From 7f6ac13d7dc257e395a4cc2eac8ff3defbfecf43 Mon Sep 17 00:00:00 2001 From: Pierre Date: Thu, 4 Jan 2018 13:59:48 +0100 Subject: [PATCH] Get post access level --- classes/components/posts.php | 123 +++++++++++++++++++++++++++++++++++ classes/components/user.php | 14 +++- functions/requests.php | 26 +++++++- 3 files changed, 159 insertions(+), 4 deletions(-) diff --git a/classes/components/posts.php b/classes/components/posts.php index 5954d38..1b22df4 100644 --- a/classes/components/posts.php +++ b/classes/components/posts.php @@ -19,6 +19,21 @@ class Posts { //Posts that can be seen by the user only const VISIBILITY_USER = 3; + /** + * Access level to a post + */ + //When a user can't access to a post + const NO_ACCESS = 0; + + //When a user can see a post and perform basic actions such as liking + const BASIC_ACCESS = 1; + + //When a user has intermediate access to the post (delete post) + const INTERMEDIATE_ACCESS = 2; + + //When a user has a full access to the post + const FULL_ACCESS = 3; + /** * Table informations */ @@ -129,6 +144,111 @@ class Posts { } + /** + * Check whether a post exists or not + * + * @param int $postID The ID of the post to check + * @return bool TRUE if the post exists / FALSE else + */ + public function exist(int $postID) : bool { + + //Perform a request on the database + return CS::get()->db->count($this::TABLE_NAME, "WHERE ID = ?", array($postID)) != 0; + + } + + /** + * Get the access level of a user about a post + * + * @param int $postID The ID of the post to get + * @param int $userID The ID of the user to check + * @return int The access level over the post + */ + public function access_level(int $postID, int $userID) : int { + + //Get informations about the post + $post_infos = $this->get_single($postID); + + //Check if the user is the owner of the post + if($post_infos['userID'] == $userID) + return $this::FULL_ACCESS; + + //Check if the post was made on the user page + if($post_infos["user_page_id"] == $userID) + return $this::INTERMEDIATE_ACCESS; + + //Check if the post is private + if($post_infos["visibility_level"] == $this::VISIBILITY_USER) + return $this::NO_ACCESS; + + //Check if the post is for friends only + if($post_infos["visibility_level"] == $this::VISIBILITY_FRIENDS){ + + //Check if user is signed in + if($userID == 0) + return $this::NO_ACCESS; + + //Check if this user and the owner of the page are friends or not + else if(!CS::get()->components->friends->are_friend($userID, $post_infos['user_page_id'])) + return $this::NO_ACCESS; + + else + //User can access the post + return $this::BASIC_ACCESS; + } + + //Check if the post is public + if($post_infos['visibility_level'] == $this::VISIBILITY_PUBLIC){ + + //Check if the two personns are friend + if($userID != 0){ + if(CS::get()->components->friends->are_friend($userID, $post_infos['user_page_id'])) + return $this::BASIC_ACCESS; + } + + //Get user visibility level + $visibilityLevel = CS::get()->components->user->getVisibility($post_infos['user_page_id']); + + //If the page is open, access is free + if($visibilityLevel == User::USER_PAGE_OPEN) + return $this::BASIC_ACCESS; + + //Else check if the user is signed in and the page is public + else if($userID != 0 AND $visibilityLevel == User::USER_PAGE_PUBLIC) + return $this::BASIC_ACCESS; + + else + return $this::NO_ACCESS; + } + + //Not implemented + return $this::NO_ACCESS; + + } + + /** + * Fetch a single post from the database + * + * @param int $postID The ID of the post to get + * @return array Informations about the post / empty array + * if the post was not found + */ + private function get_single(int $postID) : array { + + //Perform a request on the database + $conditions = "WHERE ID = ?"; + $values = array($postID); + $result = CS::get()->db->select($this::TABLE_NAME, $conditions, $values); + + //Check if we got a response + if(count($result) == 0) + return array(); //Empty array = error + + //Return parsed response + return $this->parse_post($result[0], false); + + } + /** * Parse a user post from the database into * the standardized version of post structure @@ -147,6 +267,9 @@ class Posts { //Determine user ID $info["userID"] = $src["ID_amis"] == 0 ? $src["ID_personne"] : $src["ID_amis"]; + //Determine user page ID + $info["user_page_id"] = $src["ID_personne"]; + //Time when the message was sent $info["post_time"] = strtotime($src["date_envoi"]); diff --git a/classes/components/user.php b/classes/components/user.php index afea51f..3a6f689 100644 --- a/classes/components/user.php +++ b/classes/components/user.php @@ -17,6 +17,14 @@ class User{ */ private $userLoginAPItable = ""; + /** + * Pages visiblity levels + */ + const USER_PAGE_PRIVATE = 0; + const USER_PAGE_PUBLIC = 1; + const USER_PAGE_OPEN = 2; + + /** * Public constructor */ @@ -382,13 +390,13 @@ class User{ //Check if the page is public if($result[0]["public"] == 0) - return 0; + return $this::USER_PAGE_PRIVATE; //Check if the page is open or not if($result[0]["pageouverte"] == 1) - return 3; //Page open + return $this::USER_PAGE_OPEN; //Page open else - return 2; //Public page + return $this::USER_PAGE_PUBLIC; //Public page } diff --git a/functions/requests.php b/functions/requests.php index 07cce8b..4465056 100644 --- a/functions/requests.php +++ b/functions/requests.php @@ -173,7 +173,7 @@ function getPostConversationID(string $name = "conversationID") : int { //Get conversationID if(!isset($_POST[$name])) - Rest_fatal_error(400, "Exepted conversation ID in '".$name."' !"); + Rest_fatal_error(400, "Excepted conversation ID in '".$name."' !"); $conversationID = toInt($_POST[$name]); //Check conversationID validity @@ -186,4 +186,28 @@ function getPostConversationID(string $name = "conversationID") : int { return $conversationID; +} + +/** + * Get the ID of a post in a rest request + * + * @param string $name Optionnal, the name of the post id field + * @return int $postID The ID of the post + */ +function getPostPostID(string $name = "postID") : int { + + //Get postID + if(!isset($_POST[$name])) + Rest_fatal_error(400, "Excepted post ID in '".$name."' !"); + $postID = toInt($_POST[$name]); + + //Check post ID validity + if($postID < 1) + Rest_fatal_error(400, "Invalid post ID!"); + + //Check if the post exists + if(!CS::get()->components->posts->exist($postID)) + Rest_fatal_error(404, "Specified post does not exists!"); + + return $postID; } \ No newline at end of file