Ignore:
Timestamp:
Jan 27, 2007, 9:22:12 AM (17 years ago)
Author:
vdigital
Message:

Web Service ws_add_controls is closed to final

(Next steps:

  • Merge functions_webserv.inc.php into ws_functions.inc.php
  • Revise ws_checker
  • Restrict Method need to be generic
  • ...)
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/ws_functions.inc.php

    r1756 r1757  
    3333 *
    3434 * - Args 
    35  * $params: is where clauses
    36  * $img_tbl: indicates if phpwebgallery_images is selected
     35 * $method: is the requested method
    3736 * $partner: is the key
    3837 * $tbl_name: is the alias_name in the query (sometimes called correlation name)
     38 *            null if !getting picture informations
    3939 * - Logic
    4040 * Access_control is not active: Return
     
    4646 * The additionnal in-where-clause is return
    4747 */       
    48 function ws_add_controls( $params, $img_tbl=false, $partner='', $tbl_name='' )
    49 {
    50   global $conf;
     48function ws_add_controls( $method, $tbl_name )
     49{
     50  global $conf, $partner;
    5151  if ( !$conf['ws_access_control'] )
    5252  {
    5353    return ' 1 = 1 '; // No controls are requested
    5454  }
    55   // Step 1 - Found Partner
     55 
     56// Is it an active Partner?
    5657  $query = '
    57 SELECT FROM '.WEB_SERVICES_ACCESS_TABLE."
    58  WHERE `name` = '$partner';";
     58SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
     59 WHERE `name` = '$partner'
     60   AND NOW() <= end; ";
    5961$result = pwg_query($query);
    60   if ( mysql_num_rows( pwg_query($query) ) = 0 )
     62  if ( mysql_num_rows( $result ) = 0 )
    6163  {     
    62     return ' 0 = 1 '; // Unknown partner
    63   }
    64   // Step 2 - Clauses / Request matching
    65   //     Restrict Request has to be redefined first
    66   // Step 3 - Target restrict
    67   return $addings;
     64    return ' 0 = 1 '; // Unknown partner or Obsolate agreement
     65  }
     66 
     67  $row = mysql_fetch_array($result);
     68
     69// Method / Request matching
     70// Generic is not ready
     71// For generic you can say... tags. or categories. or images. maybe?
     72  $filter = $row['request'];
     73  $request_method = substr($method, 0, strlen($filter)) ;
     74  if ( $filter !== $filter_method )
     75  {
     76    return ' 0 = 1'; // Unauthorized method request
     77  }
     78
     79// Target restrict
     80// 3 cases: list, cat or tag
     81// Behind / we could found img-ids, cat-ids or tag-ids
     82  $target = $row['access'];
     83  list($type, $str_ids) = explode('/',$target); // Find type list
     84
     85  $ids = explode( ',',$str_ids );
     86// (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
     87  $arr_ids = expand_id_list( $ids );
     88  $addings = implode(',', $arr_ids);
     89// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
     90  if ( $type = 'list')
     91  {
     92    return $tbl_name . 'id IN ( ' . $addings . ' ) ';
     93  }
     94 
     95  if ( $type = 'cat' )
     96  {
     97    $addings = implode(',', get_image_ids_for_cats($arr_ids));
     98    return $tbl_name . 'id IN ( ' . $addings . ' ) ';
     99  }
     100 
     101  if ( $type = 'tag' )
     102  {
     103    $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));
     104    return $tbl_name . 'id IN ( ' . $addings . ' ) ';
     105  }
     106  // Unmanaged new type?
     107  return ' 0 = 1 '; // ???
    68108}
    69109
     
    191231function ws_getVersion($params, &$service)
    192232{
     233//  Needed for security reason... Maybe???
     234//  $where_clause[] =
     235//          ws_add_controls( 'getVersion', null );
    193236  return PHPWG_VERSION;
    194237}
     
    250293      .')';
    251294
    252 // example of ws_add_controls call 
     295//  Mandatory
    253296//  $where_clause[] =
    254 //          ws_add_controls call( $params, true, $partner, $tbl_name='i.' );
     297//          ws_add_controls( 'categories.getImages', 'i.' );
    255298   
    256299    $order_by = ws_std_image_sql_order($params, 'i.');
     
    372415  }
    373416
     417// To ONLY build external links maybe ??? 
     418//  $where_clause[] =
     419//          ws_add_controls( 'categories.getList', null );
     420// Making links in a Blog...
     421
    374422  $query = '
    375423SELECT id, name, uppercats, global_rank,
     
    417465    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
    418466  }
     467// Mandatory (No comment) 
     468//  $where_clause[] =
     469//          ws_add_controls( 'images.getInfo', '' ); 
    419470  $query='
    420471SELECT * FROM '.IMAGES_TABLE.'
     
    649700  $image_ids = array();
    650701  $image_tag_map = array();
    651 
     702 
    652703  if ( !empty($tag_ids) )
    653704  { // build list of image ids with associated tags per image
     
    687738      );
    688739    $where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
     740// Mandatory 
     741//  $where_clause[] =
     742//          ws_add_controls( 'tags.getImages', '' ); 
     743
    689744    $order_by = ws_std_image_sql_order($params);
    690745    if (empty($order_by))
Note: See TracChangeset for help on using the changeset viewer.