Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'cc-5709-airtime-analyzer' of github.com:sourcefabric/Airtime into cc-5709-airtime-analyzer 

Conflicts:
	airtime_mvc/application/modules/rest/controllers/MediaController.php
This commit is contained in:
Albert Santoni 2014-03-17 10:22:54 -04:00
parent 50a42f12bb 65ab49baee
commit e1f69b26af
1 changed files with 69 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
airtime_mvc/application/modules/rest/controllers/MediaController.php
View File

@ -2,6 +2,26 @@
class Rest_MediaController extends Zend_Rest_Controller class Rest_MediaController extends Zend_Rest_Controller
{ {
//fields that are not modifiable via our RESTful API
private $blackList = array(
'id',
'file_exists',
'hidden',
'silan_check',
'soundcloud_id',
'is_scheduled',
'is_playlist'
);
//fields we should never expose through our RESTful API
private $privateFields = array(
'file_exists',
'hidden',
'silan_check',
'is_scheduled',
'is_playlist'
);
public function init() public function init()
{ {
$this->view->layout()->disableLayout(); $this->view->layout()->disableLayout();
@ -13,10 +33,10 @@ class Rest_MediaController extends Zend_Rest_Controller
return; return;
} }
$files_array = []; $files_array = array();
foreach (CcFilesQuery::create()->find() as $file) foreach (CcFilesQuery::create()->find() as $file)
{ {
array_push($files_array, $file->toArray(BasePeer::TYPE_FIELDNAME)); array_push($files_array, $this->sanitizeResponse($file));
} }
$this->getResponse() $this->getResponse()
@ -42,11 +62,10 @@ class Rest_MediaController extends Zend_Rest_Controller
$file = CcFilesQuery::create()->findPk($id); $file = CcFilesQuery::create()->findPk($id);
if ($file) { if ($file) {
//TODO: Strip or sanitize the JSON output
$this->getResponse() $this->getResponse()
->setHttpResponseCode(200) ->setHttpResponseCode(200)
->appendBody(json_encode($file->toArray(BasePeer::TYPE_FIELDNAME))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} else { } else {
$this->fileNotFoundResponse(); $this->fileNotFoundResponse();
} }
@ -66,18 +85,21 @@ class Rest_MediaController extends Zend_Rest_Controller
return; return;
} }
//TODO: Strip or sanitize the JSON output
$file = new CcFiles(); $file = new CcFiles();
$file->fromArray($this->getRequest()->getPost()); $file->fromArray($this->validateRequestData($this->getRequest()->getPost()));
$file->setDbOwnerId($this->getOwnerId()); $file->setDbOwnerId($this->getOwnerId());
$now = new DateTime("now", new DateTimeZone("UTC"));
$file->setDbUtime($now);
$file->setDbMtime($now);
$file->save(); $file->save();
$callbackUrl = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->getRequest()->getRequestUri() . "/" . $file->getPrimaryKey(); $callbackUrl = $this->getRequest()->getScheme() . '://' . $this->getRequest()->getHttpHost() . $this->getRequest()->getRequestUri() . "/" . $file->getPrimaryKey();
$this->processUploadedFile($callbackUrl, $_FILES["file"]["name"], $this->getOwnerId()); $this->processUploadedFile($callbackUrl, $_FILES["file"]["name"], $this->getOwnerId());
$this->getResponse() $this->getResponse()
->setHttpResponseCode(201) ->setHttpResponseCode(201)
->appendBody(json_encode($file->toArray(BasePeer::TYPE_FIELDNAME))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} }
public function putAction() public function putAction()
@ -93,8 +115,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$file = CcFilesQuery::create()->findPk($id); $file = CcFilesQuery::create()->findPk($id);
if ($file) if ($file)
{ {
//TODO: Strip or sanitize the JSON output
$fileFromJson = json_decode($this->getRequest()->getRawBody(), true); $fileFromJson = json_decode($this->getRequest()->getRawBody(), true);
//Our RESTful API takes "full_path" as a field, which we then split and translate to match //Our RESTful API takes "full_path" as a field, which we then split and translate to match
@ -115,11 +135,14 @@ class Rest_MediaController extends Zend_Rest_Controller
$fileFromJson["directory"] = 1; //1 corresponds to the default stor/imported directory. $fileFromJson["directory"] = 1; //1 corresponds to the default stor/imported directory.
} }
} }
$file->fromArray($fileFromJson, BasePeer::TYPE_FIELDNAME);
$file->fromArray($this->validateRequestData(json_decode($fileFromJson, true)), BasePeer::TYPE_FIELDNAME);
$now = new DateTime("now", new DateTimeZone("UTC"));
$file->setDbMtime($now);
$file->save(); $file->save();
$this->getResponse() $this->getResponse()
->setHttpResponseCode(200) ->setHttpResponseCode(200)
->appendBody(json_encode($file->toArray(BasePeer::TYPE_FIELDNAME))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} else { } else {
$this->fileNotFoundResponse(); $this->fileNotFoundResponse();
} }
@ -262,5 +285,36 @@ class Rest_MediaController extends Zend_Rest_Controller
Logging::info($e->getMessage()); Logging::info($e->getMessage());
} }
} }
/**
*
* Strips out fields from incoming request data that should never be modified
* from outside of Airtime
* @param array $data
*/
private function validateRequestData($data)
{
foreach ($this->blackList as $key) {
unset($data[$key]);
}
return $data;
}
/**
*
* Strips out the private fields we do not want to send back in API responses
*/
//TODO: rename this function?
public function sanitizeResponse($file)
{
$response = $file->toArray(BasePeer::TYPE_FIELDNAME);
foreach ($this->privateFields as $key) {
unset($response[$key]);
}
return $response;
}
} }