kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-30 01:55:47 +00:00
Code Issues Projects Releases Wiki Activity

Don't expose uihelper views via the API / allow to get stock_log via generic entity interaction endpoints (no edit)

Browse Source
This commit is contained in:
Bernd Bestel 2020-11-16 22:18:37 +01:00
parent e85b21384f
commit 512ef745da
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
4 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelog/60_UNRELEASED_2020-xx-xx.md
View File

@ -170,8 +170,6 @@
- `/objects/{entity}` - `/objects/{entity}`
- `/stock/products/{productId}/entries` - `/stock/products/{productId}/entries`
- `/stock/products/{productId}/locations` - `/stock/products/{productId}/locations`
- `/stock/journal`
- `/stock/journal/summary`
- `/recipes/fulfillment` - `/recipes/fulfillment`
- `/users` - `/users`
- `/tasks` - `/tasks`
@ -191,10 +189,10 @@
- `>=` greater or equal - `>=` greater or equal
- `<=` less or equal - `<=` less or equal
- `<value>` is the value to search for - `<value>` is the value to search for
- New endpoints `/stock/journal` and `/stock/journal/summary` to get the stock journal (thanks @fipwmaqzufheoxq92ebc)
- New endpoint `/stock/shoppinglist/add-overdue-products` to add all currently in-stock but overdue products to a shopping list (thanks @m-byte) - New endpoint `/stock/shoppinglist/add-overdue-products` to add all currently in-stock but overdue products to a shopping list (thanks @m-byte)
- New endpoint `/stock/shoppinglist/add-expired-products` to add all currently in-stock but expired products to a shopping list - New endpoint `/stock/shoppinglist/add-expired-products` to add all currently in-stock but expired products to a shopping list
- New endpoints GET/POST/PUT `/users/{userId}/permissions` for the new user permissions feature mentioned above - New endpoints GET/POST/PUT `/users/{userId}/permissions` for the new user permissions feature mentioned above
- The stock journal (entity `stock_log`) is now also available via the endpoint `/objects/{entity}` (=> `/objects/stock_log`)
- Performance improvements of the `/stock/products/*` endpoints (thanks @fipwmaqzufheoxq92ebc) - Performance improvements of the `/stock/products/*` endpoints (thanks @fipwmaqzufheoxq92ebc)
- Fixed that the endpoint `/objects/{entity}/{objectId}` always returned successfully, even when the given object not exists (now returns `404` when the object is not found) (thanks @fipwmaqzufheoxq92ebc) - Fixed that the endpoint `/objects/{entity}/{objectId}` always returned successfully, even when the given object not exists (now returns `404` when the object is not found) (thanks @fipwmaqzufheoxq92ebc)
- Fixed that the endpoint `/stock/volatile` didn't include products which expire today (thanks @fipwmaqzufheoxq92ebc) - Fixed that the endpoint `/stock/volatile` didn't include products which expire today (thanks @fipwmaqzufheoxq92ebc)

24
controllers/GenericEntityApiController.php
View File

@ -11,7 +11,7 @@ class GenericEntityApiController extends BaseApiController
{ {
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT); User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity'])) if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{ {
if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{ {
@ -27,10 +27,10 @@ class GenericEntityApiController extends BaseApiController
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)'); throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
} }
$newRow = $this->getDatabase()->{$args['entity']} $newRow = $this->getDatabase()->{$args['entity']}()->createRow($requestBody);
()->createRow($requestBody);
$newRow->save(); $newRow->save();
$success = $newRow->isClean(); $success = $newRow->isClean();
return $this->ApiResponse($response, [ return $this->ApiResponse($response, [
'created_object_id' => $this->getDatabase()->lastInsertId() 'created_object_id' => $this->getDatabase()->lastInsertId()
]); ]);
@ -50,16 +50,17 @@ class GenericEntityApiController extends BaseApiController
{ {
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT); User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity'])) if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{ {
if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{ {
User::checkPermission($request, User::PERMISSION_ADMIN); User::checkPermission($request, User::PERMISSION_ADMIN);
} }
$row = $this->getDatabase()->{$args['entity']}
($args['objectId']); $row = $this->getDatabase()->{$args['entity']}($args['objectId']);
$row->delete(); $row->delete();
$success = $row->isClean(); $success = $row->isClean();
return $this->EmptyApiResponse($response); return $this->EmptyApiResponse($response);
} }
else else
@ -72,7 +73,7 @@ class GenericEntityApiController extends BaseApiController
{ {
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT); User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity'])) if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{ {
if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{ {
@ -88,10 +89,10 @@ class GenericEntityApiController extends BaseApiController
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)'); throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
} }
$row = $this->getDatabase()->{$args['entity']} $row = $this->getDatabase()->{$args['entity']}($args['objectId']);
($args['objectId']);
$row->update($requestBody); $row->update($requestBody);
$success = $row->isClean(); $success = $row->isClean();
return $this->EmptyApiResponse($response); return $this->EmptyApiResponse($response);
} }
catch (\Exception $ex) catch (\Exception $ex)
@ -213,6 +214,11 @@ class GenericEntityApiController extends BaseApiController
return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityButNoListing->enum); return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityButNoListing->enum);
} }
private function IsEntityWithNoEdit($entity)
{
return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityNoEdit->enum);
}
private function IsValidEntity($entity) private function IsValidEntity($entity)
{ {
return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntity->enum); return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntity->enum);

20
controllers/OpenApiController.php
View File

@ -28,14 +28,24 @@ class OpenApiController extends BaseApiController
public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args) public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{ {
$spec = $this->getOpenApiSpec();
$applicationService = $this->getApplicationService(); $applicationService = $this->getApplicationService();
$versionInfo = $applicationService->GetInstalledVersion(); $versionInfo = $applicationService->GetInstalledVersion();
$this->getOpenApiSpec()->info->version = $versionInfo->Version; $spec->info->version = $versionInfo->Version;
$this->getOpenApiSpec()->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $this->getOpenApiSpec()->info->description); $spec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $spec->info->description);
$this->getOpenApiSpec()->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api'); $spec->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
return $this->ApiResponse($response, $this->getOpenApiSpec()); $spec->components->internalSchemas->ExposedEntity_NotIncludingNotEditable = clone $spec->components->internalSchemas->StringEnumTemplate;
foreach ($spec->components->internalSchemas->ExposedEntity->enum as $value)
{
if (!in_array($value, $spec->components->internalSchemas->ExposedEntityNoEdit->enum))
{
array_push($spec->components->internalSchemas->ExposedEntity_NotIncludingNotEditable->enum, $value);
}
}
return $this->ApiResponse($response, $spec);
} }
public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args) public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)

24
grocy.openapi.json
View File

@ -280,7 +280,7 @@
"required": true, "required": true,
"description": "A valid entity name", "description": "A valid entity name",
"schema": { "schema": {
"$ref": "#/components/internalSchemas/ExposedEntity" "$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
} }
} }
], ],
@ -442,7 +442,7 @@
"required": true, "required": true,
"description": "A valid entity name", "description": "A valid entity name",
"schema": { "schema": {
"$ref": "#/components/internalSchemas/ExposedEntity" "$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
} }
}, },
{ {
@ -516,7 +516,7 @@
"required": true, "required": true,
"description": "A valid entity name", "description": "A valid entity name",
"schema": { "schema": {
"$ref": "#/components/internalSchemas/ExposedEntity" "$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
} }
}, },
{ {
@ -608,7 +608,7 @@
"required": true, "required": true,
"description": "A valid entity name", "description": "A valid entity name",
"schema": { "schema": {
"$ref": "#/components/internalSchemas/ExposedEntity" "$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
} }
}, },
{ {
@ -3851,7 +3851,8 @@
"userfields", "userfields",
"userentities", "userentities",
"userobjects", "userobjects",
"meal_plan" "meal_plan",
"stock_log"
] ]
}, },
"ExposedEntityButNoListing": { "ExposedEntityButNoListing": {
@ -3877,7 +3878,8 @@
"userfields", "userfields",
"userentities", "userentities",
"userobjects", "userobjects",
"meal_plan" "meal_plan",
"stock_log"
] ]
}, },
"EntityEditRequiresAdmin": { "EntityEditRequiresAdmin": {
@ -3886,6 +3888,12 @@
"api_keys" "api_keys"
] ]
}, },
"ExposedEntityNoEdit": {
"type": "string",
"enum": [
"stock_log"
]
},
"StockTransactionType": { "StockTransactionType": {
"type": "string", "type": "string",
"enum": [ "enum": [
@ -3894,6 +3902,10 @@
"inventory-correction", "inventory-correction",
"product-opened" "product-opened"
] ]
},
"StringEnumTemplate": {
"type": "string",
"enum": []
} }
}, },
"schemas": { "schemas": {