new: [internal] Added new internal functions to be used by all export APIs in the future

- authenticate user via URL params if not already authenticated (to support legacy APIs) - harvest parameters in a standardised way for filtering all export APIs
2018-08-06 10:46:52 +02:00 · 2018-08-06 10:46:52 +02:00 · 8907517330
parent b1e712e726
commit 8907517330
1 changed files with 61 additions and 0 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -535,6 +535,67 @@ class AppController extends Controller
        return $this->Auth->user('org_id');
    }

+    protected function _getApiAuthUser($key, &$exception) {
+        if ($key != 'download') {
+            // check if the key is valid -> search for users based on key
+            $user = $this->checkAuthUser($key);
+            if (!$user) {
+                $exception = $this->RestResponse->throwException(
+                    401,
+                    __('This authentication key is not authorized to be used for exports. Contact your administrator.')
+                );
+                return false;
+            }
+        } else {
+            if (!$this->Auth->user('id')) {
+                $exception = $this->RestResponse->throwException(
+                    401,
+                    __('You have to be logged in to do that.')
+                );
+                return false;
+            }
+            $user = $this->Auth->user();
+        }
+        return $user;
+    }
+
+    // generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
+    protected function _harvestParameters($options, &$exception)
+    {
+        $data = array();
+        if (!empty($options['request']->is('post'))) {
+            if (empty($options['request']->data)) {
+                $exception = $this->RestResponse->throwException(
+                    400,
+                    __('Either specify the search terms in the url, or POST a json with the filter parameters.'),
+                    '/' . $this->request->params['controller'] . '/' . $this->action
+                );
+                return false;
+            } else {
+                if (isset($options['request']->data['request'])) {
+                    $data = $options['request']->data['request'];
+                } else {
+                    $data = $options['request']->data;
+                }
+            }
+        }
+        if (!empty($options['paramArray'])) {
+            foreach ($options['paramArray'] as $p) {
+                if (
+                    isset($options['ordered_url_params'][$p]) &&
+                    (!in_array(strtolower($options['ordered_url_params'][$p]), array('null', '0', false, 'false', null)))
+                ) {
+                    $data[$p] = $options['ordered_url_params'][$p];
+                    $data[$p] = str_replace(';', ':', $data[$p]);
+                }
+                if (isset($options['named_params'][$p])) {
+                    $data[$p] = $options['named_params'][$p];
+                }
+            }
+        }
+        return $data;
+    }
+
    // pass an action to this method for it to check the active user's access to the action
    public function checkAction($action = 'perm_sync')
    {