tiki-xmlrpc_services.php 12.3 KB
Newer Older
awcolley's avatar
awcolley committed
1
<?php
changi67's avatar
changi67 committed
2 3 4
/**
 * @package tikiwiki
 */
5
// (c) Copyright 2002-2016 by authors of the Tiki Wiki CMS Groupware Project
6
//
7 8
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
9
// $Id$
10

11
include_once('tiki-setup.php');
12
$bloglib = TikiLib::lib('blog');
13

14
if ($prefs['feature_xmlrpc'] != 'y') {
15
	die;
awcolley's avatar
awcolley committed
16 17 18
}

// Build map using webservices
19
$map = array(
20 21 22 23 24 25 26
	'blogger.newPost' => array('function' => 'newPost'),
	'blogger.getUserInfo' => array('function' => 'getUserInfo'),
	'blogger.getPost' => array('function' => 'getPost'),
	'blogger.editPost' => array('function' => 'editPost'),
	'blogger.deletePost' => array('function' => 'deletePost'),
	'blogger.getRecentPosts' => array('function' => 'getRecentPosts'),
	'blogger.getUsersBlogs' => array('function' => 'getUserBlogs')
awcolley's avatar
awcolley committed
27 28
);

29
$s = new XML_RPC_Server($map);
30

31 32 33 34 35 36
/**
 * @param $user
 * @param $blogid
 * @param $permName
 * @return bool
 */
37 38
function check_individual($user, $blogid, $permName)
{
39
	$userlib = TikiLib::lib('user');
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

	// If the user is admin he can do everything
	if ($userlib->user_has_permission($user, 'tiki_p_blog_admin'))
		return true;

	// If no individual permissions for the object then ok
	if (!$userlib->object_has_one_permission($blogid, 'blog'))
		return true;

	// If the object has individual permissions then check
	// Now get all the permissions that are set for this type of permissions 'image gallery'
	if ($userlib->object_has_permission($user, $blogId, 'blog', $permName)) {
		return true;
	} else {
		return false;
	}
awcolley's avatar
awcolley committed
56 57 58
}

/* Validates the user and returns user information */
59 60 61 62
/**
 * @param $params
 * @return XML_RPC_Response
 */
63 64
function getUserInfo($params)
{
65 66
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
67 68 69 70 71 72 73

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$usernamep = $params->getParam(1);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(2);
	$password = $passwordp->scalarval();
74
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
75

76
	if ($ok) {
77
		$myStruct = new XML_RPC_Value(
78 79 80 81 82 83 84 85 86
			array(
				'nickname' => new XML_RPC_Value($username),
				'firstname' => new XML_RPC_Value('none'),
				'lastname' => new XML_RPC_Value('none'),
				'email' => new XML_RPC_Value('none'),
				'userid' => new XML_RPC_Value('$username'),
				'url' => new XML_RPC_Value('none')
			),
			'struct'
87
		);
88

89
		return new XML_RPC_Response($myStruct);
90
	} else {
91
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
92
	}
awcolley's avatar
awcolley committed
93
}
94

awcolley's avatar
awcolley committed
95
/* Posts a new submission to the CMS */
96 97 98 99
/**
 * @param $params
 * @return XML_RPC_Response
 */
100 101
function newPost($params)
{
102 103 104
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$blogid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$content = $passp->scalarval();
	$passp = $params->getParam(5);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
120
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
121
	if (!$ok) {
122
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
123 124 125 126
	}

	// Get individual permissions for this weblog if they exist
	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
127
		return new XML_RPC_Response(0, 101, 'User is not allowed to post to this weblog due to individual restrictions for this weblog');
128 129 130 131 132
	}

	// If the blog is not public then check if the user is the owner
	if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
133
			return new XML_RPC_Response(0, 101, 'User is not allowed to post');
134 135
		}

136
		$bloglib = TikiLib::lib('blog');
137
		$blog_info = $bloglib->get_blog($blogid);
138

139 140 141
		if ($blog_info['public'] != 'y') {
			if ($username != $blog_info['user']) {
				return new XML_RPC_Response(0, 101, 'User is not allowed to post');
142 143 144 145 146 147 148
			}
		}
	}

	// User ok and can submit then submit the post
	$id = $bloglib->blog_post($blogid, $content, $username);

149
	return new XML_RPC_Response(new XML_RPC_Value("$id"));
awcolley's avatar
awcolley committed
150 151 152
}

// :TODO: editPost
153 154 155 156
/**
 * @param $params
 * @return XML_RPC_Response
 */
157 158
function editPost($params)
{
159 160 161
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$content = $passp->scalarval();
	$passp = $params->getParam(5);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
177
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
178
	if (!$ok) {
179
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
180 181 182
	}

	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
183
		return new XML_RPC_Response(
184 185 186
			0,
			101,
			'User is not allowed to post to this weblog due to individual restrictions for this weblog therefor the user cannot edit a post'
187
		);
188 189 190
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
191
		return new XML_RPC_Response(0, 101, 'User is not allowed to post');
192 193 194 195 196 197
	}

	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
198
		return new XML_RPC_Response(0, 101, 'Post not found');
199 200
	}

201
	if ($post_data['user'] != $username) {
202
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
203
			return new XML_RPC_Response(0, 101, 'Permission denied to edit that post since the post does not belong to the user');
204 205 206
		}
	}

207
	$id = $bloglib->update_post($postid, $blogid, $content, $username);
208
	return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
awcolley's avatar
awcolley committed
209 210 211
}

// :TODO: deletePost
212 213 214 215
/**
 * @param $params
 * @return XML_RPC_Response
 */
216 217
function deletePost($params)
{
218 219 220
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
221 222 223 224 225 226 227 228 229 230 231 232 233

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
234
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
235
	if (!$ok) {
236
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
237
	}
awcolley's avatar
awcolley committed
238

239 240 241 242
	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
243
		return new XML_RPC_Response(0, 101, 'Post not found');
244 245
	}

246
	if ($post_data['user'] != $username) {
247
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
248
			return new XML_RPC_Response(0, 101, 'Permission denied to edit that post');
249 250 251 252
		}
	}

	$id = $bloglib->remove_post($postid);
253
	return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
254
}
awcolley's avatar
awcolley committed
255 256 257 258 259 260

// :TODO: getTemplate

// :TODO: setTemplate

// :TODO: getPost
261 262 263 264
/**
 * @param $params
 * @return XML_RPC_Response
 */
265 266
function getPost($params)
{
267 268 269
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
270 271 272 273 274 275 276 277 278 279 280

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();

	// Now check if the user is valid and if the user can post a submission
281
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
282
	if (!$ok) {
283
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
284 285 286
	}

	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
287
		return new XML_RPC_Response(0, 101, 'User is not allowed to post to this weblog due to individual restrictions for this weblog');
288 289 290
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
291
		return new XML_RPC_Response(0, 101, 'User is not allowed to post');
292 293 294
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_read_blog')) {
295
		return new XML_RPC_Response(0, 101, 'Permission denied to read this blog');
296 297 298 299 300 301
	}

	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
302
		return new XML_RPC_Response(0, 101, 'Post not found');
303 304
	}

305
	$dateCreated = $tikilib->get_iso8601_datetime($post_data['created']);
306
	// added dateTime type for blogger compliant xml tag Joerg Knobloch <joerg@happypenguins.net>
307
	$myStruct = new XML_RPC_Value(
308 309 310 311 312 313 314
		array(
			'userid' => new XML_RPC_Value($username),
			'dateCreated' => new XML_RPC_Value($dateCreated, 'dateTime.iso8601'),
			'content' => new XML_RPC_Value($post_data['data']),
			'postid' => new XML_RPC_Value($post_data['postId'])
		),
		'struct'
315
	);
316 317

	// User ok and can submit then submit an article
318
	return new XML_RPC_Response($myStruct);
awcolley's avatar
awcolley committed
319 320 321
}

// :TODO: getRecentPosts
322 323 324 325
/**
 * @param $params
 * @return XML_RPC_Response
 */
326 327
function getRecentPosts($params)
{
328 329 330
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
331 332 333 334 335 336 337 338 339 340 341 342 343

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$blogid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$number = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
344
	list($ok, $username, $e) = $userlib->validate_user($username, $password, '', '');
345
	if (!$ok) {
346
		return new XML_RPC_Response(0, 101, 'Invalid username or password');
347
	}
awcolley's avatar
awcolley committed
348

349
	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
350
		return new XML_RPC_Response(
351 352 353
			0,
			101,
			'User is not allowed to post to this weblog due to individual restrictions for this weblog therefore the user cannot edit a post'
354
		);
355 356 357
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
358
		return new XML_RPC_Response(0, 101, 'User is not allowed to post');
359 360 361
	}

	// Now get the post information
362
	$posts = $bloglib->list_blog_posts($blogid, false, 0, $number, 'created_desc', '', '');
363 364

	if (count($posts) == 0) {
365
		return new XML_RPC_Response(0, 101, 'No posts');
366 367 368 369
	}

	$arrayval = array();

370 371
	foreach ($posts['data'] as $post) {
		$dateCreated = $tikilib->get_iso8601_datetime($post['created']);
372

373
		$myStruct = new XML_RPC_Value(
374 375 376 377 378 379 380
			array(
				'userid' => new XML_RPC_Value($username),
				'dateCreated' => new XML_RPC_Value($dateCreated, 'dateTime.iso8601'),
				'content' => new XML_RPC_Value($post['data']),
				'postid' => new XML_RPC_Value($post['postId'])
			),
			'struct'
381
		);
382 383 384 385 386

		$arrayval[] = $myStruct;
	}

	// User ok and can submit then submit an article
387
	$myVal = new XML_RPC_Value($arrayval, 'array');
388
	return new XML_RPC_Response($myVal);
389
}
awcolley's avatar
awcolley committed
390 391 392 393

// :TODO: tiki.tikiPost

/* Get the topics where the user can post a new */
394 395 396 397
/**
 * @param $params
 * @return XML_RPC_Response
 */
398 399
function getUserBlogs($params)
{
400 401 402
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$bloglib = TikiLib::lib('blog');
403 404 405 406 407 408 409 410 411

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$usernamep = $params->getParam(1);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(2);
	$password = $passwordp->scalarval();

	$arrayVal = array();
awcolley's avatar
awcolley committed
412

413
	$blogs = $bloglib->list_user_blogs($username, true);
414 415
	$foo = parse_url($_SERVER['REQUEST_URI']);
	$foo1 = $tikilib->httpPrefix() . str_replace('xmlrpc', 'tiki-view_blog', $foo['path']);
awcolley's avatar
awcolley committed
416

417
	foreach ($blogs as $blog) {
418
		$myStruct = new XML_RPC_Value(
419 420 421 422 423 424
			array(
				'blogName' => new XML_RPC_Value($blog['title']),
				'url' => new XML_RPC_Value($foo1 . '?blogId=' . $blog['blogId']),
				'blogid' => new XML_RPC_Value($blog['blogId'])
			),
			'struct'
425
		);
426 427 428 429

		$arrayVal[] = $myStruct;
	}

430
	$myVal = new XML_RPC_Value($arrayVal, 'array');
431
	return new XML_RPC_Response($myVal);
432
}