diff options
| author | Marvin Borner | 2018-05-12 18:20:20 +0200 |
|---|---|---|
| committer | Marvin Borner | 2018-05-12 18:20:20 +0200 |
| commit | 6b94510cdfa8d5b724cc43f4ff3e699c94a122fa (patch) | |
| tree | 92f232b34d5ddf61e14540a82f578ec470108ae9 /main/app/sprinkles/admin/src | |
| parent | d70be1a7a2b94cf1f30f6f4193a27eabcc84fe54 (diff) | |
Added basic follower apis to verify access to write/encrypt chat messages
Diffstat (limited to 'main/app/sprinkles/admin/src')
| -rw-r--r-- | main/app/sprinkles/admin/src/Controller/UserController.php | 155 | ||||
| -rw-r--r-- | main/app/sprinkles/admin/src/Controller/WormholeController.php | 6 |
2 files changed, 117 insertions, 44 deletions
diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php index be98f02..7ff191c 100644 --- a/main/app/sprinkles/admin/src/Controller/UserController.php +++ b/main/app/sprinkles/admin/src/Controller/UserController.php @@ -246,15 +246,15 @@ class UserController extends SimpleController $PublicKey = $request->getParsedBody()["PublicKey"]; if ($this->ci->currentUser->id === $requestedUser->id && (Capsule::table('public_keys') - ->where('UserID', "=", $requestedUser->id) + ->where('user_id', "=", $requestedUser->id) ->exists()) === FALSE) { Capsule::table('public_keys') - ->insert(['UserID' => $requestedUser->id, 'Key' => substr(substr($PublicKey, 100), 0,-40)]); + ->insert(['user_id' => $requestedUser->id, 'key' => substr(substr($PublicKey, 100), 0,-40)]); return $response->withStatus(200); } else if ($this->ci->currentUser->id === $requestedUser->id) { Capsule::table('public_keys') - ->where('UserID', $requestedUser->id) - ->update(['Key' => substr(substr($PublicKey, 100), 0,-40)]); + ->where('user_id', $requestedUser->id) + ->update(['key' => substr(substr($PublicKey, 100), 0,-40)]); return $response->withStatus(200); } else { throw new ForbiddenException(); @@ -262,43 +262,6 @@ class UserController extends SimpleController } /** - * Gets the users public key - * Request type: GET - */ - public function getPublicKey($request, $response, $args) { - $requestedUser = $this->getUserFromParams($args); - - if (!$requestedUser) { - throw new NotFoundException($request, $response); - } - - if ((Capsule::table('public_keys') - ->where('UserID', "=", $requestedUser->id) - ->exists()) === TRUE) { - - $RawPublicKey = Capsule::table('public_keys') - ->where('UserID', "=", $requestedUser->id) - ->value('Key'); - $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----"; - - $ContentType = explode(',', $request->getHeaderLine('Accept'))[0]; - switch ($ContentType) { - case 'application/json': - $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey))); - break; - case 'text/html': - $response->write("<pre>" . $PublicKey); - break; - default: - $response->write($PublicKey); - } - return $response->withStatus(200); - } else { - throw new NotFoundException(); - } - } - - /** * Processes the request to delete an existing user. * * Deletes the specified user, removing any existing associations. @@ -1031,6 +994,116 @@ class UserController extends SimpleController } /** + * Gets the users public key + * Request type: GET + */ + public function getPublicKey($request, $response, $args) { + $requestedUser = $this->getUserFromParams($args); + + if (!$requestedUser) { + throw new NotFoundException($request, $response); + } + + if ((Capsule::table('public_keys') + ->where('user_id', "=", $requestedUser->id) + ->exists()) === TRUE) { + + $RawPublicKey = Capsule::table('public_keys') + ->where('user_id', "=", $requestedUser->id) + ->value('key'); + $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----"; + + $ContentType = explode(',', $request->getHeaderLine('Accept'))[0]; + switch ($ContentType) { + case 'application/json': + $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey))); + break; + case 'text/html': + $response->write("<pre>" . $PublicKey); + break; + default: + $response->write($PublicKey); + } + return $response->withStatus(200); + } else { + throw new NotFoundException(); + } + } + + /** + * Gets the users which are following the requested user + * Request type: GET + */ + public function getFollowers($request, $response, $args) { + $user = $this->getUserFromParams($args); + + // If the user doesn't exist, return 404 + if (!$user) { + throw new NotFoundException($request, $response); + } + + $UsersFollowers = Capsule::table('user_follow') + ->where('user_id', "=", $user->id) + ->join("users", "users.id", "=", "user_follow.followed_by_id") + ->select("user_follow.followed_by_id as id", "users.user_name as username") + ->get(); + + /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ + $authorizer = $this->ci->authorizer; + + /** @var UserFrosting\Sprinkle\Account\Database\Models\User $currentUser */ + $currentUser = $this->ci->currentUser; + + // Access-controlled page + if (!$authorizer->checkAccess($currentUser, 'uri_user', [ + 'user' => $user + ])) { + throw new ForbiddenException(); + } + + $result = $UsersFollowers->toArray(); + + return $response->withJson($result, 200, JSON_PRETTY_PRINT); + } + + /** + * Get users which the user follows + * Request type: GET + */ + public function getFollows($request, $response, $args) { + $user = $this->getUserFromParams($args); + + // If the user doesn't exist, return 404 + if (!$user) { + throw new NotFoundException($request, $response); + } + + $UsersFollowers = Capsule::table('user_follow') + ->where('followed_by_id', "=", $user->id) + ->join("users", "users.id", "=", "user_follow.user_id") + ->select("user_follow.user_id as id", "users.user_name as username") + ->get(); + + /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ + $authorizer = $this->ci->authorizer; + + /** @var UserFrosting\Sprinkle\Account\Database\Models\User $currentUser */ + $currentUser = $this->ci->currentUser; + + // Access-controlled page + if (!$authorizer->checkAccess($currentUser, 'uri_user', [ + 'user' => $user + ])) { + throw new ForbiddenException(); + } + + $result = $UsersFollowers->toArray(); + + return $response->withJson($result, 200, JSON_PRETTY_PRINT); + } + + + /** * Processes the request to update an existing user's basic details (first_name, last_name, email, locale, group_id) * * Processes the request from the user update form, checking that: diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php index d70fbbc..ecefe33 100644 --- a/main/app/sprinkles/admin/src/Controller/WormholeController.php +++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php @@ -70,12 +70,12 @@ class WormholeController extends SimpleController $classMapper = $this->ci->classMapper; $user = $classMapper->createInstance('user') ->where('user_name', $user->user_name) - ->joinLastActivity() - ->with('lastActivity', 'group') + ->join("user_follow", "users.id", "=", "user_follow.user_id") + ->select("*") ->first(); $result = $user->toArray(); - $result["avatar"] = $user->avatar; + //$result["avatar"] = $user->avatar; return $response->withJson($result, 200, JSON_PRETTY_PRINT); } } |