Web Service:

- Delete functions_webserv.inc.php 
- Activate $colling_partner_id in ws.php


git-svn-id: http://piwigo.org/svn/trunk@1777 68402e56-0260-453c-a942-63ccdbb3a9ee

2 files changed, 18 insertions, 169 deletions

diff --git a/include/functions_webserv.inc.php b/include/functions_webserv.inc.php
deleted file mode 100644
index 7961c63c8..000000000
--- a/include/functions_webserv.inc.php
+++ /dev/null
@@ -1,143 +0,0 @@
-<?php

-// +-----------------------------------------------------------------------+

-// | PhpWebGallery - a PHP based picture gallery                           |

-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |

-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |

-// +-----------------------------------------------------------------------+

-// | branch        : BSF (Best So Far)

-// | file          : $RCSfile$

-// | last update   : $Date: 2006-02-28 02:13:16 +0100 (mar., 28 févr. 2006) $

-// | last modifier : $Author: rvelices $

-// | revision      : $Revision: 1058 $

-// +-----------------------------------------------------------------------+

-// | This program is free software; you can redistribute it and/or modify  |

-// | it under the terms of the GNU General Public License as published by  |

-// | the Free Software Foundation                                          |

-// |                                                                       |

-// | This program is distributed in the hope that it will be useful, but   |

-// | WITHOUT ANY WARRANTY; without even the implied warranty of            |

-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |

-// | General Public License for more details.                              |

-// |                                                                       |

-// | You should have received a copy of the GNU General Public License     |

-// | along with this program; if not, write to the Free Software           |

-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |

-// | USA.                                                                  |

-// +-----------------------------------------------------------------------+

-

-//------------------------------------------------------------------- functions

-// official_req returns the managed requests list in array format

-function official_req()

-{

-return array(

-    'random'                              /* Random order */

-  , 'list'               /* list on MBt & z0rglub request */

-  , 'maxviewed'             /* hit > 0 and hit desc order */

-  , 'recent'        /* recent = Date_available desc order */

-  , 'highrated'            /* avg_rate > 0 and desc order */

-  , 'oldest'                  /* Date_available asc order */

-  , 'lessviewed'                         /* hit asc order */

-  , 'lowrated'                      /* avg_rate asc order */

-  , 'undescribed'                  /* description missing */

-  , 'unnamed'                         /* new name missing */

-  , 'portraits'     /* width < height (portrait oriented) */

-  , 'landscapes'   /* width > height (landscape oriented) */

-  , 'squares'             /* width ~ height (square form) */

-);

-}

-

-

-// expand_id_list($ids) convert a human list expression to a full ordered list

-// example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)

-function expand_id_list($ids)

-{

-    $tid = array();

-    foreach ( $ids as $id )

-    {

-      if ( is_numeric($id) )

-      {

-        $tid[] = (int) $id;

-      }

-      else

-      {

-        $range = explode( '-', $id );

-        if ( is_numeric($range[0]) and is_numeric($range[1]) )

-        {

-          $from = min($range[0],$range[1]);

-          $to = max($range[0],$range[1]);

-          for ($i = $from; $i <= $to; $i++) 

-          {

-            $tid[] = (int) $i;

-          }

-        }

-      }

-    }

-    $result = array_unique ($tid); // remove duplicates...

-    sort ($result);

-    return $result;

-}

-

-// check_target($string) verifies and corrects syntax of target parameter

-// example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27

-function check_target($list)

-{

-  if ( $list !== '' )

-  {

-    $type = explode('/',$list); // Find type list

-    if ( !in_array($type[0],array('list','cat','tag') ) )

-    {

-      $type[0] = 'list'; // Assume an id list

-    } 

-    $ids = explode( ',',$type[1] );

-    $list = $type[0] . '/';

-

-    // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,

-

-    $result = expand_id_list( $ids ); 

-

-    // 1,2,3,4,5,6,9,10,11,12,13,21,22, 

-    // I would like

-    // 1-6,9-13,21-22

-    $serial[] = $result[0]; // To be shifted                      

-    foreach ($result as $k => $id)

-    {

-      $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1;

-      if ( $id == $next_less_1 and end($serial)=='-' )

-      { // nothing to do 

-      }

-      elseif ( $id == $next_less_1 )

-      {

-        $serial[]=$id;

-        $serial[]='-';

-      }

-      else

-      {

-        $serial[]=$id;  // end serie or non serie

-      }

-    }

-    $null = array_shift($serial); // remove first value

-    $list .= array_shift($serial); // add the real first one

-    $separ = ',';

-    foreach ($serial as $id)

-    {

-      $list .= ($id=='-') ? '' : $separ . $id;

-      $separ = ($id=='-') ? '-':','; // add comma except if hyphen

-    }

-  }

-  return $list;

-}

-

-

-// FIXME Function which could already exist somewhere else 

-function get_image_ids_for_cats($cat_ids)

-{

-  $cat_list = implode(',', $cat_ids);

-  $ret_ids = array();

-  $query = '

-  SELECT DISTINCT image_id 

-    FROM '.IMAGE_CATEGORY_TABLE.'

-  WHERE category_id in ('.$cat_list.')

-  ;';

-  return $array_from_query($query, 'image_id');

-}

-?>

diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 8cbd74987..6feb743a0 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -51,12 +51,12 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
 }
 
 /**
- * ws_add_controls 
+ * ws_addControls
  * returns additionnal controls if requested
  * usable for 99% of Web Service methods 
  * 
  * - Args  
- * $method: is the requested method
+ * $methodName: is the requested method
  * $partner: is the key
  * $tbl_name: is the alias_name in the query (sometimes called correlation name)
  *            null if !getting picture informations 
@@ -69,9 +69,9 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
  *   
  * The additionnal in-where-clause is return
  */       
-function ws_add_controls( $method, $tbl_name )
+function ws_addControls( $methodName, $tbl_name )
 {
-  global $conf, $partner;
+  global $conf, $calling_partner_id, $params;
   if ( !$conf['ws_access_control'] )
   {
     return ' 1 = 1 '; // No controls are requested 
@@ -80,7 +80,7 @@ function ws_add_controls( $method, $tbl_name )
 // Is it an active Partner? 
   $query = '
 SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$partner'
+ WHERE `name` = '$calling_partner_id'
    AND NOW() <= end; ";
 $result = pwg_query($query);
   if ( mysql_num_rows( $result ) == 0 )
@@ -94,12 +94,14 @@ $result = pwg_query($query);
 // Generic is not ready 
 // For generic you can say... tags. or categories. or images. maybe?
   $filter = $row['request'];
-  $request_method = substr($method, 0, strlen($filter)) ;
+  $request_method = substr($methodName, 0, strlen($filter)) ;
   if ( $filter !== $filter_method )
   {
     return ' 0 = 1'; // Unauthorized method request
   }
-
+// Overide general object limit   
+  $params['per_page'] = $row['limit'];
+  
 // Target restrict
 // 3 cases: list, cat or tag
 // Behind / we could found img-ids, cat-ids or tag-ids
@@ -247,9 +249,7 @@ function ws_std_get_urls($image_row)
 
 function ws_getVersion($params, &$service)
 {
-//  Needed for security reason... Maybe???
-//  $where_clause[] = 
-//          ws_add_controls( 'getVersion', null );
+//  TODO = Version availability is under control of $conf['show_version']
   return PHPWG_VERSION;
 }
 
@@ -309,9 +309,8 @@ SELECT id, name, image_order
       .implode(',', array_keys($cats) )
       .')';
 
-//  Mandatory 
-//  $where_clause[] = 
-//          ws_add_controls( 'categories.getImages', 'i.' );
+    $where_clause[] =
+          ws_addControls( 'categories.getImages', 'i.' );
     
     $order_by = ws_std_image_sql_order($params, 'i.');
     if (empty($order_by))
@@ -431,11 +430,6 @@ function ws_categories_getList($params, &$service)
     $where[] = 'id NOT IN ('.$user['forbidden_categories'].')';
   }
 
-// To ONLY build external links maybe ???  
-//  $where_clause[] = 
-//          ws_add_controls( 'categories.getList', null );
-// Making links in a Blog...
-
   $query = '
 SELECT id, name, uppercats, global_rank,
     max_date_last, count_images AS nb_images, count_categories AS nb_categories
@@ -481,17 +475,16 @@ function ws_images_getInfo($params, &$service)
   {
     return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
   }
-// Mandatory (No comment)  
-//  $where_clause[] = 
-//          ws_add_controls( 'images.getInfo', '' );  
+ 
   $query='
 SELECT * FROM '.IMAGES_TABLE.'
   WHERE id='.$params['image_id'].
     get_sql_condition_FandF(
       array('visible_images' => 'id'),
       ' AND'
-    ).'
-LIMIT 1';
+    ).' AND '.
+    ws_addControls( 'images.getInfo', '' ).'
+LIMIT 1;';
 
   $image_row = mysql_fetch_assoc(pwg_query($query));
   if ($image_row==null)
@@ -754,9 +747,8 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids
         '', true
       );
     $where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
-// Mandatory  
-//  $where_clause[] = 
-//          ws_add_controls( 'tags.getImages', '' );  
+    $where_clause[] =
+            ws_addControls( 'tags.getImages', 'i.' );
 
     $order_by = ws_std_image_sql_order($params);
     if (empty($order_by))