($userOrGroupIdInput) && $userOrGroup == 'group') { $userOrGroupObj = $dms->getGroup($userOrGroupIdInput); } if (!$userOrGroupObj) { @@ -2685,29 +2663,23 @@ final class SeedDMS_RestapiController { /* {{{ */ $operationResult = false; - if ($operationType == 'add' && $userOrGroup == 'user') - { + if ($operationType == 'add' && $userOrGroup == 'user') { $operationResult = $folder->addAccess($mode, $userOrGroupId, true); } - if ($operationType == 'remove' && $userOrGroup == 'user') - { + if ($operationType == 'remove' && $userOrGroup == 'user') { $operationResult = $folder->removeAccess($userOrGroupId, true); } - if ($operationType == 'add' && $userOrGroup == 'group') - { + if ($operationType == 'add' && $userOrGroup == 'group') { $operationResult = $folder->addAccess($mode, $userOrGroupId, false); } - if ($operationType == 'remove' && $userOrGroup == 'group') - { + if ($operationType == 'remove' && $userOrGroup == 'group') { $operationResult = $folder->removeAccess($userOrGroupId, false); } - if ($operationResult === false) - { + if ($operationResult === false) { $message = 'Could not add user/group access to this folder.'; - if ($operationType == 'remove') - { + if ($operationType == 'remove') { $message = 'Could not remove user/group access from this folder.'; } return $this->renderer->json($response, array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''))->withStatus(500); @@ -2721,11 +2693,12 @@ final class SeedDMS_RestapiController { /* {{{ */ $dms = $this->container->get('dms'); $userobj = $this->container->get('userobj'); - if(false === ($categories = $dms->getDocumentCategories())) { + if (false === ($categories = $dms->getDocumentCategories())) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Could not get categories', 'data'=>null))->withStatus(500); } + $data = []; - foreach($categories as $category) + foreach ($categories as $category) $data[] = $this->__getCategoryData($category); return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>$data))->withStatus(200); @@ -2735,12 +2708,12 @@ final class SeedDMS_RestapiController { /* {{{ */ $dms = $this->container->get('dms'); $userobj = $this->container->get('userobj'); - if(!ctype_digit($args['id'])) { + if (!ctype_digit($args['id'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''))->withStatus(400); } $category = $dms->getDocumentCategory($args['id']); - if($category) { + if ($category) { return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>$this->__getCategoryData($category)))->withStatus(200); } else { return $this->renderer->json($response, array('success'=>false, 'message'=>'No such category', 'data'=>''))->withStatus(404); @@ -2753,7 +2726,7 @@ final class SeedDMS_RestapiController { /* {{{ */ $logger = $this->container->get('logger'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; $params = $request->getParsedBody(); @@ -2762,7 +2735,7 @@ final class SeedDMS_RestapiController { /* {{{ */ } $catobj = $dms->getDocumentCategoryByName($params['name']); - if($catobj) { + if ($catobj) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Category already exists', 'data'=>''))->withStatus(409); } else { if($data = $dms->addDocumentCategory($params['name'])) { @@ -2779,11 +2752,11 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; - if($category = $dms->getDocumentCategory($args['id'])) { - if($result = $category->remove()) { + if ($category = $dms->getDocumentCategory($args['id'])) { + if ($result = $category->remove()) { return $this->renderer->json($response, array('success'=>$result, 'message'=>'', 'data'=>''))->withStatus(200); } else { return $this->renderer->json($response, array('success'=>$result, 'message'=>'Could not delete category', 'data'=>''))->withStatus(500); @@ -2803,16 +2776,15 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; - if(!ctype_digit($args['id'])) { + if (!ctype_digit($args['id'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''))->withStatus(400); } $params = $request->getParsedBody(); - if (empty($params['name'])) - { + if (empty($params['name'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'You must supply a new name', 'data'=>''))->withStatus(400); } @@ -2840,7 +2812,7 @@ final class SeedDMS_RestapiController { /* {{{ */ $attrdefs = $dms->getAllAttributeDefinitions(); $data = []; - foreach($attrdefs as $attrdef) + foreach ($attrdefs as $attrdef) $data[] = $this->__getAttributeDefinitionData($attrdef); return $this->renderer->json($response, array('success'=>true, 'message'=>'', 'data'=>$data))->withStatus(200); @@ -2856,10 +2828,10 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; - if(!ctype_digit($args['id'])) { + if (!ctype_digit($args['id'])) { return $this->renderer->json($response, array('success'=>false, 'message'=>'Invalid parameter', 'data'=>''))->withStatus(400); } @@ -2892,12 +2864,12 @@ final class SeedDMS_RestapiController { /* {{{ */ $userobj = $this->container->get('userobj'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; - if(ctype_digit($args['id'])) + if (ctype_digit($args['id'])) { $folder = $dms->getFolder($args['id']); - else { + } else { $folder = $dms->getFolderByName($args['id']); } if (!$folder) { @@ -2912,11 +2884,11 @@ final class SeedDMS_RestapiController { /* {{{ */ function getStatsTotal($request, $response) { /* {{{ */ $dms = $this->container->get('dms'); $check = $this->checkIfAdmin($request, $response); - if($check !== true) + if ($check !== true) return $check; $data = []; - foreach(array('docstotal', 'folderstotal', 'userstotal') as $type) { + foreach (array('docstotal', 'folderstotal', 'userstotal') as $type) { $total = $dms->getStatisticalData($type); $data[$type] = $total; }