aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/config_default.inc.php18
-rw-r--r--include/constants.php2
-rw-r--r--include/ws_functions.inc.php156
3 files changed, 2 insertions, 174 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 019220b29..838cc20b0 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -618,24 +618,6 @@ $conf['allow_web_services'] = true;
// Maximum number of images to be returned foreach call to the web service
$conf['ws_max_images_per_page'] = 500;
-// On Access control false / Admim Web Service need Php cURL extension
-// Controls are done on public basis or
-// if connected on member authorization basis
-$conf['ws_access_control'] = false;
-
-// Additionnal controls are made based on Web Service Access Table
-// Max returned rows number ( > 0 )
-$conf['ws_allowed_limit'] = array(1,2,3,5,10,25);
-
-// By default can be delayed by 0, 1, 2, 3, 5, 7, 14 or 30 days
-// 0 it's Now(), don't remove that one
-$conf['ws_postponed_start'] = array(0,1,2,3,5,7,14,30); /* In days */
-
-// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s)
-// or 15, 10, 7, 5, 1, 0 day(s)
-// 0 it's temporary closed (Useful for one access)
-$conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0);
-
// +-----------------------------------------------------------------------+
// | Filter |
// +-----------------------------------------------------------------------+
diff --git a/include/constants.php b/include/constants.php
index 42854a9d4..4966c8b59 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -104,8 +104,6 @@ if (!defined('IMAGE_TAG_TABLE'))
define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag');
if (!defined('PLUGINS_TABLE'))
define('PLUGINS_TABLE', $prefixeTable.'plugins');
-if (!defined('WEB_SERVICES_ACCESS_TABLE'))
- define('WEB_SERVICES_ACCESS_TABLE', $prefixeTable.'ws_access');
if (!defined('OLD_PERMALINKS_TABLE'))
define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks');
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 0a0b7189d..e305016e3 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -42,109 +42,10 @@ function ws_isInvokeAllowed($res, $methodName, $params)
return new PwgError(401, 'Access denied');
}
- if ( !$conf['ws_access_control'] )
- {
- return $res; // No controls are requested
- }
- $query = '
-SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$calling_partner_id'
- AND NOW() <= end; ";
- $result = pwg_query($query);
- $row = mysql_fetch_assoc($result);
- if ( empty($row) )
- {
- return new PwgError(403, 'Partner id does not exist or is expired');
- }
- if ( !empty($row['request'])
- and strpos($methodName, $row['request'])==false
- and strpos($methodName, 'session')==false
- and strpos($methodName, 'getVersion')==false )
- { // session and getVersion are allowed to diagnose any failure reason
- return new PwgError(403, 'Method not allowed');
- }
-
return $res;
}
/**
- * ws_addControls
- * returns additionnal controls if requested
- * usable for 99% of Web Service methods
- *
- * - Args
- * $methodName: is the requested method
- * $partner: is the key
- * $tbl_name: is the alias_name in the query (sometimes called correlation name)
- * null if !getting picture informations
- * - Logic
- * Access_control is not active: Return
- * Key is incorrect: Return 0 = 1 (False condition for MySQL)
- * One of Params doesn't match with type of request: return 0 = 1 again
- * Access list(id/cat/tag) is converted in expended image-id list
- * image-id list: converted to an in-where-clause
- *
- * The additionnal in-where-clause is return
- */
-function ws_addControls( $methodName, &$params, $tbl_name )
-{
- global $conf, $calling_partner_id;
- if ( !$conf['ws_access_control'] or !isset($calling_partner_id) )
- {
- return '1=1'; // No controls are requested
- }
-
-// Is it an active Partner?
- $query = '
-SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
- WHERE `name` = '$calling_partner_id'
- AND NOW() <= end; ";
-$result = pwg_query($query);
- if ( mysql_num_rows( $result ) == 0 )
- {
- return '0=1'; // Unknown partner or Obsolate agreement
- }
-
- $row = mysql_fetch_array($result);
-
-// Overide general object limit
- $params['per_page'] = $row['limit'];
-
-// Target restrict
-// 3 cases: list, cat or tag
-// Behind / we could found img-ids, cat-ids or tag-ids
- $target = $row['access'];
- if ( $target == '')
- {
- return '1=1'; // No controls are requested
- }
- list($type, $str_ids) = explode('/',$target); // Find type list
-
-// (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
- $arr_ids = expand_id_list( explode( ',',$str_ids ) );
- $addings = implode(',', $arr_ids);
-// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,
- if ( $type == 'list')
- {
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
-
- if ( $type == 'cat' )
- {
- $addings = implode(',', get_image_ids_for_cats($arr_ids));
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
-
- if ( $type == 'tag' )
- {
- $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));
- return $tbl_name . 'id IN ( ' . $addings . ' ) ';
- }
- // Unmanaged new type?
- return ' 0 = 1 '; // ???
-}
-
-/**
* returns a "standard" (for our web service) array of sql where clauses that
* filters the images (images table only)
*/
@@ -371,7 +272,6 @@ SELECT id, name, permalink, image_order
'visible_images' => 'i.id'
), null, true
);
- $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' );
$order_by = ws_std_image_sql_order($params, 'i.');
if ( empty($order_by)
@@ -609,9 +509,8 @@ SELECT * FROM '.IMAGES_TABLE.'
get_sql_condition_FandF(
array('visible_images' => 'id'),
' AND'
- ).' AND '.
- ws_addControls( 'images.getInfo', $params, '' ).'
-LIMIT 1;';
+ ).'
+LIMIT 1';
$image_row = mysql_fetch_assoc(pwg_query($query));
if ($image_row==null)
@@ -1183,7 +1082,6 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids
'', true
);
$where_clauses[] = 'id IN ('.implode(',',$image_ids).')';
- $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' );
$order_by = ws_std_image_sql_order($params);
if (empty($order_by))
@@ -1266,54 +1164,4 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
);
}
-
-/**
- * expand_id_list($ids) convert a human list expression to a full ordered list
- * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)
- * */
-function expand_id_list($ids)
-{
- $tid = array();
- foreach ( $ids as $id )
- {
- if ( is_numeric($id) )
- {
- $tid[] = (int) $id;
- }
- else
- {
- $range = explode( '-', $id );
- if ( is_numeric($range[0]) and is_numeric($range[1]) )
- {
- $from = min($range[0],$range[1]);
- $to = max($range[0],$range[1]);
- for ($i = $from; $i <= $to; $i++)
- {
- $tid[] = (int) $i;
- }
- }
- }
- }
- $result = array_unique ($tid); // remove duplicates...
- sort ($result);
- return $result;
-}
-
-
-/**
- * converts a cat-ids array in image-ids array
- * FIXME Function which should already exist somewhere else
- * */
-function get_image_ids_for_cats($cat_ids)
-{
- $cat_list = implode(',', $cat_ids);
- $ret_ids = array();
- $query = '
- SELECT DISTINCT image_id
- FROM '.IMAGE_CATEGORY_TABLE.'
- WHERE category_id in ('.$cat_list.')
- ;';
- return array_from_query($query, 'image_id');
-}
-
?>