Skip to content
Snippets Groups Projects
Commit 831c96a4 authored by Tomáš Valenta's avatar Tomáš Valenta
Browse files

finish plugin

parent 1cc21e28
Branches
Tags
No related merge requests found
......@@ -21,8 +21,7 @@ window.addEventListener(
return;
}
nextUrl.searchParams.append("sid", window.SESSION_ID);
nextUrl.searchParams.append("user-agent", window.navigator.userAgent);
nextUrl.searchParams.append("token", window.TOKEN);
window.location = nextUrl;
}
......
......@@ -17,7 +17,7 @@ eparsons_restapi_users_user:
userId: \d+
eparsons_restapi_forums_threads:
path: /restApiV1/forums/{forumId}/threads
path: /restApiV1/forums/{forum_id}/threads
defaults: { _controller: eparsons.restapi.controller.forums:viewThreads }
requirements:
forumId: \d+
forum_id: \d+
......@@ -49,11 +49,11 @@ class Forums
}
/**
* Handler for /api/forums/{forumId}/threads GET requests
* Handler for /api/forums/{forum_id}/threads GET requests
*
* @return JsonResponse A Symfony Response object
*/
public function viewThreads($forumId)
public function viewThreads($forum_id)
{
$errorResponse = $this->validation->ValidateRequest('GET');
if ($errorResponse != null)
......@@ -61,16 +61,55 @@ class Forums
return $errorResponse;
}
global $db, $phpbb_container;
$forum_id = (int)$forum_id;
global $db, $phpbb_container, $table_prefix, $request;
$phpbb_content_visibility = $phpbb_container->get('content.visibility');
$request->enable_super_globals();
if (!isset($_GET["token"])) {
http_response_code(400);
die();
}
$api_token_query = $db->sql_query(
'SELECT user_id, allowed_forum_ids
FROM ' . $table_prefix . 'api_tokens
WHERE token=\'' . $db->sql_escape($_GET["token"]) . '\''
);
$request->disable_super_globals();
$user_id = null;
$allowed_forum_ids = array();
while ($row = $db->sql_fetchrow($api_token_query)) {
$user_id = $row["user_id"];
$allowed_forum_ids = explode(",", $row["allowed_forum_ids"]);
foreach ($allowed_forum_ids as &$allowed_forum_id) {
$allowed_forum_id = (int)$allowed_forum_id;
}
}
if ($user_id === null) {
http_response_code(401);
die();
}
if (!in_array($forum_id, $allowed_forum_ids)) {
http_response_code(401);
die();
}
$threads_query = $db->sql_query(
'SELECT *
FROM ' . TOPICS_TABLE . '
WHERE
forum_id = ' . $forumId . '
AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forumId) . '
forum_id = ' . $forum_id . '
AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id) . '
ORDER BY topic_id DESC'
);
......@@ -88,7 +127,7 @@ class Forums
FROM ' . POSTS_TABLE . '
WHERE
topic_id = ' . $row["topic_id"] . '
AND ' . $phpbb_content_visibility->get_visibility_sql('post', $forumId) . '
AND ' . $phpbb_content_visibility->get_visibility_sql('post', $forum_id) . '
ORDER BY post_id DESC'
);
......
......@@ -15,6 +15,7 @@ if ($user->data['user_id'] == ANONYMOUS)
exit;
}
$request->enable_super_globals();
if (!isset($_GET["forum_scopes"])) {
http_response_code(400);
......@@ -32,23 +33,43 @@ foreach ($requested_forum_ids as &$forum_id) {
$forum_id = (int)$forum_id;
if (
$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
&& $forum_data['forum_type'] == FORUM_LINK
$forum_data = null;
$forum_query = $db->sql_query(
'SELECT * FROM ' . $table_prefix . 'forums
WHERE forum_id= ' . $forum_id
);
while ($row = $db->sql_fetchrow($forum_query)) {
$forum_data = $row;
}
if ($forum_data === null) {
http_response_code(404);
die();
}
if (!(
!$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
|| (
$forum_data['forum_type'] == FORUM_LINK
&& $forum_data['forum_link']
&& !$auth->acl_get('f_read', $forum_id)
) {
)
)) {
array_push($allowed_forum_ids, $forum_id);
}
}
$db->sql_query(
'CREATE TABLE IF NOT EXISTS ' . $table_prefix . 'api_tokens (
user_id INT PRIMARY KEY,
user_id INT(10) UNSIGNED,
allowed_forum_ids TEXT NOT NULL,
token VARCHAR(32) NOT NULL,
FOREIGN KEY (user_id) REFERENCES ' . $table_prefix . 'user(user_id) ON DELETE CASCADE
)'
PRIMARY KEY (user_id),
FOREIGN KEY (user_id)
REFERENCES ' . $table_prefix . 'users (user_id)
ON DELETE CASCADE
) ENGINE=INNODB'
);
$existing_token_query = $db->sql_query(
......@@ -71,15 +92,15 @@ if (!$token_exists) {
'INSERT INTO ' . $table_prefix . 'api_tokens
VALUES ('
. $user->data["user_id"] . ', '
. '\'' . implode(",", allowed_forum_ids) . '\', '
. $token .
. '\'' . implode(",", $allowed_forum_ids) . '\', '
. '\'' . $token . '\'' .
')'
);
} else {
$db->sql_query(
'UPDATE ' . $table_prefix . 'api_tokens
WHERE user_id=' . $user->data["user_id"] . '
SET allowed_forum_ids = \'' . implode(",", allowed_forum_ids) . '\''
SET allowed_forum_ids = \'' . implode(",", $allowed_forum_ids) . '\'
WHERE user_id=' . $user->data["user_id"]
);
}
......@@ -89,8 +110,10 @@ $template->set_filenames(array(
'body' => 'nastenka_sync.html',
));
$template->assign_vars(array(
'API_TOKEN' => $token,
'TOKEN' => $token,
));
$request->disable_super_globals();
page_footer();
?>
......@@ -24,7 +24,7 @@
</div>
<script>
window.SESSION_ID = "{SESSION_ID}";
window.TOKEN = "{TOKEN}";
</script>
<script src="./assets/javascript/nastenka_sync.js?v=1"></script>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment