src/Module/Calendar/Event/API.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2023, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Calendar\Event;
  23
  24 use Friendica\App;
  25 use Friendica\BaseModule;
  26 use Friendica\Core\L10n;
  27 use Friendica\Core\Protocol;
  28 use Friendica\Core\Session\Capability\IHandleUserSessions;
  29 use Friendica\Core\System;
  30 use Friendica\Core\Worker;
  31 use Friendica\Database\DBA;
  32 use Friendica\Model\Contact;
  33 use Friendica\Model\Conversation;
  34 use Friendica\Model\Event;
  35 use Friendica\Model\Item;
  36 use Friendica\Model\Post;
  37 use Friendica\Model\User;
  38 use Friendica\Module\Response;
  39 use Friendica\Navigation\SystemMessages;
  40 use Friendica\Network\HTTPException\BadRequestException;
  41 use Friendica\Network\HTTPException\UnauthorizedException;
  42 use Friendica\Protocol\Delivery;
  43 use Friendica\Util\ACLFormatter;
  44 use Friendica\Util\DateTimeFormat;
  45 use Friendica\Util\Profiler;
  46 use Friendica\Util\Strings;
  47 use Psr\Log\LoggerInterface;
  48
  49 /**
  50  * Basic API class for events
  51  * currently supports create, delete, ignore, unignore
  52  *
  53  * @todo: make create/update as REST-call instead of POST
  54  */
  55 class API extends BaseModule
  56 {
  57         const ACTION_CREATE   = 'create';
  58         const ACTION_DELETE   = 'delete';
  59         const ACTION_IGNORE   = 'ignore';
  60         const ACTION_UNIGNORE = 'unignore';
  61
  62         const ALLOWED_ACTIONS = [
  63                 self::ACTION_CREATE,
  64                 self::ACTION_DELETE,
  65                 self::ACTION_IGNORE,
  66                 self::ACTION_UNIGNORE,
  67         ];
  68
  69         /** @var IHandleUserSessions */
  70         protected $session;
  71         /** @var SystemMessages */
  72         protected $sysMessages;
  73         /** @var ACLFormatter */
  74         protected $aclFormatter;
  75         /** @var string */
  76         protected $timezone;
  77
  78         public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IHandleUserSessions $session, SystemMessages $sysMessages, ACLFormatter $aclFormatter, App $app, array $server, array $parameters = [])
  79         {
  80                 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
  81
  82                 $this->session      = $session;
  83                 $this->sysMessages  = $sysMessages;
  84                 $this->aclFormatter = $aclFormatter;
  85                 $this->timezone     = $app->getTimeZone();
  86
  87                 if (!$this->session->getLocalUserId()) {
  88                         throw new UnauthorizedException($this->t('Permission denied.'));
  89                 }
  90         }
  91
  92         protected function post(array $request = [])
  93         {
  94                 $this->createEvent($request);
  95         }
  96
  97         protected function rawContent(array $request = [])
  98         {
  99                 if (empty($this->parameters['action']) || !in_array($this->parameters['action'], self::ALLOWED_ACTIONS)) {
 100                         throw new BadRequestException($this->t('Invalid Request'));
 101                 }
 102
 103                 // CREATE is done per POSt, so nothing to do left
 104                 if ($this->parameters['action'] === static::ACTION_CREATE) {
 105                         return;
 106                 }
 107
 108                 if (empty($this->parameters['id'])) {
 109                         throw new BadRequestException($this->t('Event id is missing.'));
 110                 }
 111
 112                 $returnPath = $request['return_path'] ?? 'calendar';
 113
 114                 switch ($this->parameters['action']) {
 115                         case self::ACTION_IGNORE:
 116                                 Event::setIgnore($this->session->getLocalUserId(), $this->parameters['id']);
 117                                 break;
 118                         case self::ACTION_UNIGNORE:
 119                                 Event::setIgnore($this->session->getLocalUserId(), $this->parameters['id'], false);
 120                                 break;
 121                         case self::ACTION_DELETE:
 122                                 // Remove an event from the calendar and its related items
 123                                 $event = Event::getByIdAndUid($this->session->getLocalUserId(), $this->parameters['id']);
 124
 125                                 // Delete only real events (no birthdays)
 126                                 if (!empty($event) && $event['type'] == 'event') {
 127                                         Item::deleteForUser(['id' => $event['itemid']], $this->session->getLocalUserId());
 128                                 }
 129
 130                                 if (Post::exists(['id' => $event['itemid']])) {
 131                                         $this->sysMessages->addNotice($this->t('Failed to remove event'));
 132                                 }
 133                                 break;
 134                         default:
 135                                 throw new BadRequestException($this->t('Invalid Request'));
 136                 }
 137
 138                 $this->baseUrl->redirect($returnPath);
 139         }
 140
 141         protected function createEvent(array $request)
 142         {
 143                 $eventId = !empty($request['event_id']) ? intval($request['event_id']) : 0;
 144                 $uid     = (int)$this->session->getLocalUserId();
 145                 $cid     = !empty($request['cid']) ? intval($request['cid']) : 0;
 146
 147                 $strStartDateTime  = Strings::escapeHtml($request['start_text'] ?? '');
 148                 $strFinishDateTime = Strings::escapeHtml($request['finish_text'] ?? '');
 149
 150                 $noFinish = intval($request['nofinish'] ?? 0);
 151
 152                 $share     = intval($request['share'] ?? 0);
 153                 $isPreview = intval($request['preview'] ?? 0);
 154
 155                 $start = DateTimeFormat::convert($strStartDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone);
 156                 if (!$noFinish) {
 157                         $finish = DateTimeFormat::convert($strFinishDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone);
 158                 } else {
 159                         $finish = DBA::NULL_DATETIME;
 160                 }
 161
 162                 // Don't allow the event to finish before it begins.
 163                 // It won't hurt anything, but somebody will file a bug report,
 164                 // and we'll waste a bunch of time responding to it. Time that
 165                 // could've been spent doing something else.
 166
 167                 $summary  = trim($request['summary'] ?? '');
 168                 $desc     = trim($request['desc'] ?? '');
 169                 $location = trim($request['location'] ?? '');
 170                 $type     = 'event';
 171
 172                 $params = [
 173                         'summary'  => $summary,
 174                         'desc'     => $desc,
 175                         'location' => $location,
 176                         'start'    => $strStartDateTime,
 177                         'finish'   => $strFinishDateTime,
 178                         'nofinish' => $noFinish,
 179                 ];
 180
 181                 $action          = empty($eventId) ? 'new' : 'edit/' . $eventId;
 182                 $redirectOnError = 'calendar/event/' . $action . '?' . http_build_query($params, '', '&', PHP_QUERY_RFC3986);
 183
 184                 if (strcmp($finish, $start) < 0 && !$noFinish) {
 185                         if ($isPreview) {
 186                                 System::httpExit($this->t('Event can not end before it has started.'));
 187                         } else {
 188                                 $this->sysMessages->addNotice($this->t('Event can not end before it has started.'));
 189                                 $this->baseUrl->redirect($redirectOnError);
 190                         }
 191                 }
 192
 193                 if (empty($summary) || ($start === DBA::NULL_DATETIME)) {
 194                         if ($isPreview) {
 195                                 System::httpExit($this->t('Event title and start time are required.'));
 196                         } else {
 197                                 $this->sysMessages->addNotice($this->t('Event title and start time are required.'));
 198                                 $this->baseUrl->redirect($redirectOnError);
 199                         }
 200                 }
 201
 202                 $self = Contact::getPublicIdByUserId($uid);
 203
 204                 $aclFormatter = $this->aclFormatter;
 205
 206                 if ($share) {
 207                         $user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
 208                         if (empty($user)) {
 209                                 $this->logger->warning('Cannot find user for an event.', ['uid' => $uid, 'event' => $eventId]);
 210                                 $this->response->setStatus(500);
 211                                 return;
 212                         }
 213
 214                         $strAclContactAllow = isset($request['contact_allow']) ? $aclFormatter->toString($request['contact_allow']) : $user['allow_cid'] ?? '';
 215                         $strAclGroupAllow   = isset($request['group_allow']) ? $aclFormatter->toString($request['group_allow']) : $user['allow_gid']     ?? '';
 216                         $strContactDeny     = isset($request['contact_deny']) ? $aclFormatter->toString($request['contact_deny']) : $user['deny_cid']    ?? '';
 217                         $strGroupDeny       = isset($request['group_deny']) ? $aclFormatter->toString($request['group_deny']) : $user['deny_gid']        ?? '';
 218
 219                         $visibility = $request['visibility'] ?? '';
 220                         if ($visibility === 'public') {
 221                                 // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
 222                                 $strAclContactAllow = $strAclGroupAllow = $strContactDeny = $strGroupDeny = '';
 223                         } elseif ($visibility === 'custom') {
 224                                 // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
 225                                 // case that would make it public. So we always append the author's contact id to the allowed contacts.
 226                                 // See https://github.com/friendica/friendica/issues/9672
 227                                 $strAclContactAllow .= $aclFormatter->toString($self);
 228                         }
 229                 } else {
 230                         $strAclContactAllow = $aclFormatter->toString($self);
 231                         $strAclGroupAllow   = '';
 232                         $strContactDeny     = '';
 233                         $strGroupDeny       = '';
 234                 }
 235
 236                 $datarray = [
 237                         'start'     => $start,
 238                         'finish'    => $finish,
 239                         'summary'   => $summary,
 240                         'desc'      => $desc,
 241                         'location'  => $location,
 242                         'type'      => $type,
 243                         'nofinish'  => $noFinish,
 244                         'uid'       => $uid,
 245                         'cid'       => $cid,
 246                         'allow_cid' => $strAclContactAllow,
 247                         'allow_gid' => $strAclGroupAllow,
 248                         'deny_cid'  => $strContactDeny,
 249                         'deny_gid'  => $strGroupDeny,
 250                         'id'        => $eventId,
 251                 ];
 252
 253                 if (intval($request['preview'])) {
 254                         System::httpExit(Event::getHTML($datarray));
 255                 }
 256
 257                 $eventId = Event::store($datarray);
 258
 259                 $newItem = Event::getItemArrayForId($eventId, [
 260                         'network'   => Protocol::DFRN,
 261                         'protocol'  => Conversation::PARCEL_DIRECT,
 262                         'direction' => Conversation::PUSH
 263                 ]);
 264                 if (Item::insert($newItem)) {
 265                         $uriId = (int)$newItem['uri-id'];
 266                 } else {
 267                         $uriId = 0;
 268                 }
 269
 270                 if (!$cid && $uriId) {
 271                         Worker::add(Worker::PRIORITY_HIGH, 'Notifier', Delivery::POST, $uriId, $uid);
 272                 }
 273
 274                 $this->baseUrl->redirect('calendar');
 275         }
 276 }