ComunicAPI/RestControllers/SettingsController.php

<?php
/**
 * API Settings controller
 * 
 * @author Pierre HUBERT
 */

class SettingsController {

	/**
	 * Account image visibility levels for the API
	 */
	const AccountImageVisibilityLevels = array(
		AccountImageSettings::VISIBILITY_OPEN => "open",
		AccountImageSettings::VISIBILITY_PUBLIC => "public",
		AccountImageSettings::VISIBILITY_FRIENDS => "friends"
	);

	/**
	 * Get general account settings
	 * 
	 * @url POST /settings/get_general
	 */
	public function getGeneral(){

		user_login_required(); //Login needed

		//Fetch user settings
		$user_settings = components()->settings->get_general(userID);

		//Check for error
		if(!$user_settings->isValid())
			Rest_fatal_error(500, "Could not get user settings !");

		//Parse and return settings entry
		return $this->GeneralSettingsToAPI($user_settings);

	}

	/**
	 * Set (update) the general account settings
	 * 
	 * @url POST /settings/set_general
	 */
	public function setGeneral(){

		user_login_required(); //Login needed

		//Check the existence of the fields
		//if(!check_post_parametres(array("firstName", "lastName", "isPublic", "isOpen", 
		//	"allowComments", "allowPostsFromFriends", "publicFriendsList", "personnalWebsite", 
		//	"virtualDirectory", "allow_comunic_mails")))
		//	Rest_fatal_error(400, "Please specify all the parametres for this request!");
		
		//Get and check virtual directory
		$virtualDirectory = postString("virtualDirectory", 0);
		if($virtualDirectory != ""){
			$virtualDirectory = getPostUserDirectory("virtualDirectory");

			//Check if the directory is available
			if(!components()->settings->checkUserDirectoryAvailability($virtualDirectory, userID))
				Rest_fatal_error(401, "The specified directory is not available!");

		}

		//Create and fill a GeneralSettings object with the new values
		$settings = new GeneralSettings();
		$settings->set_id(userID);
		$settings->set_firstName(removeHTMLnodes(postString("firstName", 3)));
		$settings->set_lastName(removeHTMLnodes(postString("lastName", 3)));
		$settings->set_publicPage(postBool("isPublic"));
		$settings->set_openPage(postBool("isOpen"));
		$settings->rationalizePublicOpenStatus();
		$settings->set_allowComments(postBool("allowComments"));
		$settings->set_allowPostsFriends(postBool("allowPostsFromFriends"));
		$settings->set_friendsListPublic(postBool("publicFriendsList"));
		$settings->set_personnalWebsite(postString("personnalWebsite", 0));
		$settings->set_virtualDirectory($virtualDirectory);
		$settings->set_allowComunicMails(postBool("allow_comunic_mails"));

		//Check personnal webiste
		if($settings->has_personnalWebsite()){
			if(!filter_var($settings->get_personnalWebsite(), FILTER_VALIDATE_URL))
				Rest_fatal_error(401, "Invalid personnal URL!");
		}

		//Try to update settings
		if(!components()->settings->save_general($settings))
			Rest_fatal_error(500, "Coud not save user settings!");
		
		//Success
		return array("success" => "The general settings of the user have been successfully saved !");
	}

	/**
	 * Check the availability of a user directory
	 * 
	 * @url POST /settings/check_user_directory_availability
	 */
	public function checkUserDirectoryAvailability() {

		//User login needed
		user_login_required();

		//Get user directory
		$userDirectory = getPostUserDirectory("directory");

		//Check if the directory is available
		if(!components()->settings->checkUserDirectoryAvailability($userDirectory, userID))
			Rest_fatal_error(401, "The specified directory is not available!");

		//Else the directory is available
		return array("success" => "The directory is available!");
	}

	/**
	 * Get security settings
	 * 
	 * Warning !!! This method is really sensitive, please double check any
	 * user input data !
	 * 
	 * @url POST /settings/get_security
	 */
	public function getSecurity(){

		//User login required
		user_login_required();

		//Make sure the password is valid
		check_post_password(userID, "password");

		//Fetch user security settings
		$settings = components()->settings->get_security(userID);

		//Check settings validity
		if(!$settings->isValid())
			Rest_fatal_error(500, "Could not get user security settings!");
		
		//Parse and return settings entry
		return $this->SecuritySettingsToAPI($settings);
	}

	/**
	 * Set (update) security settings
	 * 
	 * Warning !!! This method is really sensitive, please double check any
	 * user input data !
	 * 
	 * @url POST /settings/set_security
	 */
	public function setSecurity(){

		//User login required
		user_login_required();

		//Make sure the password is valid
		check_post_password(userID, "password");

		//Create a security settings object and fill it with the new information
		$settings = new SecuritySettings();
		$settings->set_id(userID);
		$settings->set_security_question_1(postString("security_question_1", 0));
		$settings->set_security_answer_1(postString("security_answer_1", 0));
		$settings->set_security_question_2(postString("security_question_2", 0));
		$settings->set_security_answer_2(postString("security_answer_2", 0));
		
		//Try to update settings
		if(!components()->settings->save_security($settings))
			Rest_fatal_error(500, "Coud not save security settings!");
		
		//Success
		return array("success" => "The security settings of the user have been successfully saved !");
	}

	/**
	 * Update user password
	 * 
	 * @url POST /settings/update_password
	 */
	public function updatePassword(){

		//User login required
		user_login_required();

		//Check the old password
		check_post_password(userID, "oldPassword");

		//Get and save the new password
		$newPassword = postString("newPassword");

		//Try to save password
		if(!components()->account->set_new_user_password(userID, $newPassword))
			Rest_fatal_error(500, "Could not update user password!");
		
		//Success
		return array("success" => "The password has been updated !");
	}

	/**
	 * Get account image information
	 * 
	 * @url POST /settings/get_account_image
	 */
	public function getAccountImageSettings(){

		//User login required
		user_login_required();

		//Get the settings of the user
		$settings = components()->accountImage->getSettings(userID);

		//Return parsed settings object
		return $this->AccountImageSettingsToAPI($settings);
	}

	/**
	 * Set a new account image for the user
	 * 
	 * @url POST /settings/upload_account_image
	 */
	public function upload_account_image(){

		//Login required
		user_login_required();

		//Check if it is a valid file
		if(!check_post_file("picture"))
			Rest_fatal_error(400, "An error occured while receiving image !");

		//Try to save image
		$file_uri = save_post_image("picture", 0, "avatars", 800, 800);
		
		//Update account image information
		if(!components()->accountImage->update(userID, substr(strrchr($file_uri, "/"), 1)))
			Rest_fatal_error(500, "An error occured while trying to apply new account image !");

		//Success
		return array("success" => "The new account image has been successfully saved!");
	}

	/**
	 * Turn a GeneralSettings object into a valid API object
	 * 
	 * @param GeneralSettings $settings The object to convert
	 * @return array Generated API object
	 */
	private function GeneralSettingsToAPI(GeneralSettings $settings) : array {

		$data = array();

		$data["id"] = $settings->get_id();
		$data["email"] = $settings->get_email();
		$data["firstName"] = $settings->get_firstName();
		$data["lastName"] = $settings->get_lastName();
		$data["is_public"] = $settings->is_publicPage();
		$data["is_open"] = $settings->is_openPage();
		$data["allow_comments"] = $settings->is_allowComments();
		$data["allow_posts_from_friends"] = $settings->is_allowPostsFriends();
		$data["allow_comunic_mails"] = $settings->is_allowComunicMails();
		$data["public_friends_list"] = $settings->is_friendsListPublic();
		$data["virtual_directory"] = $settings->get_virtualDirectory();
		$data["personnal_website"] = $settings->get_personnalWebsite();

		return $data;
	}

	/**
	 * Turn a SecuritySettings object into a valid API object
	 * 
	 * @param SecuritySettings $settings The object to convert
	 * @return array Generated API object
	 */
	private function SecuritySettingsToAPI(SecuritySettings $settings) : array {

		$data = array();

		$data["id"] = $settings->get_id();
		$data["security_question_1"] = $settings->has_security_question_1() ? $settings->get_security_question_1() : "";
		$data["security_answer_1"] = $settings->has_security_answer_1() ? $settings->get_security_answer_1() : "";
		$data["security_question_2"] = $settings->has_security_question_2() ? $settings->get_security_question_2() : "";
		$data["security_answer_2"] = $settings->has_security_answer_2() ? $settings->get_security_answer_2() : "";

		return $data;
	}

	/**
	 * Turn a AccountImageSettings object into API object
	 * 
	 * @param AccountImageSettings $settings The settings object to convert
	 * @return array Generated API object
	 */
	private function AccountImageSettingsToAPI(AccountImageSettings $settings) : array {

		$data = array();

		$data["has_image"] = $settings->has_image_path();
		$data["image_url"] = $settings->has_image_path() ? path_user_data($settings->get_image_path()) : null;
		$data["visibility"] = self::AccountImageVisibilityLevels[$settings->get_visibility_level()];

		return $data;

	}

}