ограничения в методах для ключей,

новый метод users.add http://docs.instantcms.ru/manual/components/api/methods/users-add
+ мелкие правки

Author: fuze

install.sql

@@ -5,6 +5,7 @@ CREATE TABLE `{#}api_keys` (
   `api_key` varchar(32) DEFAULT NULL,
   `description` varchar(100) DEFAULT NULL,
   `ip_access` text,
+  `key_methods` text,
   PRIMARY KEY (`id`),
   UNIQUE KEY `api_key` (`api_key`)
 ) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

manifest.en.ini

@@ -6,7 +6,7 @@ image = "icon.png"
 major = "2"
 minor = "0"
 build = "0"
-date  = "20160101"
+date  = "20170505"
 
 [depends]
 core = "2.5.0"

manifest.ru.ini

@@ -6,7 +6,7 @@ image = "icon.png"
 major = "2"
 minor = "0"
 build = "0"
-date  = "20160101"
+date  = "20170505"
 
 [depends]
 core = "2.5.0"

package/system/controllers/api/actions/method.php

@@ -1,22 +1,28 @@
 <?php
 /******************************************************************************/
 //                                                                            //
-//                             InstantMedia 2016                              //
+//                             InstantMedia 2017                              //
 //	 		      http://instantmedia.ru/, support@instantmedia.ru            //
 //                               written by Fuze                              //
 //                                                                            //
 /******************************************************************************/
 
 class actionApiMethod extends cmsAction {
 
-    private $key = null;
-
     private $method_name       = null;
     private $method_params     = array();
     private $method_controller_name = null;
     private $method_action_name     = null;
 
+    /**
+     * Объект контроллера api метода
+     * @var object
+     */
     private $method_controller = null;
+    /**
+     * Объект класса api метода
+     * @var object
+     */
     private $method_action     = null;
 
     public function __construct($controller, $params=array()){
@@ -310,6 +316,16 @@ public function checkRequest() {
             return $this->error(23);
         }
 
+        $method_name = str_replace('.', '_', $this->method_name);
+
+        $is_view = !$this->key['methods_access']['allow'] || in_array($method_name, $this->key['methods_access']['allow']);
+        $is_hide = $this->key['methods_access']['disallow'] && in_array($method_name, $this->key['methods_access']['disallow']);
+
+        // првоеряем доступ к методу
+        if (!$is_view || $is_hide) {
+            return $this->error(24);
+        }
+
         return true;
 
     }

package/system/controllers/api/api_actions/api_content_get.php

@@ -277,6 +277,8 @@ public function run($ctype_name){
         list($this->ctype, $items) = cmsEventsManager::hook("content_{$this->ctype['name']}_before_list", array($this->ctype, $items));
         list($this->ctype, $items) = cmsEventsManager::hook('content_api_list', array($this->ctype, $items));
 
+        $result_items = array();
+
         if($items){
             foreach ($items as $key => $item) {
 
@@ -306,6 +308,9 @@ public function run($ctype_name){
                     }
 
                 }
+
+                $result_items[] = $items[$key];
+
             }
         }
 
@@ -314,7 +319,7 @@ public function run($ctype_name){
         }
 
         $this->result['count']    = $total;
-        $this->result['items']    = $items;
+        $this->result['items']    = $result_items;
         $this->result['additionally'] = array(
             'fields'       => $fields,
             'props'        => $props,

package/system/controllers/api/api_actions/api_content_get_item.php

@@ -71,6 +71,13 @@ public function validateApiRequest($ctype_name=null) {
             }
         }
 
+        // Проверяем, что не удалено
+        if (!empty($this->item['is_deleted'])){
+            if (!$is_moderator){
+                return array('error_msg' => LANG_API_ERROR100);
+            }
+        }
+
         // Проверяем приватность
         if ($this->item['is_private'] == 1){ // доступ только друзьям
 

package/system/controllers/api/api_actions/api_users_add.php

@@ -0,0 +1,138 @@
+<?php
+
+class actionUsersApiUsersAdd extends cmsAction {
+
+    public function __construct($controller, $params=array()) {
+
+        parent::__construct($controller, $params);
+
+        $this->is_submitted = $this->request->has('submit');
+
+        if($this->is_submitted){
+            $this->check_sig = true;
+        }
+
+    }
+
+    /**
+     * Блокировка прямого вызова экшена
+     * обязательное свойство
+     * @var boolean
+     */
+    public $lock_explicit_call = true;
+    /**
+     * Результат запроса
+     * обязательное свойство
+     * @var array
+     */
+    public $result;
+    /**
+     * Флаг, обязующий проверять параметр sig запроса
+     * sig привязан к домену сайта и к ip адресу посетителя
+     * @var boolean
+     */
+    public $check_sig = false;
+
+    /**
+     * Возможные параметры запроса
+     * с правилами валидации
+     * Если запрос имеет параметры, необходимо описать их здесь
+     * Правила валидации параметров задаются по аналогии с полями форм
+     * @var array
+     */
+    public $request_params = array();
+
+    private $is_submitted = false;
+
+    public function validateApiRequest() {
+
+        if(!$this->is_submitted){
+            return false;
+        }
+
+        $form = $this->getUserForm();
+        if(!$form){ return array('error_code' => 1); }
+
+        // загружаем модель пользователя
+        $this->users_model = cmsCore::getModel('users');
+
+        $user = $form->parse($this->request, true);
+
+        $errors = $form->validate($this,  $user, false);
+
+        if (mb_strlen($user['password1']) < 6) {
+            $errors['password1'] = sprintf(ERR_VALIDATE_MIN_LENGTH, 6);
+        }
+
+        if($errors){
+
+            return array(
+                'error_code'     => 100,
+                'error_msg'      => '',
+                'request_params' => $errors
+            );
+
+        }
+
+        $result = $this->users_model->addUser($user);
+
+        if (!$result['success']){
+
+            return array(
+                'error_code'     => 100,
+                'error_msg'      => '',
+                'request_params' => (array)$result['errors']
+            );
+
+        }
+
+        $user['id'] = $result['id'];
+
+        cmsUser::setUPS('first_auth', 1, $user['id']);
+
+        $this->user = $user;
+
+        return false;
+
+    }
+
+    public function run(){
+
+        if(!$this->is_submitted){
+            return $this->returnForm();
+        }
+
+        $this->result = array(
+            'user_id'         => $this->user['id'],
+            'is_verify_email' => false,
+            'success_text'    => sprintf(LANG_CP_USER_CREATED, $this->user['nickname'])
+        );
+
+    }
+
+    private function returnForm() {
+
+        $this->result = array();
+
+        $form = $this->getUserForm();
+        if(!$form){ return; }
+
+        $this->result['item'] = form_to_params($form);
+        $this->result['sig']  = get_sig();
+
+    }
+
+    private function getUserForm() {
+
+        cmsCore::loadControllerLanguage('admin');
+
+        $form = $this->getControllerForm('admin', 'user', array('add'));
+        if(!$form){ return false; }
+
+        $form->removeFieldset('permissions');
+
+        return $form;
+
+    }
+
+}

package/system/controllers/api/backend/forms/form_key.php

@@ -1,7 +1,7 @@
 <?php
 /******************************************************************************/
 //                                                                            //
-//                             InstantMedia 2016                              //
+//                             InstantMedia 2017                              //
 //	 		      http://instantmedia.ru/, support@instantmedia.ru            //
 //                               written by Fuze                              //
 //                                                                            //
@@ -11,6 +11,24 @@ class formApiKey extends cmsForm {
 
     public function init() {
 
+        $generator = function($item){
+            static $items = null;
+            if($items === null){
+                $api_actions = cmsCore::getFilesList('system/controllers/api/api_actions/', 'api_*.php');
+                $actions = cmsCore::getFilesList('system/controllers/api/actions/', 'api_*.php');
+                $hooks = cmsCore::getFilesList('system/controllers/api/hooks/', 'api_*.php');
+                $files = array_unique(array_merge($hooks, $actions, $api_actions));
+                $items = array();
+                if ($files) {
+                    foreach ($files as $file_name) {
+                        $name = str_replace(array('api_', '.php'), '', $file_name);
+                        $items[$name] = $name;
+                    }
+                }
+            }
+            return $items;
+        };
+
         return array(
 
             array(
@@ -44,7 +62,20 @@ public function init() {
 
                     new fieldText('ip_access', array(
                         'title' => LANG_API_ALLOW_IPS,
-                        'hint'  => LANG_CP_SETTINGS_ALLOW_IPS_HINT
+                        'hint'  => sprintf(LANG_CP_SETTINGS_ALLOW_IPS_HINT, cmsUser::getIp())
+                    )),
+
+                    new fieldListMultiple('methods_access:allow', array(
+                        'title'    => LANG_API_ALLOW_METHODS,
+                        'default'  => 0,
+                        'show_all' => true,
+                        'generator' => $generator
+                    )),
+
+                    new fieldListMultiple('methods_access:disallow', array(
+                        'title'    => LANG_API_DISALLOW_METHODS,
+                        'default'  => 0,
+                        'generator' => $generator
                     ))
 
                 )

package/system/controllers/api/frontend.php

@@ -1,7 +1,7 @@
 <?php
 /******************************************************************************/
 //                                                                            //
-//                             InstantMedia 2016                              //
+//                             InstantMedia 2017                              //
 //	 		      http://instantmedia.ru/, support@instantmedia.ru            //
 //                               written by Fuze                              //
 //                                                                            //

package/system/controllers/api/model.php

@@ -17,7 +17,11 @@ public function getKey($id) {
             $field = 'api_key';
         }
 
-		return $this->filterEqual($field, $id)->getItem('api_keys');
+		$key = $this->filterEqual($field, $id)->getItem('api_keys');
+
+        $key['methods_access'] = cmsModel::yamlToArray($key['methods_access']);
+
+        return $key;
 
     }