From 8907517330a1b91a4386cdbff4a82bf768ccf601 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 6 Aug 2018 10:46:52 +0200
Subject: [PATCH] new: [internal] Added new internal functions to be used by
 all export APIs in the future

- authenticate user via URL params if not already authenticated (to support legacy APIs)
- harvest parameters in a standardised way for filtering all export APIs
---
 app/Controller/AppController.php | 61 ++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index c0d76fab3..d02d88960 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -535,6 +535,67 @@ class AppController extends Controller
         return $this->Auth->user('org_id');
     }
 
+    protected function _getApiAuthUser($key, &$exception) {
+        if ($key != 'download') {
+            // check if the key is valid -> search for users based on key
+            $user = $this->checkAuthUser($key);
+            if (!$user) {
+                $exception = $this->RestResponse->throwException(
+                    401,
+                    __('This authentication key is not authorized to be used for exports. Contact your administrator.')
+                );
+                return false;
+            }
+        } else {
+            if (!$this->Auth->user('id')) {
+                $exception = $this->RestResponse->throwException(
+                    401,
+                    __('You have to be logged in to do that.')
+                );
+                return false;
+            }
+            $user = $this->Auth->user();
+        }
+        return $user;
+    }
+
+    // generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
+    protected function _harvestParameters($options, &$exception)
+    {
+        $data = array();
+        if (!empty($options['request']->is('post'))) {
+            if (empty($options['request']->data)) {
+                $exception = $this->RestResponse->throwException(
+                    400,
+                    __('Either specify the search terms in the url, or POST a json with the filter parameters.'),
+                    '/' . $this->request->params['controller'] . '/' . $this->action
+                );
+                return false;
+            } else {
+                if (isset($options['request']->data['request'])) {
+                    $data = $options['request']->data['request'];
+                } else {
+                    $data = $options['request']->data;
+                }
+            }
+        }
+        if (!empty($options['paramArray'])) {
+            foreach ($options['paramArray'] as $p) {
+                if (
+                    isset($options['ordered_url_params'][$p]) &&
+                    (!in_array(strtolower($options['ordered_url_params'][$p]), array('null', '0', false, 'false', null)))
+                ) {
+                    $data[$p] = $options['ordered_url_params'][$p];
+                    $data[$p] = str_replace(';', ':', $data[$p]);
+                }
+                if (isset($options['named_params'][$p])) {
+                    $data[$p] = $options['named_params'][$p];
+                }
+            }
+        }
+        return $data;
+    }
+
     // pass an action to this method for it to check the active user's access to the action
     public function checkAction($action = 'perm_sync')
     {