Changeset 1781 for trunk/include/ws_functions.inc.php

Timestamp:

Feb 6, 2007, 2:02:06 AM (17 years ago)

Author:

rvelices

Message:

web services:

• respect confallow_web_services
• added confws_max_images_per_page to limit the number of images returned per web call
• fixes for Vincent's partners
• added comments

File:

• trunk/include/ws_functions.inc.php (modified) (21 diffs, 1 prop)

trunk/include/ws_functions.inc.php

@@ -8 +8 @@
 // | last update   : $Date$
 // | last modifier : $Author$
-// | revision      : $Rev$
+// | revision      : $Revision$
 // +-----------------------------------------------------------------------+
 // | This program is free software; you can redistribute it and/or modify  |
@@ -34 +34 @@
 {
   global $conf, $calling_partner_id;
-  if ( !$conf['ws_access_control'])
+  if ( !$conf['ws_access_control']
+       or strpos($methodName,'reflection.')===0 )
   {
     return $res; // No controls are requested
@@ -46 +47 @@
   if ( empty($row) )
   {
-    return new PwgError(403, 'Partner id does not exist');
-  }
+    return new PwgError(403, 'Partner id does not exist or is expired');
+  }
+  if ( !empty($row['request'])
+      and strpos($methodName, $row['request'])==false )
+  {
+    return new PwgError(403, 'Method not allowed');
+  }
+
   return $res;
 }
@@ -54 +61 @@
  * ws_addControls
  * returns additionnal controls if requested
- * usable for 99% of Web Service methods 
- * 
- * - Args  
+ * usable for 99% of Web Service methods
+ *
+ * - Args
  * $methodName: is the requested method
  * $partner: is the key
  * $tbl_name: is the alias_name in the query (sometimes called correlation name)
- *            null if !getting picture informations 
+ *            null if !getting picture informations
  * - Logic
- * Access_control is not active: Return 
- * Key is incorrect: Return 0 = 1 (False condition for MySQL)  
- * One of Params doesn't match with type of request: return 0 = 1 again 
+ * Access_control is not active: Return
+ * Key is incorrect: Return 0 = 1 (False condition for MySQL)
+ * One of Params doesn't match with type of request: return 0 = 1 again
  * Access list(id/cat/tag) is converted in expended image-id list
  * image-id list: converted to an in-where-clause
- *   
+ *
  * The additionnal in-where-clause is return
- */       
-function ws_addControls( $methodName, $tbl_name )
-{
-  global $conf, $calling_partner_id, $params;
-  if ( !$conf['ws_access_control'] )
-  {
-    return ' 1 = 1 '; // No controls are requested 
-  }
-  
-// Is it an active Partner? 
+ */
+function ws_addControls( $methodName, &$params, $tbl_name )
+{
+  global $conf, $calling_partner_id;
+  if ( !$conf['ws_access_control'] or !isset($calling_partner_id) )
+  {
+    return '1=1'; // No controls are requested
+  }
+
+// Is it an active Partner?
   $query = '
 SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
@@ -85 +92 @@
 $result = pwg_query($query);
   if ( mysql_num_rows( $result ) == 0 )
-  {     
-    return ' 0 = 1 '; // Unknown partner or Obsolate agreement
-  }
-  
+  {
+    return '0=1'; // Unknown partner or Obsolate agreement
+  }
+
   $row = mysql_fetch_array($result);
 
-// Method / Request matching
-// Generic is not ready 
-// For generic you can say... tags. or categories. or images. maybe?
-  $filter = $row['request'];
-  $request_method = substr($methodName, 0, strlen($filter)) ;
-  if ( $filter !== $filter_method )
-  {
-    return ' 0 = 1'; // Unauthorized method request
-  }
-// Overide general object limit   
+// Overide general object limit
   $params['per_page'] = $row['limit'];
-  
+
 // Target restrict
 // 3 cases: list, cat or tag
@@ -109 +107 @@
   list($type, $str_ids) = explode('/',$target); // Find type list
 
-  $ids = explode( ',',$str_ids );
 // (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
-  $arr_ids = expand_id_list( $ids );
-  $addings = implode(',', $arr_ids); 
-// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22, 
-  if ( $type = 'list')
+  $arr_ids = expand_id_list( explode( ',',$str_ids ) );
+  $addings = implode(',', $arr_ids);
+// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
+  if ( $type == 'list')
   {
     return $tbl_name . 'id IN ( ' . $addings . ' ) ';
   }
-  
-  if ( $type = 'cat' )
+
+  if ( $type == 'cat' )
   {
     $addings = implode(',', get_image_ids_for_cats($arr_ids));
     return $tbl_name . 'id IN ( ' . $addings . ' ) ';
   }
-  
-  if ( $type = 'tag' )
-  { 
+
+  if ( $type == 'tag' )
+  {
     $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));
     return $tbl_name . 'id IN ( ' . $addings . ' ) ';
   }
   // Unmanaged new type?
-  return ' 0 = 1 '; // ??? 
+  return ' 0 = 1 '; // ???
 }
 
@@ -248 +245 @@
 
 
+/**
+ * returns PWG version (web service method)
+ */
 function ws_getVersion($params, &$service)
 {
@@ -254 +254 @@
 }
 
-/**
- * returns images per category (wb service method)
+
+/**
+ * returns images per category (web service method)
  */
 function ws_categories_getImages($params, &$service)
@@ -309 +310 @@
       .implode(',', array_keys($cats) )
       .')';
-
-    $where_clause[] =
-          ws_addControls( 'categories.getImages', 'i.' );
-    
+    $where_clauses[] = get_sql_condition_FandF( array(
+          'visible_images' => 'i.id'
+        ), null, true
+      );
+    $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' );
+
     $order_by = ws_std_image_sql_order($params, 'i.');
     if (empty($order_by))
@@ -397 +400 @@
 }
 
-/**
- * returns a list of categories
+
+/**
+ * returns a list of categories (web service method)
  */
 function ws_categories_getList($params, &$service)
@@ -467 +471 @@
 }
 
+
+/**
+ * returns detailed information for an element (web service method)
+ */
 function ws_images_getInfo($params, &$service)
 {
@@ -476 +484 @@
     return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
   }
- 
+
   $query='
 SELECT * FROM '.IMAGES_TABLE.'
@@ -484 +492 @@
       ' AND'
     ).' AND '.
-    ws_addControls( 'images.getInfo', '' ).'
+    ws_addControls( 'images.getInfo', $params, '' ).'
 LIMIT 1;';
 
@@ -601 +609 @@
 
 
+/**
+ * perform a login (web service method)
+ */
 function ws_session_login($params, &$service)
 {
@@ -616 +627 @@
 }
 
+
+/**
+ * performs a logout (web service method)
+ */
 function ws_session_logout($params, &$service)
 {
@@ -643 +658 @@
 
 
+/**
+ * returns a list of tags (web service method)
+ */
 function ws_tags_getList($params, &$service)
 {
@@ -670 +688 @@
 }
 
+
+/**
+ * returns a list of images for tags (web service method)
+ */
 function ws_tags_getImages($params, &$service)
 {
@@ -710 +732 @@
   $image_ids = array();
   $image_tag_map = array();
-  
+
   if ( !empty($tag_ids) )
   { // build list of image ids with associated tags per image
@@ -748 +770 @@
       );
     $where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
-    $where_clause[] =
-            ws_addControls( 'tags.getImages', 'i.' );
+    $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' );
 
     $order_by = ws_std_image_sql_order($params);
@@ -831 +852 @@
 }
 
-/**
- * official_req returns the managed requests list in array format
- * FIXME A New list need to be build for ws_checker.php
- * returns array of authrorized request/methods
- * */   
-function official_req()
-{
-  $official = array(                  /* Requests are limited to             */
-      'categories.'                          /* all categories. methods */
-    , 'categories.getImages'                 /* <= see */
-    , 'categories.getList'                   /* <= see */
-    , 'images.'                              /* all images. methods */
-    , 'images.getInfo'                       /* <= see */
-    , 'tags.'                                /* all tags. methods */
-    , 'tags.getImages'                       /* <= see */
-    , 'tags.getList'                         /* <= see */
-  );
-  if (function_exists('local_req')) {
-     $local = local_req();
-     return array_merge( $official, $local );
-  }
-  return $official;
-}
 
 /**
  * expand_id_list($ids) convert a human list expression to a full ordered list
  * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)
- * */ 
+ * */
 function expand_id_list($ids)
 {
-    $tid = array();
-    foreach ( $ids as $id )
-    {
-      if ( is_numeric($id) )
+  $tid = array();
+  foreach ( $ids as $id )
+  {
+    if ( is_numeric($id) )
+    {
+      $tid[] = (int) $id;
+    }
+    else
+    {
+      $range = explode( '-', $id );
+      if ( is_numeric($range[0]) and is_numeric($range[1]) )
       {
-        $tid[] = (int) $id;
-      }
-      else
-      {
-        $range = explode( '-', $id );
-        if ( is_numeric($range[0]) and is_numeric($range[1]) )
+        $from = min($range[0],$range[1]);
+        $to = max($range[0],$range[1]);
+        for ($i = $from; $i <= $to; $i++)
         {
-          $from = min($range[0],$range[1]);
-          $to = max($range[0],$range[1]);
-          for ($i = $from; $i <= $to; $i++) 
-          {
-            $tid[] = (int) $i;
-          }
+          $tid[] = (int) $i;
         }
       }
     }
-    $result = array_unique ($tid); // remove duplicates...
-    sort ($result);
-    return $result;
-}
-
-/**
- * check_target($string) verifies and corrects syntax of target parameter
- * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27
- * */ 
-function check_target($list)
-{
-  if ( $list !== '' )
-  {
-    $type = explode('/',$list); // Find type list
-    if ( !in_array($type[0],array('list','cat','tag') ) )
-    {
-      $type[0] = 'list'; // Assume an id list
-    } 
-    $ids = explode( ',',$type[1] );
-    $list = $type[0] . '/';
-
-    // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
-
-    $result = expand_id_list( $ids ); 
-
-    // 1,2,3,4,5,6,9,10,11,12,13,21,22, 
-    // I would like
-    // 1-6,9-13,21-22
-    $serial[] = $result[0]; // To be shifted                      
-    foreach ($result as $k => $id)
-    {
-      $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1;
-      if ( $id == $next_less_1 and end($serial)=='-' )
-      { // nothing to do 
-      }
-      elseif ( $id == $next_less_1 )
-      {
-        $serial[]=$id;
-        $serial[]='-';
-      }
-      else
-      {
-        $serial[]=$id;  // end serie or non serie
-      }
-    }
-    $null = array_shift($serial); // remove first value
-    $list .= array_shift($serial); // add the real first one
-    $separ = ',';
-    foreach ($serial as $id)
-    {
-      $list .= ($id=='-') ? '' : $separ . $id;
-      $separ = ($id=='-') ? '-':','; // add comma except if hyphen
-    }
-  }
-  return $list;
-}
+  }
+  $result = array_unique ($tid); // remove duplicates...
+  sort ($result);
+  return $result;
+}
+
 
 /**
  * converts a cat-ids array in image-ids array
  * FIXME Function which should already exist somewhere else
- * */  
+ * */
 function get_image_ids_for_cats($cat_ids)
 {
@@ -948 +895 @@
   $ret_ids = array();
   $query = '
-  SELECT DISTINCT image_id 
+  SELECT DISTINCT image_id
     FROM '.IMAGE_CATEGORY_TABLE.'
   WHERE category_id in ('.$cat_list.')
   ;';
-  return $array_from_query($query, 'image_id');
+  return array_from_query($query, 'image_id');
 }