ComunicAPI/RestControllers/PostsController.php

652 lines
18 KiB
PHP
Raw Normal View History

2017-12-24 15:35:50 +00:00
<?php
/**
* Restserver controller
*
* Posts controller
*
* @author Pierre HUBERT
*/
2018-04-22 12:05:14 +00:00
class PostsController {
2017-12-24 16:45:05 +00:00
2018-01-10 05:59:28 +00:00
/**
* Visibility levels for the API
*/
const VISIBILITY_LEVELS_API = array(
Posts::VISIBILITY_PUBLIC => "public",
Posts::VISIBILITY_FRIENDS => "friends",
Posts::VISIBILITY_USER => "private",
Posts::VISIBILITY_GROUP_MEMBERS => "members",
2018-01-10 05:59:28 +00:00
);
2018-01-09 05:49:13 +00:00
/**
* Access levels for the POST for the api
*/
const ACCESS_LEVEL_API = array(
Posts::NO_ACCESS => "no-access",
Posts::BASIC_ACCESS => "basic",
Posts::INTERMEDIATE_ACCESS => "intermediate",
Posts::FULL_ACCESS => "full"
);
2017-12-24 16:45:05 +00:00
/**
* Get user posts
*
* @url POST /posts/get_user
*/
public function getUserPosts(){
//Get user ID
$userID = getPostUserID("userID");
//Check if user is allowed to access informations or not
if(!CS::get()->components->user->userAllowed(userID, $userID))
Rest_fatal_error(401, "You are not allowed to access this user posts !");
//Check if there is a startpoint for the posts
if(isset($_POST['startFrom'])){
$startFrom = toInt($_POST['startFrom']);
}
else
$startFrom = 0; //No start point
2017-12-25 08:58:30 +00:00
//Get the post of the user
2017-12-31 16:48:26 +00:00
$posts = CS::get()->components->posts->getUserPosts(userID, $userID, $startFrom);
2017-12-25 08:58:30 +00:00
2018-02-03 14:40:55 +00:00
//Return parsed list of posts
return $this->parsePostsList($posts);
}
2018-01-09 05:44:34 +00:00
/**
* Get group posts
*
* @url POST /posts/get_group
*/
public function getGroupPosts(){
//Get group ID
$groupID = getPostGroupIdWithAccess("groupID", GroupInfo::VIEW_ACCESS);
//Get the startpoint for the posts
$startFrom = postInt("startFrom", 0);
//Check whether the user can see members only posts or not
$membershipLevel = components()->groups->getMembershipLevel(userID, $groupID);
$seeAllPosts = $membershipLevel <= GroupMember::MEMBER;
//Get the posts of the group
$posts = components()->posts->getGroupPosts($groupID, $seeAllPosts, $startFrom);
//Return parsed list of posts
return $this->parsePostsList($posts);
}
2018-02-03 14:40:55 +00:00
/**
* Get the latest posts for the user
*
* @url POST /posts/get_latest
*/
public function get_latest_posts(){
user_login_required();
2018-01-10 05:59:28 +00:00
2018-02-03 14:40:55 +00:00
//Check if there is a startpoint for the posts
if(isset($_POST['startFrom'])){
$startFrom = toInt($_POST['startFrom']);
2018-01-09 05:44:34 +00:00
}
2018-02-03 14:40:55 +00:00
else
$startFrom = 0; //No start point
//Check whether groups posts should be included or not
$include_groups = isset($_POST['include_groups']) ? postBool("include_groups") : FALSE;
2018-02-03 14:40:55 +00:00
//Get the post of the user
$posts = CS::get()->components->posts->get_latest(userID, $startFrom, 10, $include_groups);
2018-02-03 14:40:55 +00:00
//Return parsed list of posts
return $this->parsePostsList($posts);
2018-01-09 05:44:34 +00:00
2017-12-24 16:45:05 +00:00
}
2018-02-03 14:40:55 +00:00
/**
* Get informations about a single post
*
* @url POST /posts/get_single
*/
public function get_single_post(){
//Get the post ID
$postID = getPostPostIDWithAccess("postID");
//Get informations about the post
2018-01-16 17:36:41 +00:00
$postInfos = components()->posts->get_single($postID, false);
2018-01-16 17:48:12 +00:00
//Check for errors
2018-04-22 10:31:48 +00:00
if(!$postInfos->isValid())
2018-01-16 17:48:12 +00:00
Rest_fatal_error(500, "Couldn't retrieve post informations !");
2018-01-16 17:36:41 +00:00
//Check if we can get the comments of the post
2018-07-16 12:38:07 +00:00
$load_comments = TRUE;
if($postInfos->get_kind_page() == Posts::PAGE_KIND_USER)
$load_comments = components()->user->allowComments($postInfos->get_user_page_id());
if($load_comments)
2018-04-22 10:31:48 +00:00
$postInfos->set_comments(components()->comments->get($postInfos->get_id()));
2018-01-16 17:48:12 +00:00
//Parse post informations
2018-04-22 10:31:48 +00:00
$postInfos = $this->PostToAPI($postInfos);
//Return informations about the post
return $postInfos;
}
2018-01-07 17:05:05 +00:00
/**
* Create a post
*
* @url POST /posts/create
*/
public function createPost(){
user_login_required(); //Need login
2018-04-22 12:38:26 +00:00
//Initialize post object
$post = new Post();
2018-01-07 17:05:05 +00:00
//Get the kind of page
if(!isset($_POST['kind-page']) || !isset($_POST['kind-id']))
Rest_fatal_error(400, "Please specify the kind of target page and its ID !");
//Make the kind of page match with one of those locally stored
switch($_POST['kind-page']){
//In case of user
case "user":
//Get the values
$kind_page = Posts::PAGE_KIND_USER;
$kind_page_id = getPostUserID('kind-id');
//Check if user is allowed to create post on user page
if(!CS::get()->components->user->canCreatePosts(userID, $kind_page_id))
Rest_fatal_error(401, "You are not allowed to create post on this page !");
break;
2018-07-16 12:38:07 +00:00
//In case of group
case "group":
//Save the values
$kind_page = Posts::PAGE_KIND_GROUP;
$kind_page_id = getPostGroupIdWithAccess("kind-id", GroupInfo::MEMBER_ACCESS);
//Check whether the user is authorized to create posts on the page or not
if(!components()->groups->canUserCreatePost(userID, $kind_page_id))
Rest_fatal_error(401, "You are not authorized to create posts on this group!");
break;
2018-01-07 17:05:05 +00:00
//Unsupported kind of page
default:
Rest_fatal_error(500, "Unsupported kind of page !");
}
2018-04-22 12:38:26 +00:00
$post->set_kind_page($kind_page);
$post->set_kind_page_id($kind_page_id);
2018-01-07 17:05:05 +00:00
//Get the kind of post
if(!isset($_POST['kind']))
Rest_fatal_error(400, "Please specify the kind of post !");
$kind = $_POST['kind'];
2018-04-22 12:38:26 +00:00
$post->set_kind($kind);
2018-01-07 17:05:05 +00:00
//Get the content of the post
$content = getPostContent("content");
2018-04-22 12:38:26 +00:00
$post->set_content($content);
2018-01-07 17:05:05 +00:00
//Get the visibility of the post
$visibility = $this->getPostVisibilityLevel("visibility");
2018-04-22 12:38:26 +00:00
$post->set_visibility_level($visibility);
2018-01-07 17:05:05 +00:00
//Act differently depending of the post content
//For text post
if($kind === Posts::POST_KIND_TEXT){
//The post content must be valid
if(!check_string_before_insert($content))
Rest_fatal_error(400, "Specified post content invalid !");
}
//For image posts
else if($kind === Posts::POST_KIND_IMAGE){
//Check if it is a valid file
if(!check_post_file("image"))
Rest_fatal_error(400, "An error occured while receiving image !");
2018-01-31 05:29:04 +00:00
//Save post image
$file_path = save_post_image("image", userID, "imgpost", 2000, 2000);
2018-01-07 17:05:05 +00:00
//Save image information
2018-01-31 05:29:04 +00:00
$file_sys_path = path_user_data($file_path, true);
$file_type = mime_content_type($file_sys_path);
$file_size = filesize($file_sys_path);
2018-04-22 12:38:26 +00:00
$post->set_file_path($file_path);
$post->set_file_type($file_type);
$post->set_file_size($file_size);
2018-01-07 17:05:05 +00:00
}
//For YouTube posts
else if($kind === Posts::POST_KIND_YOUTUBE){
//Check if Youtube ID was specified
if(!isset($_POST['youtube_id']))
Rest_fatal_error(400, "Please specify the Youtube video ID in your request !");
$youtube_id = $_POST['youtube_id'];
//Check the video ID
if(!check_youtube_id($youtube_id))
Rest_fatal_error(400, "Specified YouTube video ID is invalid !");
//Save video informations
$file_path = $youtube_id;
2018-04-22 12:38:26 +00:00
$post->set_file_path($file_path);
2018-01-07 17:05:05 +00:00
}
//For personnal movies posts
else if($kind === Posts::POST_KIND_MOVIE){
//Get movie ID
$movieID = getPostMovieID("movieID");
//Check if the current user is the owner the movie or not
if(userID != CS::get()->components->movies->get_owner($movieID))
Rest_fatal_error(400, "You are not allowed to use this movie in your posts !");
//Save movie informations
2018-04-22 12:38:26 +00:00
$post->set_movie_id($movieID);
2018-01-07 17:05:05 +00:00
}
//For weblinks
else if($kind === Posts::POST_KIND_WEBLINK){
//Check if we have a valid url
if(!check_post_url("url"))
Rest_fatal_error(400, "Invalid URL specified with request !");
$url = $_POST['url'];
//Get informations about the webpage
$page_infos = URLAnalyzer::analyze($url, 15);
//Save URL informations
$link_url = $url;
2018-04-26 15:50:23 +00:00
$link_title = isset($page_infos["title"]) ? $page_infos["title"] : "";
$link_description = isset($page_infos["description"]) ? $page_infos["description"] : "";
$link_image = isset($page_infos["image"]) ? $page_infos["image"] : "";
2018-04-22 12:38:26 +00:00
$post->set_link_url($link_url);
$post->set_link_title($link_title);
$post->set_link_description($link_description);
$post->set_link_image($link_image);
2018-01-07 17:05:05 +00:00
}
//For PDFs
else if($kind === Posts::POST_KIND_PDF){
//Check if it is a valid file
if(!check_post_file("pdf"))
Rest_fatal_error(400, "An error occured while receiving pdf !");
//Check file type
if($_FILES['pdf']['type'] != "application/pdf")
Rest_fatal_error(400, "The file sent is not a PDF !");
//Generate target file name
$target_userdata_folder = prepareFileCreation(userID, "post_pdf");
$target_file_path = $target_userdata_folder.generateNewFileName(path_user_data($target_userdata_folder, true), "pdf");
$target_file_sys_path = path_user_data($target_file_path, true);
//Try to move the file to its final location
if(!move_uploaded_file($_FILES["pdf"]["tmp_name"], $target_file_sys_path))
Rest_fatal_error(500, "Could save the PDF !");
//Save pdf information
$file_type = "application/pdf";
$file_size = filesize($target_file_sys_path);
$file_path = $target_file_path;
2018-04-22 12:38:26 +00:00
$post->set_file_path($file_path);
$post->set_file_type($file_type);
$post->set_file_size($file_size);
2018-01-07 17:05:05 +00:00
}
//For countdown timer
else if($kind === Posts::POST_KIND_COUNTDOWN){
//Get end timestamp
$time_end = getPostTimeStamp("time-end");
2018-04-22 12:38:26 +00:00
$post->set_time_end($time_end);
2018-01-07 17:05:05 +00:00
}
//For survey
else if($kind === Posts::POST_KIND_SURVEY){
//Process the question
if(!isset($_POST['question']))
Rest_fatal_error(400, "Please specify the question of the survey !");
$question = $_POST['question'];
//Check the length of the question
if(strlen($question) < 5)
Rest_fatal_error(400, "Please specify a valid question for the survey !");
//Process the answers
if(!isset($_POST['answers']))
Rest_fatal_error(400, "Please specify the ansers of the survey !");
$str_answers = $_POST["answers"];
//Process the ansers
$answers = explode("<>", $str_answers);
//Remove empty questions and make other secure to insert
foreach($answers as $num=>$val){
if($val == "" || $val == " ")
unset($answers[$num]);
else
$answers[$num] = removeHTMLnodes($val);
}
//Check the minimum number of question is valid
if(count($answers) < 2)
Rest_fatal_error(400, "Please specify at least two valid answers for the survey !");
2018-04-22 12:05:14 +00:00
//Save information about the survey
$survey = new Survey();
$survey->set_question(removeHTMLnodes($question));
foreach($answers as $name){
$choice = new SurveyChoice();
$choice->set_name($name);
$survey->add_choice($choice);
}
2018-04-22 12:38:26 +00:00
$post->set_survey($survey);
2018-01-07 17:05:05 +00:00
}
//The content type is not supported
else {
Rest_fatal_error(500, "This kind of post is not supported !");
}
2018-04-22 12:38:26 +00:00
//Complete post information
$post->set_userID(userID);
2018-01-07 17:05:05 +00:00
//Create the post
2018-04-22 12:38:26 +00:00
$postID = CS::get()->components->posts->create($post);
2018-01-07 17:05:05 +00:00
//Check for errors
if($postID < 0)
Rest_fatal_error(400, "Couldn't create post !");
//Create a notification
$notification = new Notification();
$notification->set_from_user_id(userID);
$notification->set_on_elem_id($postID);
$notification->set_on_elem_type(Notification::POST);
$notification->set_type(Notification::ELEM_CREATED);
components()->notifications->push($notification);
2018-07-16 12:38:07 +00:00
2018-02-18 14:47:25 +00:00
2018-01-07 17:05:05 +00:00
//Success
return array(
"success" => "The post has been created !",
"postID" => $postID
);
}
2018-01-10 19:12:01 +00:00
/**
* Change the visibility level of a post
*
* @url POST /posts/set_visibility_level
*/
public function set_visibility_level(){
user_login_required();
//Get the post ID
$postID = $this->getFullAccessPostID("postID");
2018-01-10 19:12:01 +00:00
//Get the visibility level
$new_visibility = $this->getPostVisibilityLevel("new_level");
//Try to update visibility level
if(!CS::get()->components->posts->update_level($postID, $new_visibility))
Rest_fatal_error(500, "Couldn't update visibility level !");
//Success
return array("success" => "The visibility level has been updated !");
}
/**
* Update the content of a post
*
* @url POST /posts/update_content
*/
public function update_content(){
user_login_required();
//Get the post ID
$postID = $this->getFullAccessPostID("postID");
//Get the post content
$new_content = getPostContent("new_content");
//Try to update post content
if(!components()->posts->update_content($postID, $new_content))
Rest_fatal_error(500, "An error occured while trying to update post content !");
//Delete any notification targeting this user about the post
delete_user_notifications_over_post(userID, $postID);
//Success
return array("success" => "The post content has been updated !");
}
2018-01-12 06:00:08 +00:00
/**
* Delete post
*
* @url POST /posts/delete
*/
public function delete_post(){
user_login_required();
//Get the post ID
$postID = getPostPostID("postID");
//Get the user access over the post
$user_access = CS::get()->components->posts->access_level($postID, userID);
//Check if the user is allowed to delete the post or not
if($user_access != Posts::FULL_ACCESS && $user_access != Posts::INTERMEDIATE_ACCESS)
Rest_fatal_error(401, "You are not allowed to delete this post !");
//Delete the post
if(!CS::get()->components->posts->delete($postID))
Rest_fatal_error(500, "Couldn't delete post!");
//Success
return array("success" => "The post has been deleted!");
}
/**
* Get the list of targets (pages) where the current user can create
* posts
*
* @url POST /posts/getAvailableTargets
*/
public function getAvailableTargets() {
user_login_required();
// Get the list of friends of the user where the user
// can create posts
$friends = components()->friends->getListThatAllowPostsFromUser(userID);
// Get the list of groups where the user can create posts
$groups = components()->groups->getListUserWhereCanCreatePosts(userID);
//Return result
return array(
"friends" => $friends,
"groups" => $groups
);
}
/**
* Get the visibility level specified in a POST request
*
* @param string $name The name of the POST parameter
* @return int The visibility level
*/
private function getPostVisibilityLevel(string $name) : int {
if(!isset($_POST[$name]))
Rest_fatal_error(400, "Please specify the visibility of the post !");
$api_visibility = $_POST[$name];
//Get the visibility levels of the API
$post_visibility = array_flip($this::VISIBILITY_LEVELS_API);
//Check for the existence of the visibility level
if(!isset($post_visibility[$api_visibility]))
Rest_fatal_error(400, "Specified visibility level not recognized !");
//Return it
return $post_visibility[$api_visibility];
}
/**
* This function is called to check if the current user has a full access
* other a post specified by its ID in a post request
*
* @param string $name The name of the POST parameter
* @return int The ID of the POST (an error is thrown if the user can't be
* authenticated as post owner)
*/
private function getFullAccessPostID(string $name) : int {
user_login_required();
//Get the post ID
$postID = getPostPostID($name);
//Check if the user is allowed to change the visibility level of the post
if(CS::get()->components->posts->access_level($postID, userID) != Posts::FULL_ACCESS)
Rest_fatal_error(401, "You do not the full control of this post !");
//Return post id
return $postID;
}
2018-01-16 17:48:12 +00:00
2018-02-03 14:40:55 +00:00
/**
* Process a list of post for the API
*
* @param array $list The list of posts to process
* @return array The parsed list of posts for API
*/
private function parsePostsList(array $list) : array {
//Process the list of posts
foreach($list as $num => $infos){
//Parse post informations
2018-04-22 10:48:20 +00:00
$list[$num] = $this->PostToAPI($infos);
2018-02-03 14:40:55 +00:00
}
return $list;
}
2018-04-22 10:31:48 +00:00
/**
* Turn a POST object into API entry object
*
* @param Post $post The post object to convert
* @return array Generated post object
*/
public static function PostToAPI(Post $post) : array {
$data = array();
//Basic information about the post
$data["ID"] = $post->get_id();
$data["userID"] = $post->get_userID();
$data["user_page_id"] = $post->get_user_page_id();
$data["group_id"] = $post->get_group_id();
2018-04-22 10:31:48 +00:00
$data["post_time"] = $post->get_time_sent();
2018-05-19 07:36:09 +00:00
$data["content"] = $post->has_content() ? $post->get_content() : null;
2018-04-22 10:31:48 +00:00
$data["visibility_level"] = self::VISIBILITY_LEVELS_API[$post->get_visibility_level()];
$data["kind"] = $post->get_kind();
//File specific
$data["file_size"] = $post->has_file_size() ? $post->get_file_size() : null;
$data["file_type"] = $post->has_file_type() ? $post->get_file_type() : null;
$data["file_path"] = $post->has_file_path() ? $post->get_file_path() : null;
$data["file_path_url"] = $post->has_file_path_url() ? $post->get_file_path_url() : null;
//Movie specific
$data["video_id"] = $post->has_movie_id() ? $post->get_movie_id() : null;
$data["video_info"] = $post->has_movie() ? MoviesController::MovieToAPI($post->get_movie()) : null;
//Countdown timer specific
$data["time_end"] = $post->has_time_end() ? $post->get_time_end() : null;
//Weblink specific
$data["link_url"] = $post->has_link_url() ? $post->get_link_url() : null;
$data["link_title"] = $post->has_link_title() ? $post->get_link_title() : null;
$data["link_description"] = $post->has_link_description() ? $post->get_link_description() : null;
$data["link_image"] = $post->has_link_image() ? $post->get_link_image() : null;
//Survey specific
$data["data_survey"] = $post->has_survey() ? SurveysController::SurveyToAPI($post->get_survey()) : null;
//Other post information
$data["likes"] = $post->has_likes() ? $post->get_likes() : null;
$data["userlike"] = $post->get_userLike();
//Comments
if($post->has_comments()){
//Process the list of comments
$data["comments"] = array();
foreach($post->get_comments() as $num=>$comment)
$data['comments'][$num] = CommentsController::commentToAPI($comment);
}
else
$data["comments"] = null;
//Get access level to the post
$post->set_user_access_level(CS::get()->components->posts->access_level_with_infos($post, userID));
//Save level access in the response
$data["user_access"] = self::ACCESS_LEVEL_API[$post->get_user_access_level()];
return $data;
}
2017-12-24 15:35:50 +00:00
}