kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 09:39:57 +00:00
Code Issues Projects Releases Wiki Activity

Don't expose uihelper views via the API / allow to get stock_log via generic entity interaction endpoints (no edit)

Browse Source
This commit is contained in:
Bernd Bestel 2020-11-16 22:18:37 +01:00
parent e85b21384f
commit 512ef745da
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
4 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelog/60_UNRELEASED_2020-xx-xx.md
View File

@ -170,8 +170,6 @@
- `/objects/{entity}`
- `/stock/products/{productId}/entries`
- `/stock/products/{productId}/locations`
- `/stock/journal`
- `/stock/journal/summary`
- `/recipes/fulfillment`
- `/users`
- `/tasks`
@ -191,10 +189,10 @@
- `>=` greater or equal
- `<=` less or equal
- `<value>` is the value to search for
- New endpoints `/stock/journal` and `/stock/journal/summary` to get the stock journal (thanks @fipwmaqzufheoxq92ebc)
- New endpoint `/stock/shoppinglist/add-overdue-products` to add all currently in-stock but overdue products to a shopping list (thanks @m-byte)
- New endpoint `/stock/shoppinglist/add-expired-products` to add all currently in-stock but expired products to a shopping list
- New endpoints GET/POST/PUT `/users/{userId}/permissions` for the new user permissions feature mentioned above
- The stock journal (entity `stock_log`) is now also available via the endpoint `/objects/{entity}` (=> `/objects/stock_log`)
- Performance improvements of the `/stock/products/*` endpoints (thanks @fipwmaqzufheoxq92ebc)
- Fixed that the endpoint `/objects/{entity}/{objectId}` always returned successfully, even when the given object not exists (now returns `404` when the object is not found) (thanks @fipwmaqzufheoxq92ebc)
- Fixed that the endpoint `/stock/volatile` didn't include products which expire today (thanks @fipwmaqzufheoxq92ebc)

24
controllers/GenericEntityApiController.php
View File

@ -11,7 +11,7 @@ class GenericEntityApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity']))
if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{
@ -27,10 +27,10 @@ class GenericEntityApiController extends BaseApiController
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
}
$newRow = $this->getDatabase()->{$args['entity']}
()->createRow($requestBody);
$newRow = $this->getDatabase()->{$args['entity']}()->createRow($requestBody);
$newRow->save();
$success = $newRow->isClean();
return $this->ApiResponse($response, [
'created_object_id' => $this->getDatabase()->lastInsertId()
]);
@ -50,16 +50,17 @@ class GenericEntityApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity']))
if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{
User::checkPermission($request, User::PERMISSION_ADMIN);
}
$row = $this->getDatabase()->{$args['entity']}
($args['objectId']);
$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
$row->delete();
$success = $row->isClean();
return $this->EmptyApiResponse($response);
}
else
@ -72,7 +73,7 @@ class GenericEntityApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
if ($this->IsValidEntity($args['entity']))
if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
{
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
{
@ -88,10 +89,10 @@ class GenericEntityApiController extends BaseApiController
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
}
$row = $this->getDatabase()->{$args['entity']}
($args['objectId']);
$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
$row->update($requestBody);
$success = $row->isClean();
return $this->EmptyApiResponse($response);
}
catch (\Exception $ex)
@ -213,6 +214,11 @@ class GenericEntityApiController extends BaseApiController
return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityButNoListing->enum);
}
private function IsEntityWithNoEdit($entity)
{
return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityNoEdit->enum);
}
private function IsValidEntity($entity)
{
return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntity->enum);

20
controllers/OpenApiController.php
View File

@ -28,14 +28,24 @@ class OpenApiController extends BaseApiController
public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
$spec = $this->getOpenApiSpec();
$applicationService = $this->getApplicationService();
$versionInfo = $applicationService->GetInstalledVersion();
$this->getOpenApiSpec()->info->version = $versionInfo->Version;
$this->getOpenApiSpec()->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $this->getOpenApiSpec()->info->description);
$this->getOpenApiSpec()->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
$spec->info->version = $versionInfo->Version;
$spec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $spec->info->description);
$spec->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
return $this->ApiResponse($response, $this->getOpenApiSpec());
$spec->components->internalSchemas->ExposedEntity_NotIncludingNotEditable = clone $spec->components->internalSchemas->StringEnumTemplate;
foreach ($spec->components->internalSchemas->ExposedEntity->enum as $value)
{
if (!in_array($value, $spec->components->internalSchemas->ExposedEntityNoEdit->enum))
{
array_push($spec->components->internalSchemas->ExposedEntity_NotIncludingNotEditable->enum, $value);
}
}
return $this->ApiResponse($response, $spec);
}
public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)

24
grocy.openapi.json
View File

@ -280,7 +280,7 @@
"required": true,
"description": "A valid entity name",
"schema": {
"$ref": "#/components/internalSchemas/ExposedEntity"
"$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
}
}
],
@ -442,7 +442,7 @@
"required": true,
"description": "A valid entity name",
"schema": {
"$ref": "#/components/internalSchemas/ExposedEntity"
"$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
}
},
{
@ -516,7 +516,7 @@
"required": true,
"description": "A valid entity name",
"schema": {
"$ref": "#/components/internalSchemas/ExposedEntity"
"$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
}
},
{
@ -608,7 +608,7 @@
"required": true,
"description": "A valid entity name",
"schema": {
"$ref": "#/components/internalSchemas/ExposedEntity"
"$ref": "#/components/internalSchemas/ExposedEntity_NotIncludingNotEditable"
}
},
{
@ -3851,7 +3851,8 @@
"userfields",
"userentities",
"userobjects",
"meal_plan"
"meal_plan",
"stock_log"
]
},
"ExposedEntityButNoListing": {
@ -3877,7 +3878,8 @@
"userfields",
"userentities",
"userobjects",
"meal_plan"
"meal_plan",
"stock_log"
]
},
"EntityEditRequiresAdmin": {
@ -3886,6 +3888,12 @@
"api_keys"
]
},
"ExposedEntityNoEdit": {
"type": "string",
"enum": [
"stock_log"
]
},
"StockTransactionType": {
"type": "string",
"enum": [
@ -3894,6 +3902,10 @@
"inventory-correction",
"product-opened"
]
},
"StringEnumTemplate": {
"type": "string",
"enum": []
}
},
"schemas": {