web-base/core/Api/NewsAPI.class.php

158 lines
4.8 KiB
PHP
Raw Normal View History

2022-02-20 16:53:26 +01:00
<?php
namespace Api {
2022-06-20 19:52:31 +02:00
use Objects\Context;
2022-02-20 16:53:26 +01:00
abstract class NewsAPI extends Request {
2022-06-20 19:52:31 +02:00
public function __construct(Context $context, bool $externalCall = false, array $params = array()) {
parent::__construct($context, $externalCall, $params);
2022-02-20 16:53:26 +01:00
$this->loginRequired = true;
}
}
}
namespace Api\News {
use Api\NewsAPI;
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
use Driver\SQL\Condition\Compare;
2022-06-20 19:52:31 +02:00
use Objects\Context;
use Objects\DatabaseEntity\News;
2022-02-20 16:53:26 +01:00
class Get extends NewsAPI {
2022-06-20 19:52:31 +02:00
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
2022-02-20 16:53:26 +01:00
"since" => new Parameter("since", Parameter::TYPE_DATE_TIME, true, null),
"limit" => new Parameter("limit", Parameter::TYPE_INT, true, 10)
]);
2022-06-20 19:52:31 +02:00
$this->loginRequired = false;
2022-02-20 16:53:26 +01:00
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2022-02-20 16:53:26 +01:00
$since = $this->getParam("since");
$limit = $this->getParam("limit");
if ($limit < 1 || $limit > 30) {
return $this->createError("Limit must be in range 1-30");
}
2022-06-20 19:52:31 +02:00
$sql = $this->context->getSQL();
$newsQuery = News::findAllBuilder($sql)
->limit($limit)
->orderBy("published_at")
->descending()
->fetchEntities();
if ($since) {
$newsQuery->where(new Compare("published_at", $since, ">="));
}
$newsArray = $newsQuery->execute();
$this->success = $newsArray !== null;
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
if ($this->success) {
$this->result["news"] = [];
2022-06-20 19:52:31 +02:00
foreach ($newsArray as $news) {
$newsId = $news->getId();
$this->result["news"][$newsId] = $news->jsonSerialize();
2022-02-20 16:53:26 +01:00
}
}
return $this->success;
}
}
class Publish extends NewsAPI {
2022-06-20 19:52:31 +02:00
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
2022-02-20 16:53:26 +01:00
"title" => new StringType("title", 128),
"text" => new StringType("text", 1024)
]);
2022-06-20 19:52:31 +02:00
$this->loginRequired = true;
2022-02-20 16:53:26 +01:00
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2022-02-20 16:53:26 +01:00
2022-06-20 19:52:31 +02:00
$news = new News();
$news->text = $this->getParam("text");
$news->title = $this->getParam("title");
$news->publishedBy = $this->context->getUser();
2022-02-20 16:53:26 +01:00
2022-06-20 19:52:31 +02:00
$sql = $this->context->getSQL();
$this->success = $news->save($sql);
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
if ($this->success) {
2022-06-20 19:52:31 +02:00
$this->result["newsId"] = $news->getId();
2022-02-20 16:53:26 +01:00
}
2022-05-31 16:14:49 +02:00
return $this->success;
2022-02-20 16:53:26 +01:00
}
}
class Delete extends NewsAPI {
2022-06-20 19:52:31 +02:00
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
2022-02-20 16:53:26 +01:00
"id" => new Parameter("id", Parameter::TYPE_INT)
]);
2022-06-20 19:52:31 +02:00
$this->loginRequired = true;
2022-02-20 16:53:26 +01:00
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2022-06-20 19:52:31 +02:00
$sql = $this->context->getSQL();
$currentUser = $this->context->getUser();
$news = News::find($sql, $this->getParam("id"));
$this->success = ($news !== false);
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
2022-06-20 19:52:31 +02:00
} else if ($news === null) {
2022-02-20 16:53:26 +01:00
return $this->createError("News Post not found");
2022-06-20 19:52:31 +02:00
} else if ($news->publishedBy->getId() !== $currentUser->getId() && !$currentUser->hasGroup(USER_GROUP_ADMIN)) {
2022-02-20 16:53:26 +01:00
return $this->createError("You do not have permissions to delete news post of other users.");
}
2022-06-20 19:52:31 +02:00
$this->success = $news->delete($sql);
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
return $this->success;
}
}
class Edit extends NewsAPI {
2022-06-20 19:52:31 +02:00
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
2022-02-20 16:53:26 +01:00
"id" => new Parameter("id", Parameter::TYPE_INT),
"title" => new StringType("title", 128),
"text" => new StringType("text", 1024)
]);
2022-06-20 19:52:31 +02:00
$this->loginRequired = true;
2022-02-20 16:53:26 +01:00
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2022-06-20 19:52:31 +02:00
$sql = $this->context->getSQL();
$currentUser = $this->context->getUser();
2022-02-20 16:53:26 +01:00
2022-06-20 19:52:31 +02:00
$news = News::find($sql, $this->getParam("id"));
$this->success = ($news !== false);
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
2022-06-20 19:52:31 +02:00
} else if ($news === null) {
2022-02-20 16:53:26 +01:00
return $this->createError("News Post not found");
2022-06-20 19:52:31 +02:00
} else if ($news->publishedBy->getId() !== $currentUser->getId() && !$currentUser->hasGroup(USER_GROUP_ADMIN)) {
2022-02-20 16:53:26 +01:00
return $this->createError("You do not have permissions to edit news post of other users.");
}
2022-06-20 19:52:31 +02:00
$news->text = $this->getParam("text");
$news->title = $this->getParam("title");
$this->success = $news->save($sql);
2022-02-20 16:53:26 +01:00
$this->lastError = $sql->getLastError();
return $this->success;
}
}
}