Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed notification + new react structure

Browse Source
This commit is contained in:
Roman
2022-11-23 23:36:30 +01:00
parent 303a5b69b5
commit b1c4c9e976
76 changed files with 10221 additions and 616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
Core/API/NewsAPI.class.php
View File

@@ -1,159 +0,0 @@
<?php
namespace Core\API {
use Core\Objects\Context;
abstract class NewsAPI extends Request {
public function __construct(Context $context, bool $externalCall = false, array $params = array()) {
parent::__construct($context, $externalCall, $params);
$this->loginRequired = true;
}
}
}
namespace Core\API\News {
use Core\API\NewsAPI;
use Core\API\Parameter\Parameter;
use Core\API\Parameter\StringType;
use Core\Driver\SQL\Condition\Compare;
use Core\Objects\Context;
use Core\Objects\DatabaseEntity\Group;
use Core\Objects\DatabaseEntity\News;
class Get extends NewsAPI {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
"since" => new Parameter("since", Parameter::TYPE_DATE_TIME, true, null),
"limit" => new Parameter("limit", Parameter::TYPE_INT, true, 10)
]);
$this->loginRequired = false;
}
public function _execute(): bool {
$since = $this->getParam("since");
$limit = $this->getParam("limit");
if ($limit < 1 || $limit > 30) {
return $this->createError("Limit must be in range 1-30");
}
$sql = $this->context->getSQL();
$newsQuery = News::createBuilder($sql, false)
->limit($limit)
->orderBy("published_at")
->descending()
->fetchEntities();
if ($since) {
$newsQuery->where(new Compare("published_at", $since, ">="));
}
$newsArray = News::findBy($newsQuery);
$this->success = $newsArray !== null;
$this->lastError = $sql->getLastError();
if ($this->success) {
$this->result["news"] = [];
foreach ($newsArray as $news) {
$newsId = $news->getId();
$this->result["news"][$newsId] = $news->jsonSerialize();
}
}
return $this->success;
}
}
class Publish extends NewsAPI {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
"title" => new StringType("title", 128),
"text" => new StringType("text", 1024)
]);
$this->loginRequired = true;
}
public function _execute(): bool {
$news = new News();
$news->text = $this->getParam("text");
$news->title = $this->getParam("title");
$news->publishedBy = $this->context->getUser();
$sql = $this->context->getSQL();
$this->success = $news->save($sql);
$this->lastError = $sql->getLastError();
if ($this->success) {
$this->result["newsId"] = $news->getId();
}
return $this->success;
}
}
class Delete extends NewsAPI {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
"id" => new Parameter("id", Parameter::TYPE_INT)
]);
$this->loginRequired = true;
}
public function _execute(): bool {
$sql = $this->context->getSQL();
$currentUser = $this->context->getUser();
$news = News::find($sql, $this->getParam("id"));
$this->success = ($news !== false);
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
} else if ($news === null) {
return $this->createError("News Post not found");
} else if ($news->publishedBy->getId() !== $currentUser->getId() && !$currentUser->hasGroup(Group::ADMIN)) {
return $this->createError("You do not have permissions to delete news post of other users.");
}
$this->success = $news->delete($sql);
$this->lastError = $sql->getLastError();
return $this->success;
}
}
class Edit extends NewsAPI {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
"id" => new Parameter("id", Parameter::TYPE_INT),
"title" => new StringType("title", 128),
"text" => new StringType("text", 1024)
]);
$this->loginRequired = true;
}
public function _execute(): bool {
$sql = $this->context->getSQL();
$currentUser = $this->context->getUser();
$news = News::find($sql, $this->getParam("id"));
$this->success = ($news !== false);
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
} else if ($news === null) {
return $this->createError("News Post not found");
} else if ($news->publishedBy->getId() !== $currentUser->getId() && !$currentUser->hasGroup(Group::ADMIN)) {
return $this->createError("You do not have permissions to edit news post of other users.");
}
$news->text = $this->getParam("text");
$news->title = $this->getParam("title");
$this->success = $news->save($sql);
$this->lastError = $sql->getLastError();
return $this->success;
}
}
}

8
Core/API/Swagger.class.php
View File

@@ -5,7 +5,6 @@ namespace Core\API;
use Core\API\Parameter\StringType;
use Core\Objects\Context;
use Core\Objects\DatabaseEntity\Group;
use Core\Objects\DatabaseEntity\User;
class Swagger extends Request {
@@ -26,7 +25,7 @@ class Swagger extends Request {
$classes = [];
$apiDirs = ["Core", "Site"];
foreach ($apiDirs as $apiDir) {
$basePath = realpath(WEBROOT . "/$apiDir/Api/");
$basePath = realpath(WEBROOT . "/$apiDir/API/");
if (!$basePath) {
continue;
}
@@ -36,7 +35,7 @@ class Swagger extends Request {
if (is_file($fullPath) && endsWith($fileName, ".class.php")) {
require_once $fullPath;
$apiName = explode(".", $fileName)[0];
$className = "\\API\\$apiName";
$className = "\\$apiDir\\API\\$apiName";
if (!class_exists($className)) {
var_dump("Class not exist: $className");
continue;
@@ -108,6 +107,7 @@ class Swagger extends Request {
$settings = $this->context->getSettings();
$siteName = $settings->getSiteName();
$domain = parse_url($settings->getBaseUrl(), PHP_URL_HOST);
$protocol = getProtocol();
$permissions = $this->fetchPermissions();
@@ -194,7 +194,7 @@ class Swagger extends Request {
],
"host" => $domain,
"basePath" => "/api",
"schemes" => ["https"],
"schemes" => ["$protocol"],
"paths" => $paths,
"definitions" => $definitions
];

24
Core/API/UserAPI.class.php
View File

@@ -328,37 +328,13 @@ namespace Core\API\User {
} else {
$queriedUser = $user->jsonSerialize();
// either we are querying own info or we are support / admin
$currentUser = $this->context->getUser();
$canView = ($userId === $currentUser->getId() ||
$currentUser->hasGroup(Group::ADMIN) ||
$currentUser->hasGroup(Group::SUPPORT));
// full info only when we have administrative privileges, or we are querying ourselves
$fullInfo = ($userId === $currentUser->getId() ||
$currentUser->hasGroup(Group::ADMIN) ||
$currentUser->hasGroup(Group::SUPPORT));
if (!$canView) {
// check if user posted something publicly
$res = $sql->select(new JsonArrayAgg(new Column("publishedBy"), "publisherIds"))
->from("News")
->execute();
$this->success = ($res !== false);
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
} else {
$canView = in_array($userId, json_decode($res[0]["publisherIds"], true));
}
}
if (!$canView) {
return $this->createError("No permissions to access this user");
}
if (!$fullInfo) {
if (!$queriedUser["confirmed"]) {
return $this->createError("No permissions to access this user");