Changeset 1781 for trunk/include/ws_functions.inc.php
- Timestamp:
- Feb 6, 2007, 2:02:06 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/ws_functions.inc.php
-
Property
svn:keywords
changed from
Author Date Id Rev URL
toAuthor Date Id Revision URL
r1777 r1781 8 8 // | last update : $Date$ 9 9 // | last modifier : $Author$ 10 // | revision : $Rev $10 // | revision : $Revision$ 11 11 // +-----------------------------------------------------------------------+ 12 12 // | This program is free software; you can redistribute it and/or modify | … … 34 34 { 35 35 global $conf, $calling_partner_id; 36 if ( !$conf['ws_access_control']) 36 if ( !$conf['ws_access_control'] 37 or strpos($methodName,'reflection.')===0 ) 37 38 { 38 39 return $res; // No controls are requested … … 46 47 if ( empty($row) ) 47 48 { 48 return new PwgError(403, 'Partner id does not exist'); 49 } 49 return new PwgError(403, 'Partner id does not exist or is expired'); 50 } 51 if ( !empty($row['request']) 52 and strpos($methodName, $row['request'])==false ) 53 { 54 return new PwgError(403, 'Method not allowed'); 55 } 56 50 57 return $res; 51 58 } … … 54 61 * ws_addControls 55 62 * returns additionnal controls if requested 56 * usable for 99% of Web Service methods 57 * 58 * - Args 63 * usable for 99% of Web Service methods 64 * 65 * - Args 59 66 * $methodName: is the requested method 60 67 * $partner: is the key 61 68 * $tbl_name: is the alias_name in the query (sometimes called correlation name) 62 * null if !getting picture informations 69 * null if !getting picture informations 63 70 * - Logic 64 * Access_control is not active: Return 65 * Key is incorrect: Return 0 = 1 (False condition for MySQL) 66 * One of Params doesn't match with type of request: return 0 = 1 again 71 * Access_control is not active: Return 72 * Key is incorrect: Return 0 = 1 (False condition for MySQL) 73 * One of Params doesn't match with type of request: return 0 = 1 again 67 74 * Access list(id/cat/tag) is converted in expended image-id list 68 75 * image-id list: converted to an in-where-clause 69 * 76 * 70 77 * The additionnal in-where-clause is return 71 */ 72 function ws_addControls( $methodName, $tbl_name )73 { 74 global $conf, $calling_partner_id , $params;75 if ( !$conf['ws_access_control'] )76 { 77 return ' 1 = 1 '; // No controls are requested78 } 79 80 // Is it an active Partner? 78 */ 79 function ws_addControls( $methodName, &$params, $tbl_name ) 80 { 81 global $conf, $calling_partner_id; 82 if ( !$conf['ws_access_control'] or !isset($calling_partner_id) ) 83 { 84 return '1=1'; // No controls are requested 85 } 86 87 // Is it an active Partner? 81 88 $query = ' 82 89 SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." … … 85 92 $result = pwg_query($query); 86 93 if ( mysql_num_rows( $result ) == 0 ) 87 { 88 return ' 0 = 1'; // Unknown partner or Obsolate agreement89 } 90 94 { 95 return '0=1'; // Unknown partner or Obsolate agreement 96 } 97 91 98 $row = mysql_fetch_array($result); 92 99 93 // Method / Request matching 94 // Generic is not ready 95 // For generic you can say... tags. or categories. or images. maybe? 96 $filter = $row['request']; 97 $request_method = substr($methodName, 0, strlen($filter)) ; 98 if ( $filter !== $filter_method ) 99 { 100 return ' 0 = 1'; // Unauthorized method request 101 } 102 // Overide general object limit 100 // Overide general object limit 103 101 $params['per_page'] = $row['limit']; 104 102 105 103 // Target restrict 106 104 // 3 cases: list, cat or tag … … 109 107 list($type, $str_ids) = explode('/',$target); // Find type list 110 108 111 $ids = explode( ',',$str_ids );112 109 // (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, 113 $arr_ids = expand_id_list( $ids);114 $addings = implode(',', $arr_ids); 115 // (string) 1,2,3,4,5,6,9,10,11,12,13,21,22, 116 if ( $type = 'list')110 $arr_ids = expand_id_list( explode( ',',$str_ids ) ); 111 $addings = implode(',', $arr_ids); 112 // (string) 1,2,3,4,5,6,9,10,11,12,13,21,22, 113 if ( $type == 'list') 117 114 { 118 115 return $tbl_name . 'id IN ( ' . $addings . ' ) '; 119 116 } 120 121 if ( $type = 'cat' )117 118 if ( $type == 'cat' ) 122 119 { 123 120 $addings = implode(',', get_image_ids_for_cats($arr_ids)); 124 121 return $tbl_name . 'id IN ( ' . $addings . ' ) '; 125 122 } 126 127 if ( $type = 'tag' )128 { 123 124 if ( $type == 'tag' ) 125 { 129 126 $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR')); 130 127 return $tbl_name . 'id IN ( ' . $addings . ' ) '; 131 128 } 132 129 // Unmanaged new type? 133 return ' 0 = 1 '; // ??? 130 return ' 0 = 1 '; // ??? 134 131 } 135 132 … … 248 245 249 246 247 /** 248 * returns PWG version (web service method) 249 */ 250 250 function ws_getVersion($params, &$service) 251 251 { … … 254 254 } 255 255 256 /** 257 * returns images per category (wb service method) 256 257 /** 258 * returns images per category (web service method) 258 259 */ 259 260 function ws_categories_getImages($params, &$service) … … 309 310 .implode(',', array_keys($cats) ) 310 311 .')'; 311 312 $where_clause[] = 313 ws_addControls( 'categories.getImages', 'i.' ); 314 312 $where_clauses[] = get_sql_condition_FandF( array( 313 'visible_images' => 'i.id' 314 ), null, true 315 ); 316 $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' ); 317 315 318 $order_by = ws_std_image_sql_order($params, 'i.'); 316 319 if (empty($order_by)) … … 397 400 } 398 401 399 /** 400 * returns a list of categories 402 403 /** 404 * returns a list of categories (web service method) 401 405 */ 402 406 function ws_categories_getList($params, &$service) … … 467 471 } 468 472 473 474 /** 475 * returns detailed information for an element (web service method) 476 */ 469 477 function ws_images_getInfo($params, &$service) 470 478 { … … 476 484 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); 477 485 } 478 486 479 487 $query=' 480 488 SELECT * FROM '.IMAGES_TABLE.' … … 484 492 ' AND' 485 493 ).' AND '. 486 ws_addControls( 'images.getInfo', '' ).'494 ws_addControls( 'images.getInfo', $params, '' ).' 487 495 LIMIT 1;'; 488 496 … … 601 609 602 610 611 /** 612 * perform a login (web service method) 613 */ 603 614 function ws_session_login($params, &$service) 604 615 { … … 616 627 } 617 628 629 630 /** 631 * performs a logout (web service method) 632 */ 618 633 function ws_session_logout($params, &$service) 619 634 { … … 643 658 644 659 660 /** 661 * returns a list of tags (web service method) 662 */ 645 663 function ws_tags_getList($params, &$service) 646 664 { … … 670 688 } 671 689 690 691 /** 692 * returns a list of images for tags (web service method) 693 */ 672 694 function ws_tags_getImages($params, &$service) 673 695 { … … 710 732 $image_ids = array(); 711 733 $image_tag_map = array(); 712 734 713 735 if ( !empty($tag_ids) ) 714 736 { // build list of image ids with associated tags per image … … 748 770 ); 749 771 $where_clauses[] = 'id IN ('.implode(',',$image_ids).')'; 750 $where_clause[] = 751 ws_addControls( 'tags.getImages', 'i.' ); 772 $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' ); 752 773 753 774 $order_by = ws_std_image_sql_order($params); … … 831 852 } 832 853 833 /**834 * official_req returns the managed requests list in array format835 * FIXME A New list need to be build for ws_checker.php836 * returns array of authrorized request/methods837 * */838 function official_req()839 {840 $official = array( /* Requests are limited to */841 'categories.' /* all categories. methods */842 , 'categories.getImages' /* <= see */843 , 'categories.getList' /* <= see */844 , 'images.' /* all images. methods */845 , 'images.getInfo' /* <= see */846 , 'tags.' /* all tags. methods */847 , 'tags.getImages' /* <= see */848 , 'tags.getList' /* <= see */849 );850 if (function_exists('local_req')) {851 $local = local_req();852 return array_merge( $official, $local );853 }854 return $official;855 }856 854 857 855 /** 858 856 * expand_id_list($ids) convert a human list expression to a full ordered list 859 857 * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5) 860 * */ 858 * */ 861 859 function expand_id_list($ids) 862 860 { 863 $tid = array(); 864 foreach ( $ids as $id ) 865 { 866 if ( is_numeric($id) ) 861 $tid = array(); 862 foreach ( $ids as $id ) 863 { 864 if ( is_numeric($id) ) 865 { 866 $tid[] = (int) $id; 867 } 868 else 869 { 870 $range = explode( '-', $id ); 871 if ( is_numeric($range[0]) and is_numeric($range[1]) ) 867 872 { 868 $tid[] = (int) $id; 869 } 870 else 871 { 872 $range = explode( '-', $id ); 873 if ( is_numeric($range[0]) and is_numeric($range[1]) ) 873 $from = min($range[0],$range[1]); 874 $to = max($range[0],$range[1]); 875 for ($i = $from; $i <= $to; $i++) 874 876 { 875 $from = min($range[0],$range[1]); 876 $to = max($range[0],$range[1]); 877 for ($i = $from; $i <= $to; $i++) 878 { 879 $tid[] = (int) $i; 880 } 877 $tid[] = (int) $i; 881 878 } 882 879 } 883 880 } 884 $result = array_unique ($tid); // remove duplicates... 885 sort ($result); 886 return $result; 887 } 888 889 /** 890 * check_target($string) verifies and corrects syntax of target parameter 891 * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27 892 * */ 893 function check_target($list) 894 { 895 if ( $list !== '' ) 896 { 897 $type = explode('/',$list); // Find type list 898 if ( !in_array($type[0],array('list','cat','tag') ) ) 899 { 900 $type[0] = 'list'; // Assume an id list 901 } 902 $ids = explode( ',',$type[1] ); 903 $list = $type[0] . '/'; 904 905 // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, 906 907 $result = expand_id_list( $ids ); 908 909 // 1,2,3,4,5,6,9,10,11,12,13,21,22, 910 // I would like 911 // 1-6,9-13,21-22 912 $serial[] = $result[0]; // To be shifted 913 foreach ($result as $k => $id) 914 { 915 $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; 916 if ( $id == $next_less_1 and end($serial)=='-' ) 917 { // nothing to do 918 } 919 elseif ( $id == $next_less_1 ) 920 { 921 $serial[]=$id; 922 $serial[]='-'; 923 } 924 else 925 { 926 $serial[]=$id; // end serie or non serie 927 } 928 } 929 $null = array_shift($serial); // remove first value 930 $list .= array_shift($serial); // add the real first one 931 $separ = ','; 932 foreach ($serial as $id) 933 { 934 $list .= ($id=='-') ? '' : $separ . $id; 935 $separ = ($id=='-') ? '-':','; // add comma except if hyphen 936 } 937 } 938 return $list; 939 } 881 } 882 $result = array_unique ($tid); // remove duplicates... 883 sort ($result); 884 return $result; 885 } 886 940 887 941 888 /** 942 889 * converts a cat-ids array in image-ids array 943 890 * FIXME Function which should already exist somewhere else 944 * */ 891 * */ 945 892 function get_image_ids_for_cats($cat_ids) 946 893 { … … 948 895 $ret_ids = array(); 949 896 $query = ' 950 SELECT DISTINCT image_id 897 SELECT DISTINCT image_id 951 898 FROM '.IMAGE_CATEGORY_TABLE.' 952 899 WHERE category_id in ('.$cat_list.') 953 900 ;'; 954 return $array_from_query($query, 'image_id');901 return array_from_query($query, 'image_id'); 955 902 } 956 903 -
Property
svn:keywords
changed from
Note: See TracChangeset
for help on using the changeset viewer.