X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FBaseApi.php;h=b6824140db632ab8b73afbff30f0042baf6af2ea;hb=e7384288766f342da98b7d0ada082db516501ac6;hp=2e8e1d15b83402709c6bb7b079a30f90380feef6;hpb=5a9ef594bf1fe2732cfc9dccb6973bfbbaaf3b91;p=friendica.git diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 2e8e1d15b8..b6824140db 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -1,6 +1,6 @@ isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } - } + /** @var ApiResponse */ + protected $response; - public function patch() + public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = []) { - self::checkAllowedScope(self::SCOPE_WRITE); + parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } + $this->app = $app; } - public function post() + /** + * Additionally checks, if the caller is permitted to do this action + * + * {@inheritDoc} + * + * @throws HTTPException\ForbiddenException + */ + public function run(array $request = [], bool $scopecheck = true): ResponseInterface { - self::checkAllowedScope(self::SCOPE_WRITE); - - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); + if ($scopecheck) { + switch ($this->args->getMethod()) { + case Router::DELETE: + case Router::PATCH: + case Router::POST: + case Router::PUT: + self::checkAllowedScope(self::SCOPE_WRITE); + + if (!self::getCurrentUserID()) { + throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + } + break; + } } - } - - public function put() - { - self::checkAllowedScope(self::SCOPE_WRITE); - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } + return parent::run($request); } /** * Processes data from GET requests and sets defaults * + * @param array $defaults Associative array of expected request keys and their default typed value. A null + * value will remove the request key from the resulting value array. + * @param array $request Custom REQUEST array, superglobal instead * @return array request data + * @throws \Exception */ - public static function getRequest(array $defaults) + public function getRequest(array $defaults, array $request): array { - $httpinput = HTTPInputData::process(); - $input = array_merge($httpinput['variables'], $httpinput['files'], $_REQUEST); - - self::$request = $input; + self::$request = $request; self::$boundaries = []; unset(self::$request['pagename']); - $request = []; - - foreach ($defaults as $parameter => $defaultvalue) { - if (is_string($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? $defaultvalue; - } elseif (is_int($defaultvalue)) { - $request[$parameter] = (int)($input[$parameter] ?? $defaultvalue); - } elseif (is_float($defaultvalue)) { - $request[$parameter] = (float)($input[$parameter] ?? $defaultvalue); - } elseif (is_array($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? []; - } elseif (is_bool($defaultvalue)) { - $request[$parameter] = in_array(strtolower($input[$parameter] ?? ''), ['true', '1']); - } else { - Logger::notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]); - } - } - - foreach ($input ?? [] as $parameter => $value) { - if ($parameter == 'pagename') { - continue; - } - if (!in_array($parameter, array_keys($defaults))) { - Logger::notice('Unhandled request field', ['parameter' => $parameter, 'value' => $value, 'command' => DI::args()->getCommand()]); - } - } - - Logger::debug('Got request parameters', ['request' => $request, 'command' => DI::args()->getCommand()]); - return $request; + return $this->checkDefaults($defaults, $request); } /** @@ -185,7 +171,7 @@ class BaseApi extends BaseModule * * @return array token */ - protected static function getCurrentApplication() + public static function getCurrentApplication() { $token = OAuth::getCurrentApplicationToken(); @@ -292,14 +278,31 @@ class BaseApi extends BaseModule } } - public static function getContactIDForSearchterm($searchterm) + public static function getContactIDForSearchterm(string $screen_name = null, string $profileurl = null, int $cid = null, int $uid) { - if (intval($searchterm) == 0) { - $cid = Contact::getIdForURL($searchterm, 0, false); - } else { - $cid = intval($searchterm); + if (!empty($cid)) { + return $cid; + } + + if (!empty($profileurl)) { + return Contact::getIdForURL($profileurl); + } + + if (empty($cid) && !empty($screen_name)) { + if (strpos($screen_name, '@') !== false) { + return Contact::getIdForURL($screen_name, 0, false); + } + + $user = User::getByNickname($screen_name, ['uid']); + if (!empty($user['uid'])) { + return Contact::getPublicIdByUserId($user['uid']); + } + } + + if ($uid != 0) { + return Contact::getPublicIdByUserId($uid); } - return $cid; + return null; } }