Ignore:
Timestamp:
Nov 2, 2010, 12:33:19 AM (13 years ago)
Author:
plg
Message:

add method pwg.categories.move (pwg_token required) with many input checks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/pwg_images_addSimple/main.inc.php

    r7533 r7566  
    5757    'Delete categories. You can give several category_ids, comma separated'
    5858    );
     59
     60  $service->addMethod(
     61    'pwg.categories.move',
     62    'ws_categories_move',
     63    array(
     64      'category_id'=>array('default'=>0),
     65      'parent'=>array('default'=>0),
     66      'pwg_token' => array('default' => null),
     67      ),
     68    'Move categories. You can give several category_ids, comma separated. Set parent as 0 to move to gallery root. Only virtual categories can be moved.'
     69    );
    5970}
    6071
     
    270281  delete_elements($image_ids_orphans, true);
    271282}
     283
     284function ws_categories_move($params, &$service)
     285{
     286  global $conf, $page;
     287 
     288  if (!is_admin() || is_adviser() )
     289  {
     290    return new PwgError(401, 'Access denied');
     291  }
     292
     293  if (!$service->isPost())
     294  {
     295    return new PwgError(405, "This method requires HTTP POST");
     296  }
     297
     298  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
     299  {
     300    return new PwgError(403, 'Invalid security token');
     301  }
     302
     303  $params['category_id'] = preg_split(
     304    '/[\s,;\|]/',
     305    $params['category_id'],
     306    -1,
     307    PREG_SPLIT_NO_EMPTY
     308    );
     309  $params['category_id'] = array_map('intval', $params['category_id']);
     310
     311  $category_ids = array();
     312  foreach ($params['category_id'] as $category_id)
     313  {
     314    if ($category_id > 0)
     315    {
     316      array_push($category_ids, $category_id);
     317    }
     318  }
     319
     320  if (count($category_ids) == 0)
     321  {
     322    return new PwgError(403, 'Invalid category_id input parameter, no category to move');
     323  }
     324
     325  // we can't move physical categories
     326  $categories_in_db = array();
     327 
     328  $query = '
     329SELECT
     330    id,
     331    name,
     332    dir
     333  FROM '.CATEGORIES_TABLE.'
     334  WHERE id IN ('.implode(',', $category_ids).')
     335;';
     336  $result = pwg_query($query);
     337  while ($row = pwg_db_fetch_assoc($result))
     338  {
     339    $categories_in_db[$row['id']] = $row;
     340    // we break on error at first physical category detected
     341    if (!empty($row['dir']))
     342    {
     343      $row['name'] = strip_tags(
     344        trigger_event(
     345          'render_category_name',
     346          $row['name'],
     347          'ws_categories_move'
     348          )
     349        );
     350     
     351      return new PwgError(
     352        403,
     353        sprintf(
     354          'Category %s (%u) is not a virtual category, you cannot move it',
     355          $row['name'],
     356          $row['id']
     357          )
     358        );
     359    }
     360  }
     361
     362  if (count($categories_in_db) != count($category_ids))
     363  {
     364    $unknown_category_ids = array_diff($category_ids, array_keys($categories_in_db));
     365   
     366    return new PwgError(
     367      403,
     368      sprintf(
     369        'Category %u does not exist',
     370        $unknown_category_ids[0]
     371        )
     372      );
     373  }
     374
     375  // does this parent exists? This check should be made in the
     376  // move_categories function, not here
     377  //
     378  // 0 as parent means "move categories at gallery root"
     379  if (!is_numeric($params['parent']))
     380  {
     381    return new PwgError(403, 'Invalid parent input parameter');
     382  }
     383 
     384  if (0 != $params['parent']) {
     385    $params['parent'] = intval($params['parent']);
     386    $subcat_ids = get_subcat_ids(array($params['parent']));
     387    if (count($subcat_ids) == 0)
     388    {
     389      return new PwgError(403, 'Unknown parent category id');
     390    }
     391  }
     392
     393  $page['infos'] = array();
     394  $page['errors'] = array();
     395  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
     396  move_categories($category_ids, $params['parent']);
     397
     398  if (count($page['errors']) != 0)
     399  {
     400    return new PwgError(403, implode('; ', $page['errors']));
     401  }
     402}
    272403?>
Note: See TracChangeset for help on using the changeset viewer.