tiki-xmlrpc_services.php 11.4 KB
Newer Older
awcolley's avatar
awcolley committed
1
<?php
2
// (c) Copyright 2002-2011 by authors of the Tiki Wiki CMS Groupware Project
changi67's avatar
changi67 committed
3
// 
4 5
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
6
// $Id$
7

8
include_once('tiki-setup.php');
changi67's avatar
changi67 committed
9
require_once("lib/pear/XML/Server.php");
10 11
include_once('lib/blogs/bloglib.php');
if($prefs['feature_xmlrpc'] != 'y') {
awcolley's avatar
awcolley committed
12 13 14 15
  die;  
}

// Build map using webservices
16 17 18 19 20 21 22 23 24
$map = array(
	"blogger.newPost" => array("function" => "newPost"),
	"blogger.getUserInfo" => array("function" => "getUserInfo"),
	"blogger.getPost" => array("function" => "getPost"),
	"blogger.editPost" => array("function" => "editPost"),
	"blogger.deletePost" => array("function" => "deletePost"),
	"blogger.getRecentPosts" => array("function" => "getRecentPosts"),
	"blogger.getUserInfo" => array("function" => "getUserInfo"),
	"blogger.getUsersBlogs" => array("function" => "getUserBlogs")
awcolley's avatar
awcolley committed
25 26
);

27
$s = new XML_RPC_Server($map);
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

function check_individual($user, $blogid, $permName) {
	global $userlib;

	// If the user is admin he can do everything
	if ($userlib->user_has_permission($user, 'tiki_p_blog_admin'))
		return true;

	// If no individual permissions for the object then ok
	if (!$userlib->object_has_one_permission($blogid, 'blog'))
		return true;

	// If the object has individual permissions then check
	// Now get all the permissions that are set for this type of permissions 'image gallery'
	if ($userlib->object_has_permission($user, $blogId, 'blog', $permName)) {
		return true;
	} else {
		return false;
	}
awcolley's avatar
awcolley committed
47 48 49 50
}

/* Validates the user and returns user information */
function getUserInfo($params) {
51 52 53 54 55 56 57 58
	global $tikilib, $userlib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$usernamep = $params->getParam(1);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(2);
	$password = $passwordp->scalarval();
59
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
60

61
	if ($ok) {
62 63 64 65 66 67 68
		$myStruct = new XML_RPC_Value(array(
			"nickname" => new XML_RPC_Value($username),
			"firstname" => new XML_RPC_Value("none"),
			"lastname" => new XML_RPC_Value("none"),
			"email" => new XML_RPC_Value("none"),
			"userid" => new XML_RPC_Value("$username"),
			"url" => new XML_RPC_Value("none")
69 70
		), "struct");

71
		return new XML_RPC_Response($myStruct);
72
	} else {
73
		return new XML_RPC_Response(0, 101, "Invalid username or password");
74
	}
awcolley's avatar
awcolley committed
75
}
76

awcolley's avatar
awcolley committed
77 78
/* Posts a new submission to the CMS */
function newPost($params) {
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$blogid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$content = $passp->scalarval();
	$passp = $params->getParam(5);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
95 96
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
	if (!$ok) {
97
		return new XML_RPC_Response(0, 101, "Invalid username or password");
98 99 100 101
	}

	// Get individual permissions for this weblog if they exist
	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
102
		return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog");
103 104 105 106 107
	}

	// If the blog is not public then check if the user is the owner
	if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
108
			return new XML_RPC_Response(0, 101, "User is not allowed to post");
109 110
		}

111 112
		require_once('lib/blogs/bloglib.php');
		$blog_info = $bloglib->get_blog($blogid);
113 114 115

		if ($blog_info["public"] != 'y') {
			if ($username != $blog_info["user"]) {
116
				return new XML_RPC_Response(0, 101, "User is not allowed to post");
117 118 119 120 121 122 123
			}
		}
	}

	// User ok and can submit then submit the post
	$id = $bloglib->blog_post($blogid, $content, $username);

124
	return new XML_RPC_Response(new XML_RPC_Value("$id"));
awcolley's avatar
awcolley committed
125 126 127 128
}

// :TODO: editPost
function editPost($params) {
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$content = $passp->scalarval();
	$passp = $params->getParam(5);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
145 146
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
	if (!$ok) {
147
		return new XML_RPC_Response(0, 101, "Invalid username or password");
148 149 150
	}

	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
151
		return new XML_RPC_Response(0,
152 153 154 155
			101, "User is not allowed to post to this weblog due to individual restrictions for this weblog therefor the user cannot edit a post");
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
156
		return new XML_RPC_Response(0, 101, "User is not allowed to post");
157 158 159 160 161 162
	}

	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
163
		return new XML_RPC_Response(0, 101, "Post not found");
164 165 166 167
	}

	if ($post_data["user"] != $username) {
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
168
			return new XML_RPC_Response(0, 101, "Permission denied to edit that post since the post does not belong to the user");
169 170 171
		}
	}

172
	$id = $bloglib->update_post($postid, $blogid, $content, $username);
173
	return new XML_RPC_Response(new XML_RPC_Value(1, "boolean"));
awcolley's avatar
awcolley committed
174 175 176 177
}

// :TODO: deletePost
function deletePost($params) {
178 179 180 181 182 183 184 185 186 187 188 189 190 191
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$publish = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
192 193
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
	if (!$ok) {
194
		return new XML_RPC_Response(0, 101, "Invalid username or password");
195
	}
awcolley's avatar
awcolley committed
196

197 198 199 200
	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
201
		return new XML_RPC_Response(0, 101, "Post not found");
202 203 204 205
	}

	if ($post_data["user"] != $username) {
		if (!$userlib->user_has_permission($username, 'tiki_p_blog_admin')) {
206
			return new XML_RPC_Response(0, 101, "Permission denied to edit that post");
207 208 209 210
		}
	}

	$id = $bloglib->remove_post($postid);
211
	return new XML_RPC_Response(new XML_RPC_Value(1, "boolean"));
212
}
awcolley's avatar
awcolley committed
213 214 215 216 217 218 219

// :TODO: getTemplate

// :TODO: setTemplate

// :TODO: getPost
function getPost($params) {
220 221 222 223 224 225 226 227 228 229 230 231
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$postid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();

	// Now check if the user is valid and if the user can post a submission
232 233
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
	if (!$ok) {
234
		return new XML_RPC_Response(0, 101, "Invalid username or password");
235 236 237
	}

	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
238
		return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog");
239 240 241
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
242
		return new XML_RPC_Response(0, 101, "User is not allowed to post");
243 244 245
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_read_blog')) {
246
		return new XML_RPC_Response(0, 101, "Permission denied to read this blog");
247 248 249 250 251 252
	}

	// Now get the post information
	$post_data = $bloglib->get_post($postid);

	if (!$post_data) {
253
		return new XML_RPC_Response(0, 101, "Post not found");
254 255 256 257
	}

	$dateCreated = $tikilib->get_iso8601_datetime($post_data["created"]);
	// added dateTime type for blogger compliant xml tag Joerg Knobloch <joerg@happypenguins.net>
258 259 260 261 262
	$myStruct = new XML_RPC_Value(array(
		"userid" => new XML_RPC_Value($username),
		"dateCreated" => new XML_RPC_Value($dateCreated, "dateTime.iso8601"),
		"content" => new XML_RPC_Value($post_data["data"]),
		"postid" => new XML_RPC_Value($post_data["postId"])
263 264 265
	), "struct");

	// User ok and can submit then submit an article
266
	return new XML_RPC_Response($myStruct);
awcolley's avatar
awcolley committed
267 268 269 270
}

// :TODO: getRecentPosts
function getRecentPosts($params) {
271 272 273 274 275 276 277 278 279 280 281 282 283 284
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$blogidp = $params->getParam(1);
	$blogid = $blogidp->scalarval();
	$usernamep = $params->getParam(2);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(3);
	$password = $passwordp->scalarval();
	$passp = $params->getParam(4);
	$number = $passp->scalarval();

	// Now check if the user is valid and if the user can post a submission
285 286
	list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
	if (!$ok) {
287
		return new XML_RPC_Response(0, 101, "Invalid username or password");
288
	}
awcolley's avatar
awcolley committed
289

290
	if (!check_individual($username, $blogid, 'tiki_p_blog_post')) {
291
		return new XML_RPC_Response(0,
292 293 294 295
			101, "User is not allowed to post to this weblog due to individual restrictions for this weblog therefore the user cannot edit a post");
	}

	if (!$userlib->user_has_permission($username, 'tiki_p_blog_post')) {
296
		return new XML_RPC_Response(0, 101, "User is not allowed to post");
297 298 299
	}

	// Now get the post information
300
	$posts = $bloglib->list_blog_posts($blogid, false, 0, $number, 'created_desc', '', '');
301 302

	if (count($posts) == 0) {
303
		return new XML_RPC_Response(0, 101, "No posts");
304 305 306 307 308 309 310
	}

	$arrayval = array();

	foreach ($posts["data"] as $post) {
		$dateCreated = $tikilib->get_iso8601_datetime($post["created"]);

311 312 313 314 315
		$myStruct = new XML_RPC_Value(array(
			"userid" => new XML_RPC_Value($username),
			"dateCreated" => new XML_RPC_Value($dateCreated, "dateTime.iso8601"),
			"content" => new XML_RPC_Value($post["data"]),
			"postid" => new XML_RPC_Value($post["postId"])
316 317 318 319 320 321
		), "struct");

		$arrayval[] = $myStruct;
	}

	// User ok and can submit then submit an article
322 323
	$myVal = new XML_RPC_Value($arrayval, "array");
	return new XML_RPC_Response($myVal);
324
}
awcolley's avatar
awcolley committed
325 326 327 328 329

// :TODO: tiki.tikiPost

/* Get the topics where the user can post a new */
function getUserBlogs($params) {
330 331 332 333 334 335 336 337 338 339
	global $tikilib, $userlib, $bloglib;

	$appkeyp = $params->getParam(0);
	$appkey = $appkeyp->scalarval();
	$usernamep = $params->getParam(1);
	$username = $usernamep->scalarval();
	$passwordp = $params->getParam(2);
	$password = $passwordp->scalarval();

	$arrayVal = array();
awcolley's avatar
awcolley committed
340

sampaioprimo's avatar
sampaioprimo committed
341
	global $bloglib; require_once('lib/blogs/bloglib.php');
342
	$blogs = $bloglib->list_user_blogs($username, true);
343
	$foo = parse_url($_SERVER["REQUEST_URI"]);
344
	$foo1 = $tikilib->httpPrefix(). str_replace("xmlrpc", "tiki-view_blog", $foo["path"]);
awcolley's avatar
awcolley committed
345

346
	foreach ($blogs as $blog) {
347 348 349 350
		$myStruct = new XML_RPC_Value(array(
			"blogName" => new XML_RPC_Value($blog["title"]),
			"url" => new XML_RPC_Value($foo1 . "?blogId=" . $blog["blogId"]),
			"blogid" => new XML_RPC_Value($blog["blogId"])
351 352 353 354 355
		), "struct");

		$arrayVal[] = $myStruct;
	}

356 357
	$myVal = new XML_RPC_Value($arrayVal, "array");
	return new XML_RPC_Response($myVal);
358
}