mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-06 09:52:29 +02:00
web services:
- respect conf['allow_web_services'] - added conf['ws_max_images_per_page'] to limit the number of images returned per web call - fixes for Vincent's partners - added comments git-svn-id: http://piwigo.org/svn/trunk@1781 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
@@ -588,18 +588,20 @@ $conf['enable_plugins']=true;
|
||||
// | Set default for Web Service |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
// Web services are allowed (true) or completely forbidden (false)
|
||||
$conf['allow_web_services'] = true;
|
||||
|
||||
// Maximum number of images to be returned foreach call to the web service
|
||||
$conf['ws_max_images_per_page'] = 500;
|
||||
|
||||
// On Access control false
|
||||
// Controls are done on public basis or
|
||||
// if connected on member authorization basis
|
||||
|
||||
$conf['ws_access_control'] = false;
|
||||
$conf['ws_access_control'] = false;
|
||||
|
||||
// On Access control true
|
||||
// Additionnal controls are made based on Web Service Access Table
|
||||
|
||||
// Web services are accepted
|
||||
$conf['allow_web_services'] = true;
|
||||
|
||||
// Max returned rows number ( > 0 )
|
||||
$conf['ws_allowed_limit'] = array(1,2,3,5,10,25);
|
||||
|
||||
|
||||
@@ -3,11 +3,10 @@
|
||||
// | PhpWebGallery - a PHP based picture gallery |
|
||||
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | branch : BSF (Best So Far)
|
||||
// | file : $URL: svn+ssh://rvelices@svn.gna.org/svn/phpwebgallery/trunk/action.php $
|
||||
// | last update : $Date: 2006-12-21 18:49:12 -0500 (Thu, 21 Dec 2006) $
|
||||
// | last modifier : $Author: rvelices $
|
||||
// | revision : $Rev: 1678 $
|
||||
// | file : $Id$
|
||||
// | last update : $Date$
|
||||
// | last modifier : $Author$
|
||||
// | revision : $Revision$
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | This program is free software; you can redistribute it and/or modify |
|
||||
// | it under the terms of the GNU General Public License as published by |
|
||||
@@ -142,7 +141,7 @@ class PwgNamedStruct
|
||||
* @link http://php.net/function.array_walk_recursive
|
||||
* @author Tom Buskens <ortega@php.net>
|
||||
* @author Aidan Lister <aidan@php.net>
|
||||
* @version $Revision: 1.7 $
|
||||
* @version $Revision$
|
||||
* @since PHP 5
|
||||
* @require PHP 4.0.6 (is_callable)
|
||||
*/
|
||||
@@ -556,6 +555,10 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
|
||||
{
|
||||
$this->makeArrayParam( $the_param );
|
||||
}
|
||||
if ( isset($options['maxValue']) and $the_param>$options['maxValue'])
|
||||
{
|
||||
$the_param = $options['maxValue'];
|
||||
}
|
||||
$params[$name] = $the_param;
|
||||
}
|
||||
}
|
||||
|
||||
+96
-149
@@ -7,7 +7,7 @@
|
||||
// | file : $Id$
|
||||
// | last update : $Date$
|
||||
// | last modifier : $Author$
|
||||
// | revision : $Rev$
|
||||
// | revision : $Revision$
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | This program is free software; you can redistribute it and/or modify |
|
||||
// | it under the terms of the GNU General Public License as published by |
|
||||
@@ -33,7 +33,8 @@
|
||||
function ws_isInvokeAllowed($res, $methodName, $params)
|
||||
{
|
||||
global $conf, $calling_partner_id;
|
||||
if ( !$conf['ws_access_control'])
|
||||
if ( !$conf['ws_access_control']
|
||||
or strpos($methodName,'reflection.')===0 )
|
||||
{
|
||||
return $res; // No controls are requested
|
||||
}
|
||||
@@ -45,92 +46,88 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
|
||||
$row = mysql_fetch_assoc($result);
|
||||
if ( empty($row) )
|
||||
{
|
||||
return new PwgError(403, 'Partner id does not exist');
|
||||
return new PwgError(403, 'Partner id does not exist or is expired');
|
||||
}
|
||||
if ( !empty($row['request'])
|
||||
and strpos($methodName, $row['request'])==false )
|
||||
{
|
||||
return new PwgError(403, 'Method not allowed');
|
||||
}
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
||||
/**
|
||||
* ws_addControls
|
||||
* returns additionnal controls if requested
|
||||
* usable for 99% of Web Service methods
|
||||
*
|
||||
* - Args
|
||||
* usable for 99% of Web Service methods
|
||||
*
|
||||
* - Args
|
||||
* $methodName: is the requested method
|
||||
* $partner: is the key
|
||||
* $tbl_name: is the alias_name in the query (sometimes called correlation name)
|
||||
* null if !getting picture informations
|
||||
* null if !getting picture informations
|
||||
* - Logic
|
||||
* Access_control is not active: Return
|
||||
* Key is incorrect: Return 0 = 1 (False condition for MySQL)
|
||||
* One of Params doesn't match with type of request: return 0 = 1 again
|
||||
* Access_control is not active: Return
|
||||
* Key is incorrect: Return 0 = 1 (False condition for MySQL)
|
||||
* One of Params doesn't match with type of request: return 0 = 1 again
|
||||
* Access list(id/cat/tag) is converted in expended image-id list
|
||||
* image-id list: converted to an in-where-clause
|
||||
*
|
||||
*
|
||||
* The additionnal in-where-clause is return
|
||||
*/
|
||||
function ws_addControls( $methodName, $tbl_name )
|
||||
*/
|
||||
function ws_addControls( $methodName, &$params, $tbl_name )
|
||||
{
|
||||
global $conf, $calling_partner_id, $params;
|
||||
if ( !$conf['ws_access_control'] )
|
||||
global $conf, $calling_partner_id;
|
||||
if ( !$conf['ws_access_control'] or !isset($calling_partner_id) )
|
||||
{
|
||||
return ' 1 = 1 '; // No controls are requested
|
||||
return '1=1'; // No controls are requested
|
||||
}
|
||||
|
||||
// Is it an active Partner?
|
||||
|
||||
// Is it an active Partner?
|
||||
$query = '
|
||||
SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
|
||||
WHERE `name` = '$calling_partner_id'
|
||||
AND NOW() <= end; ";
|
||||
$result = pwg_query($query);
|
||||
if ( mysql_num_rows( $result ) == 0 )
|
||||
{
|
||||
return ' 0 = 1 '; // Unknown partner or Obsolate agreement
|
||||
{
|
||||
return '0=1'; // Unknown partner or Obsolate agreement
|
||||
}
|
||||
|
||||
|
||||
$row = mysql_fetch_array($result);
|
||||
|
||||
// Method / Request matching
|
||||
// Generic is not ready
|
||||
// For generic you can say... tags. or categories. or images. maybe?
|
||||
$filter = $row['request'];
|
||||
$request_method = substr($methodName, 0, strlen($filter)) ;
|
||||
if ( $filter !== $filter_method )
|
||||
{
|
||||
return ' 0 = 1'; // Unauthorized method request
|
||||
}
|
||||
// Overide general object limit
|
||||
// Overide general object limit
|
||||
$params['per_page'] = $row['limit'];
|
||||
|
||||
|
||||
// Target restrict
|
||||
// 3 cases: list, cat or tag
|
||||
// Behind / we could found img-ids, cat-ids or tag-ids
|
||||
$target = $row['access'];
|
||||
list($type, $str_ids) = explode('/',$target); // Find type list
|
||||
|
||||
$ids = explode( ',',$str_ids );
|
||||
// (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
|
||||
$arr_ids = expand_id_list( $ids );
|
||||
$addings = implode(',', $arr_ids);
|
||||
// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
|
||||
if ( $type = 'list')
|
||||
$arr_ids = expand_id_list( explode( ',',$str_ids ) );
|
||||
$addings = implode(',', $arr_ids);
|
||||
// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
|
||||
if ( $type == 'list')
|
||||
{
|
||||
return $tbl_name . 'id IN ( ' . $addings . ' ) ';
|
||||
}
|
||||
|
||||
if ( $type = 'cat' )
|
||||
|
||||
if ( $type == 'cat' )
|
||||
{
|
||||
$addings = implode(',', get_image_ids_for_cats($arr_ids));
|
||||
return $tbl_name . 'id IN ( ' . $addings . ' ) ';
|
||||
}
|
||||
|
||||
if ( $type = 'tag' )
|
||||
{
|
||||
|
||||
if ( $type == 'tag' )
|
||||
{
|
||||
$addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));
|
||||
return $tbl_name . 'id IN ( ' . $addings . ' ) ';
|
||||
}
|
||||
// Unmanaged new type?
|
||||
return ' 0 = 1 '; // ???
|
||||
return ' 0 = 1 '; // ???
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -247,14 +244,18 @@ function ws_std_get_urls($image_row)
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns PWG version (web service method)
|
||||
*/
|
||||
function ws_getVersion($params, &$service)
|
||||
{
|
||||
// TODO = Version availability is under control of $conf['show_version']
|
||||
return PHPWG_VERSION;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns images per category (wb service method)
|
||||
* returns images per category (web service method)
|
||||
*/
|
||||
function ws_categories_getImages($params, &$service)
|
||||
{
|
||||
@@ -308,10 +309,12 @@ SELECT id, name, image_order
|
||||
$where_clauses[] = 'category_id IN ('
|
||||
.implode(',', array_keys($cats) )
|
||||
.')';
|
||||
$where_clauses[] = get_sql_condition_FandF( array(
|
||||
'visible_images' => 'i.id'
|
||||
), null, true
|
||||
);
|
||||
$where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' );
|
||||
|
||||
$where_clause[] =
|
||||
ws_addControls( 'categories.getImages', 'i.' );
|
||||
|
||||
$order_by = ws_std_image_sql_order($params, 'i.');
|
||||
if (empty($order_by))
|
||||
{// TODO check for category order by (image_order)
|
||||
@@ -396,8 +399,9 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns a list of categories
|
||||
* returns a list of categories (web service method)
|
||||
*/
|
||||
function ws_categories_getList($params, &$service)
|
||||
{
|
||||
@@ -466,6 +470,10 @@ ORDER BY global_rank';
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns detailed information for an element (web service method)
|
||||
*/
|
||||
function ws_images_getInfo($params, &$service)
|
||||
{
|
||||
@include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
|
||||
@@ -475,7 +483,7 @@ function ws_images_getInfo($params, &$service)
|
||||
{
|
||||
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
|
||||
}
|
||||
|
||||
|
||||
$query='
|
||||
SELECT * FROM '.IMAGES_TABLE.'
|
||||
WHERE id='.$params['image_id'].
|
||||
@@ -483,7 +491,7 @@ SELECT * FROM '.IMAGES_TABLE.'
|
||||
array('visible_images' => 'id'),
|
||||
' AND'
|
||||
).' AND '.
|
||||
ws_addControls( 'images.getInfo', '' ).'
|
||||
ws_addControls( 'images.getInfo', $params, '' ).'
|
||||
LIMIT 1;';
|
||||
|
||||
$image_row = mysql_fetch_assoc(pwg_query($query));
|
||||
@@ -600,6 +608,9 @@ SELECT COUNT(rate) AS count
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* perform a login (web service method)
|
||||
*/
|
||||
function ws_session_login($params, &$service)
|
||||
{
|
||||
global $conf;
|
||||
@@ -615,6 +626,10 @@ function ws_session_login($params, &$service)
|
||||
return new PwgError(999, 'Invalid username/password');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* performs a logout (web service method)
|
||||
*/
|
||||
function ws_session_logout($params, &$service)
|
||||
{
|
||||
global $user, $conf;
|
||||
@@ -642,6 +657,9 @@ function ws_session_getStatus($params, &$service)
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns a list of tags (web service method)
|
||||
*/
|
||||
function ws_tags_getList($params, &$service)
|
||||
{
|
||||
global $user;
|
||||
@@ -669,6 +687,10 @@ function ws_tags_getList($params, &$service)
|
||||
return array('tags' => new PwgNamedArray($tags, 'tag', array('id','url_name','url', 'counter' )) );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns a list of images for tags (web service method)
|
||||
*/
|
||||
function ws_tags_getImages($params, &$service)
|
||||
{
|
||||
@include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
|
||||
@@ -709,7 +731,7 @@ function ws_tags_getImages($params, &$service)
|
||||
|
||||
$image_ids = array();
|
||||
$image_tag_map = array();
|
||||
|
||||
|
||||
if ( !empty($tag_ids) )
|
||||
{ // build list of image ids with associated tags per image
|
||||
if ($params['tag_mode_and'])
|
||||
@@ -747,8 +769,7 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids
|
||||
'', true
|
||||
);
|
||||
$where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
|
||||
$where_clause[] =
|
||||
ws_addControls( 'tags.getImages', 'i.' );
|
||||
$where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' );
|
||||
|
||||
$order_by = ws_std_image_sql_order($params);
|
||||
if (empty($order_by))
|
||||
@@ -830,128 +851,54 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* official_req returns the managed requests list in array format
|
||||
* FIXME A New list need to be build for ws_checker.php
|
||||
* returns array of authrorized request/methods
|
||||
* */
|
||||
function official_req()
|
||||
{
|
||||
$official = array( /* Requests are limited to */
|
||||
'categories.' /* all categories. methods */
|
||||
, 'categories.getImages' /* <= see */
|
||||
, 'categories.getList' /* <= see */
|
||||
, 'images.' /* all images. methods */
|
||||
, 'images.getInfo' /* <= see */
|
||||
, 'tags.' /* all tags. methods */
|
||||
, 'tags.getImages' /* <= see */
|
||||
, 'tags.getList' /* <= see */
|
||||
);
|
||||
if (function_exists('local_req')) {
|
||||
$local = local_req();
|
||||
return array_merge( $official, $local );
|
||||
}
|
||||
return $official;
|
||||
}
|
||||
|
||||
/**
|
||||
* expand_id_list($ids) convert a human list expression to a full ordered list
|
||||
* example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)
|
||||
* */
|
||||
* */
|
||||
function expand_id_list($ids)
|
||||
{
|
||||
$tid = array();
|
||||
foreach ( $ids as $id )
|
||||
$tid = array();
|
||||
foreach ( $ids as $id )
|
||||
{
|
||||
if ( is_numeric($id) )
|
||||
{
|
||||
if ( is_numeric($id) )
|
||||
$tid[] = (int) $id;
|
||||
}
|
||||
else
|
||||
{
|
||||
$range = explode( '-', $id );
|
||||
if ( is_numeric($range[0]) and is_numeric($range[1]) )
|
||||
{
|
||||
$tid[] = (int) $id;
|
||||
}
|
||||
else
|
||||
{
|
||||
$range = explode( '-', $id );
|
||||
if ( is_numeric($range[0]) and is_numeric($range[1]) )
|
||||
$from = min($range[0],$range[1]);
|
||||
$to = max($range[0],$range[1]);
|
||||
for ($i = $from; $i <= $to; $i++)
|
||||
{
|
||||
$from = min($range[0],$range[1]);
|
||||
$to = max($range[0],$range[1]);
|
||||
for ($i = $from; $i <= $to; $i++)
|
||||
{
|
||||
$tid[] = (int) $i;
|
||||
}
|
||||
$tid[] = (int) $i;
|
||||
}
|
||||
}
|
||||
}
|
||||
$result = array_unique ($tid); // remove duplicates...
|
||||
sort ($result);
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* check_target($string) verifies and corrects syntax of target parameter
|
||||
* example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27
|
||||
* */
|
||||
function check_target($list)
|
||||
{
|
||||
if ( $list !== '' )
|
||||
{
|
||||
$type = explode('/',$list); // Find type list
|
||||
if ( !in_array($type[0],array('list','cat','tag') ) )
|
||||
{
|
||||
$type[0] = 'list'; // Assume an id list
|
||||
}
|
||||
$ids = explode( ',',$type[1] );
|
||||
$list = $type[0] . '/';
|
||||
|
||||
// 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
|
||||
|
||||
$result = expand_id_list( $ids );
|
||||
|
||||
// 1,2,3,4,5,6,9,10,11,12,13,21,22,
|
||||
// I would like
|
||||
// 1-6,9-13,21-22
|
||||
$serial[] = $result[0]; // To be shifted
|
||||
foreach ($result as $k => $id)
|
||||
{
|
||||
$next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1;
|
||||
if ( $id == $next_less_1 and end($serial)=='-' )
|
||||
{ // nothing to do
|
||||
}
|
||||
elseif ( $id == $next_less_1 )
|
||||
{
|
||||
$serial[]=$id;
|
||||
$serial[]='-';
|
||||
}
|
||||
else
|
||||
{
|
||||
$serial[]=$id; // end serie or non serie
|
||||
}
|
||||
}
|
||||
$null = array_shift($serial); // remove first value
|
||||
$list .= array_shift($serial); // add the real first one
|
||||
$separ = ',';
|
||||
foreach ($serial as $id)
|
||||
{
|
||||
$list .= ($id=='-') ? '' : $separ . $id;
|
||||
$separ = ($id=='-') ? '-':','; // add comma except if hyphen
|
||||
}
|
||||
}
|
||||
return $list;
|
||||
$result = array_unique ($tid); // remove duplicates...
|
||||
sort ($result);
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* converts a cat-ids array in image-ids array
|
||||
* FIXME Function which should already exist somewhere else
|
||||
* */
|
||||
* */
|
||||
function get_image_ids_for_cats($cat_ids)
|
||||
{
|
||||
$cat_list = implode(',', $cat_ids);
|
||||
$ret_ids = array();
|
||||
$query = '
|
||||
SELECT DISTINCT image_id
|
||||
SELECT DISTINCT image_id
|
||||
FROM '.IMAGE_CATEGORY_TABLE.'
|
||||
WHERE category_id in ('.$cat_list.')
|
||||
;';
|
||||
return $array_from_query($query, 'image_id');
|
||||
return array_from_query($query, 'image_id');
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user