aboutsummaryrefslogtreecommitdiffstats
path: root/include/ws_functions.inc.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/ws_functions.inc.php156
1 files changed, 2 insertions, 154 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 0a0b7189d..e305016e3 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -42,109 +42,10 @@ function ws_isInvokeAllowed($res, $methodName, $params)
return new PwgError(401, 'Access denied');
}
- if ( !$conf['ws_access_control'] )
- {
- return $res; // No controls are requested
- }
- $query = '
-SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$calling_partner_id'
- AND NOW() <= end; ";
- $result = pwg_query($query);
- $row = mysql_fetch_assoc($result);
- if ( empty($row) )
- {
- return new PwgError(403, 'Partner id does not exist or is expired');
- }
- if ( !empty($row['request'])
- and strpos($methodName, $row['request'])==false
- and strpos($methodName, 'session')==false
- and strpos($methodName, 'getVersion')==false )
- { // session and getVersion are allowed to diagnose any failure reason
- return new PwgError(403, 'Method not allowed');
- }
-
return $res;
}
/**
- * ws_addControls
- * returns additionnal controls if requested
- * usable for 99% of Web Service methods
- *
- * - Args
- * $methodName: is the requested method
- * $partner: is the key
- * $tbl_name: is the alias_name in the query (sometimes called correlation name)
- * null if !getting picture informations
- * - Logic
- * Access_control is not active: Return
- * Key is incorrect: Return 0 = 1 (False condition for MySQL)
- * One of Params doesn't match with type of request: return 0 = 1 again
- * Access list(id/cat/tag) is converted in expended image-id list
- * image-id list: converted to an in-where-clause
- *
- * The additionnal in-where-clause is return
- */
-function ws_addControls( $methodName, &$params, $tbl_name )
-{
- global $conf, $calling_partner_id;
- if ( !$conf['ws_access_control'] or !isset($calling_partner_id) )
- {
- return '1=1'; // No controls are requested
- }
-
-// Is it an active Partner?
- $query = '
-SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$calling_partner_id'
- AND NOW() <= end; ";
-$result = pwg_query($query);
- if ( mysql_num_rows( $result ) == 0 )
- {
- return '0=1'; // Unknown partner or Obsolate agreement
- }
-
- $row = mysql_fetch_array($result);
-
-// Overide general object limit
- $params['per_page'] = $row['limit'];
-
-// Target restrict
-// 3 cases: list, cat or tag
-// Behind / we could found img-ids, cat-ids or tag-ids
- $target = $row['access'];
- if ( $target == '')
- {
- return '1=1'; // No controls are requested
- }
- list($type, $str_ids) = explode('/',$target); // Find type list
-
-// (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
- $arr_ids = expand_id_list( explode( ',',$str_ids ) );
- $addings = implode(',', $arr_ids);
-// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
- if ( $type == 'list')
- {
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
-
- if ( $type == 'cat' )
- {
- $addings = implode(',', get_image_ids_for_cats($arr_ids));
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
-
- if ( $type == 'tag' )
- {
- $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
- // Unmanaged new type?
- return ' 0 = 1 '; // ???
-}
-
-/**
* returns a "standard" (for our web service) array of sql where clauses that
* filters the images (images table only)
*/
@@ -371,7 +272,6 @@ SELECT id, name, permalink, image_order
'visible_images' => 'i.id'
), null, true
);
- $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' );
$order_by = ws_std_image_sql_order($params, 'i.');
if ( empty($order_by)
@@ -609,9 +509,8 @@ SELECT * FROM '.IMAGES_TABLE.'
get_sql_condition_FandF(
array('visible_images' => 'id'),
' AND'
- ).' AND '.
- ws_addControls( 'images.getInfo', $params, '' ).'
-LIMIT 1;';
+ ).'
+LIMIT 1';
$image_row = mysql_fetch_assoc(pwg_query($query));
if ($image_row==null)
@@ -1183,7 +1082,6 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids
'', true
);
$where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
- $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' );
$order_by = ws_std_image_sql_order($params);
if (empty($order_by))
@@ -1266,54 +1164,4 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
);
}
-
-/**
- * expand_id_list($ids) convert a human list expression to a full ordered list
- * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)
- * */
-function expand_id_list($ids)
-{
- $tid = array();
- foreach ( $ids as $id )
- {
- if ( is_numeric($id) )
- {
- $tid[] = (int) $id;
- }
- else
- {
- $range = explode( '-', $id );
- if ( is_numeric($range[0]) and is_numeric($range[1]) )
- {
- $from = min($range[0],$range[1]);
- $to = max($range[0],$range[1]);
- for ($i = $from; $i <= $to; $i++)
- {
- $tid[] = (int) $i;
- }
- }
- }
- }
- $result = array_unique ($tid); // remove duplicates...
- sort ($result);
- return $result;
-}
-
-
-/**
- * converts a cat-ids array in image-ids array
- * FIXME Function which should already exist somewhere else
- * */
-function get_image_ids_for_cats($cat_ids)
-{
- $cat_list = implode(',', $cat_ids);
- $ret_ids = array();
- $query = '
- SELECT DISTINCT image_id
- FROM '.IMAGE_CATEGORY_TABLE.'
- WHERE category_id in ('.$cat_list.')
- ;';
- return array_from_query($query, 'image_id');
-}
-
?>