UMR Events route now checks access-rights for given eventIds correctly

hrz-unimr · Oct 7, 2015 · a7f1d65 · a7f1d65
1 parent 86545fd
commit a7f1d65
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 28 deletions.
diff --git a/...ices/UIComponent/UserInterfaceHook/REST/RESTController/core/auth/models/Token/Generic.php b/...ices/UIComponent/UserInterfaceHook/REST/RESTController/core/auth/models/Token/Generic.php
@@ -30,7 +30,7 @@ class Generic extends Base {
     const MSG_INVALID = 'Token is invalid.';
 
 
-    //
+    // Contents of TokenArray
     protected static $fields = array(
         'user',
         'api_key',
@@ -40,6 +40,8 @@ class Generic extends Base {
         's',
         'h'
     );
+    // Buffer UserId of given User
+    protected $bufferedUserId = null;
 
 
     /**
@@ -104,8 +106,11 @@ public function getUserName() {
         return $this->tokenArray['user'];
     }
     public function getUserId() {
-        $user = $this->tokenArray['user'];
-        return Libs\RESTLib::getUserIdFromUserName($user);
+        if (!$this->bufferedUserId) {
+            $user                 = $this->tokenArray['user'];
+            $this->bufferedUserId = Libs\RESTLib::getUserIdFromUserName($user);
+        }
+        return $this->bufferedUserId;
     }
     public function getApiKey() {
         return $this->tokenArray['api_key'];

diff --git a/.../UIComponent/UserInterfaceHook/REST/RESTController/extensions/umr_v1/models/Calendars.php b/.../UIComponent/UserInterfaceHook/REST/RESTController/extensions/umr_v1/models/Calendars.php
@@ -22,26 +22,36 @@ class Calendars extends Libs\RESTModel {
   const ID_NO_CALENDAR_ID   = 'RESTController\\extensions\\umr_v1\\Calendars::ID_NO_CALENDAR_ID';
   const ID_ALL_FAILED       = 'RESTController\\extensions\\umr_v1\\Calendars::ID_ALL_FAILED';
 
+
+  // Buffer categories (once for each userId)
+  protected static $categories    = array();
+
+
   /**
    *
    */
   protected static function getCategories($accessToken) {
-    // Load classes required to access calendars and their appointments
-    require_once('./Services/Calendar/classes/class.ilCalendarCategories.php');
-
-    // Fetch user-id from access-token
     $userId = $accessToken->getUserId();
 
-    // Initialize (global!) $ilUser object
-    $ilUser = Libs\RESTLib::loadIlUser($userId);
-    Libs\RESTLib::initAccessHandling();
+    // Query information only ONCE
+    if (!self::$categories[$userId]) {
+      // Load classes required to access calendars and their appointments
+      require_once('./Services/Calendar/classes/class.ilCalendarCategories.php');
+
+      // Fetch user-id from access-token
+      $userId = $accessToken->getUserId();
 
-    // Fetch calendars (called categories here), initialize from database
-    $calendarHandler = \ilCalendarCategories::_getInstance($userId);
-    $calendarHandler->initialize(\ilCalendarCategories::MODE_MANAGE);
+      // Initialize (global!) $ilUser object
+      $ilUser = Libs\RESTLib::loadIlUser($userId);
+      Libs\RESTLib::initAccessHandling();
+
+      // Fetch calendars (called categories here), initialize from database
+      self::$categories[$userId] = \ilCalendarCategories::_getInstance($userId);
+      self::$categories[$userId]->initialize(\ilCalendarCategories::MODE_MANAGE);
+    }
 
     // Fetch internal ids for calendars
-    return $calendarHandler;
+    return self::$categories[$userId];
   }
 
 
@@ -76,6 +86,17 @@ function($value) { return intval($value); },
   }
 
 
+  /**
+   *
+   */
+  public static function hasCalendar($accessToken, $calendarId) {
+    $categories     = Calendars::getCategories($accessToken);
+    $calendarInfos  = $categories->getCategoriesInfo();
+
+    return ($calendarInfos[$calendarId] != null);
+  }
+
+
   /**
    *
    */
@@ -130,12 +151,8 @@ public static function getCalendars($accessToken, $calendarIds) {
    *
    */
   public static function getAllEventsOfCalendar($accessToken, $calendarId) {
-    // Fetch all calendars
-    $categories     = self::getCategories($accessToken);
-    $calendarInfos  = $categories->getCategoriesInfo();
-
     // Check if calendar exists
-    if ($calendarInfos[$calendarId])
+    if (self::hasCalendar($accessToken, $calendarId))
       // Fetch events of calendar
       return Events::getEventsForCalendar($calendarId);
     else

diff --git a/...ces/UIComponent/UserInterfaceHook/REST/RESTController/extensions/umr_v1/models/Events.php b/...ces/UIComponent/UserInterfaceHook/REST/RESTController/extensions/umr_v1/models/Events.php
@@ -136,31 +136,46 @@ public static function getEvents($accessToken, $eventIds) {
     if (!is_array($eventIds))
       $eventIds = array($eventIds);
 
-    // Extract user name
-    $userId       = $accessToken->getUserId();
-
-    // TODO: Check access-rights!
-
     // Load classes required to appointments
     require_once('./Services/Calendar/classes/class.ilCalendarCategoryAssignments.php');
 
     // Fetch each contact from list
     $result     = array();
-    $noSuccess  = true;
+    $calendars  = array();
+    $success     = 0;
     foreach($eventIds as $eventId) {
-      $calendarId       = current(\ilCalendarCategoryAssignments::_getAppointmentCalendars(array($eventId)));
+      // Fetch calendarId
+      $calendarId             = current(\ilCalendarCategoryAssignments::_getAppointmentCalendars(array($eventId)));
+
+      // Does calendar exist
       if ($calendarId) {
+        // Fetch event
         $result[$eventId] = self::getEventInfo($calendarId, $eventId);
-        $noSuccess        = false;
+
+        // Store events to check calendar access-rights later
+        $calendars[$calendarId] = ($calendars[$calendarId]) ? $calendars[$calendarId][] = $eventId : array($eventId);
+        ++$success;
       }
+      // Calendar does not exist
       else {
         $result[$eventId]             = Libs\RESTLib::responseObject(sprintf(self::MSG_NO_EVENT_ID, $eventId), self::ID_NO_EVENT_ID);
         $result[$eventId]['event_id'] = $eventId;
       }
     }
 
+    // Check access-rights
+    foreach($calendars as $calendarId => $eventIds)
+      if (!Calendars::hasCalendar($accessToken, $calendarId))
+        // Unset all events of this calendar
+        foreach($eventIds as $eventId) {
+          $result[$eventId] = Libs\RESTLib::responseObject(sprintf(self::MSG_NO_EVENT_ID, $eventId), self::ID_NO_EVENT_ID);
+          $result[$eventId]['event_id'] = $eventId;
+
+          --$success;
+        }
+
     // If every request failed, throw instead
-    if ($noSuccess)
+    if ($success == 0)
       throw new Exceptions\Events(self::MSG_ALL_FAILED, self::ID_ALL_FAILED, $result);
 
     return $result;