aboutsummaryrefslogtreecommitdiffstats
path: root/include/ws_functions.inc.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/ws_functions.inc.php44
1 files changed, 18 insertions, 26 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 8cbd74987..6feb743a0 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -51,12 +51,12 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
}
/**
- * ws_add_controls
+ * ws_addControls
* returns additionnal controls if requested
* usable for 99% of Web Service methods
*
* - Args
- * $method: is the requested method
+ * $methodName: is the requested method
* $partner: is the key
* $tbl_name: is the alias_name in the query (sometimes called correlation name)
* null if !getting picture informations
@@ -69,9 +69,9 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
*
* The additionnal in-where-clause is return
*/
-function ws_add_controls( $method, $tbl_name )
+function ws_addControls( $methodName, $tbl_name )
{
- global $conf, $partner;
+ global $conf, $calling_partner_id, $params;
if ( !$conf['ws_access_control'] )
{
return ' 1 = 1 '; // No controls are requested
@@ -80,7 +80,7 @@ function ws_add_controls( $method, $tbl_name )
// Is it an active Partner?
$query = '
SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$partner'
+ WHERE `name` = '$calling_partner_id'
AND NOW() <= end; ";
$result = pwg_query($query);
if ( mysql_num_rows( $result ) == 0 )
@@ -94,12 +94,14 @@ $result = pwg_query($query);
// Generic is not ready
// For generic you can say... tags. or categories. or images. maybe?
$filter = $row['request'];
- $request_method = substr($method, 0, strlen($filter)) ;
+ $request_method = substr($methodName, 0, strlen($filter)) ;
if ( $filter !== $filter_method )
{
return ' 0 = 1'; // Unauthorized method request
}
-
+// Overide general object limit
+ $params['per_page'] = $row['limit'];
+
// Target restrict
// 3 cases: list, cat or tag
// Behind / we could found img-ids, cat-ids or tag-ids
@@ -247,9 +249,7 @@ function ws_std_get_urls($image_row)
function ws_getVersion($params, &$service)
{
-// Needed for security reason... Maybe???
-// $where_clause[] =
-// ws_add_controls( 'getVersion', null );
+// TODO = Version availability is under control of $conf['show_version']
return PHPWG_VERSION;
}
@@ -309,9 +309,8 @@ SELECT id, name, image_order
.implode(',', array_keys($cats) )
.')';
-// Mandatory
-// $where_clause[] =
-// ws_add_controls( 'categories.getImages', 'i.' );
+ $where_clause[] =
+ ws_addControls( 'categories.getImages', 'i.' );
$order_by = ws_std_image_sql_order($params, 'i.');
if (empty($order_by))
@@ -431,11 +430,6 @@ function ws_categories_getList($params, &$service)
$where[] = 'id NOT IN ('.$user['forbidden_categories'].')';
}
-// To ONLY build external links maybe ???
-// $where_clause[] =
-// ws_add_controls( 'categories.getList', null );
-// Making links in a Blog...
-
$query = '
SELECT id, name, uppercats, global_rank,
max_date_last, count_images AS nb_images, count_categories AS nb_categories
@@ -481,17 +475,16 @@ function ws_images_getInfo($params, &$service)
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
}
-// Mandatory (No comment)
-// $where_clause[] =
-// ws_add_controls( 'images.getInfo', '' );
+
$query='
SELECT * FROM '.IMAGES_TABLE.'
WHERE id='.$params['image_id'].
get_sql_condition_FandF(
array('visible_images' => 'id'),
' AND'
- ).'
-LIMIT 1';
+ ).' AND '.
+ ws_addControls( 'images.getInfo', '' ).'
+LIMIT 1;';
$image_row = mysql_fetch_assoc(pwg_query($query));
if ($image_row==null)
@@ -754,9 +747,8 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids
'', true
);
$where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
-// Mandatory
-// $where_clause[] =
-// ws_add_controls( 'tags.getImages', '' );
+ $where_clause[] =
+ ws_addControls( 'tags.getImages', 'i.' );
$order_by = ws_std_image_sql_order($params);
if (empty($order_by))