RestHelper.php

Go to the documentation of this file.

<?php
/***************************************************************
Copyright (C) 2017 Siemens AG

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
version 2 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 ***************************************************************/

namespace Fossology\UI\Api\Helper;

use Fossology\Lib\Auth\Auth;
use Fossology\Lib\Dao\UploadPermissionDao;
use Fossology\Lib\Dao\UploadDao;
use Fossology\Lib\Dao\FolderDao;
use Fossology\Lib\Dao\UserDao;
use Fossology\UI\Api\Models\Info;
use Fossology\UI\Api\Models\InfoType;
use Fossology\Lib\Plugin\Plugin;
use Fossology\Lib\Dao\JobDao;
use Fossology\Lib\Dao\ShowJobsDao;

class RestHelper
{
  const VALID_SCOPES = ["read", "write"];
  const SCOPE_DB_MAP = ["read" => "r", "write" => "w"];
  const TOKEN_KEY_LENGTH = 40;
  private $uploadDao;
  private $dbHelper;
  private $uploadPermissionDao;
  private $folderDao;
  private $userDao;
  private $jobDao;
  private $showJobDao;
  private $authHelper;

  public function __construct(UploadPermissionDao $uploadPermissionDao,
    UploadDao $uploadDao, UserDao $userDao, FolderDao $folderDao,
    DbHelper $dbHelper, AuthHelper $authHelper, JobDao $jobDao,
    ShowJobsDao $showJobDao)
  {
    $this->uploadPermissionDao = $uploadPermissionDao;
    $this->uploadDao = $uploadDao;
    $this->userDao = $userDao;
    $this->folderDao = $folderDao;
    $this->dbHelper = $dbHelper;
    $this->authHelper = $authHelper;
    $this->jobDao = $jobDao;
    $this->showJobDao = $showJobDao;
  }

  public function getUserId()
  {
    $session = $this->authHelper->getSession();
    return $session->get(Auth::USER_ID);
  }

  public function getGroupId()
  {
    $session = $this->authHelper->getSession();
    return $session->get(Auth::GROUP_ID);
  }

  public function getUploadDao()
  {
    return $this->uploadDao;
  }

  public function getUserDao()
  {
    return $this->userDao;
  }

  public function getFolderDao()
  {
    return $this->folderDao;
  }

  public function getUploadPermissionDao()
  {
    return $this->uploadPermissionDao;
  }

  public function getAuthHelper()
  {
    return $this->authHelper;
  }

  public function getDbHelper()
  {
    return $this->dbHelper;
  }

  public function getJobDao()
  {
    return $this->jobDao;
  }

  public function getShowJobDao()
  {
    return $this->showJobDao;
  }

  public function copyUpload($uploadId, $newFolderId, $isCopy)
  {
    if (is_numeric($newFolderId) && $newFolderId > 0) {
      if (!$this->folderDao->isFolderAccessible($newFolderId, $this->getUserId())) {
        return new Info(403, "Folder is not accessible.",
          InfoType::ERROR);
      }
      if (!$this->uploadPermissionDao->isAccessible($uploadId, $this->getGroupId())) {
        return new Info(403, "Upload is not accessible.",
          InfoType::ERROR);
      }
      $uploadContentId = $this->folderDao->getFolderContentsId($uploadId);
      $contentMove = $this->getPlugin('content_move');

      $errors = $contentMove->copyContent([$uploadContentId], $newFolderId, $isCopy);
      if (empty($errors)) {
        $action = $isCopy ? "copied" : "moved";
        $info = new Info(202, "Upload $uploadId will be $action to folder $newFolderId",
          InfoType::INFO);
      } else {
        $info = new Info(202, "Exceptions occurred: $errors",
          InfoType::ERROR);
      }
      return $info;
    } else {
      return new Info(400, "Bad Request. Folder id should be a positive integer",
        InfoType::ERROR);
    }
  }

  public function getPlugin($pluginName)
  {
    $plugin = plugin_find($pluginName);
    if (! $plugin) {
      throw new \UnexpectedValueException(
        "Unable to find plugin " . $pluginName);
    }
    return $plugin;
  }

  public function validateTokenRequest($tokenExpire, $tokenName, $tokenScope)
  {
    $requestValid = true;
    $tokenValidity = $this->authHelper->getMaxTokenValidity();

    if (strtotime($tokenExpire) < strtotime("tomorrow") ||
      ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/",
        $tokenExpire) ||
      strtotime($tokenExpire) > strtotime("+$tokenValidity days")) {
      $requestValid = new Info(400,
        "The token should have at least 1 day and max $tokenValidity days " .
        "of validity and should follow YYYY-MM-DD format.", InfoType::ERROR);
    } elseif (! in_array($tokenScope, RestHelper::VALID_SCOPES)) {
      $requestValid = new Info(400,
        "Invalid token scope, allowed only " .
        join(",", RestHelper::VALID_SCOPES), InfoType::ERROR);
    } elseif (empty($tokenName) || strlen($tokenName) > 40) {
      $requestValid = new Info(400,
        "The token name must be a valid string of max 40 character length",
        InfoType::ERROR);
    }
    return $requestValid;
  }
}