mirror of
https://github.com/grocy/grocy.git
synced 2025-04-29 17:45:39 +00:00
312 lines
9.7 KiB
PHP
312 lines
9.7 KiB
PHP
<?php
|
|
|
|
namespace Grocy\Controllers;
|
|
|
|
use Grocy\Controllers\Users\User;
|
|
use Slim\Exception\HttpBadRequestException;
|
|
|
|
class GenericEntityApiController extends BaseApiController
|
|
{
|
|
public function AddObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
if ($args['entity'] == 'shopping_list' || $args['entity'] == 'shopping_lists')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
|
|
}
|
|
elseif ($args['entity'] == 'recipes' || $args['entity'] == 'recipes_pos' || $args['entity'] == 'recipes_nestings')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES);
|
|
}
|
|
elseif ($args['entity'] == 'meal_plan')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES_MEALPLAN);
|
|
}
|
|
elseif ($args['entity'] == 'equipment')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_EQUIPMENT);
|
|
}
|
|
else
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
|
|
}
|
|
|
|
if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
|
|
{
|
|
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
|
}
|
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
|
|
|
try
|
|
{
|
|
if ($requestBody === null)
|
|
{
|
|
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
|
|
}
|
|
|
|
$newRow = $this->getDatabase()->{$args['entity']}()->createRow($requestBody);
|
|
$newRow->save();
|
|
$newObjectId = $this->getDatabase()->lastInsertId();
|
|
|
|
// TODO: This should be better done somehow in StockService
|
|
if ($args['entity'] == 'products' && boolval($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'shopping_list_auto_add_below_min_stock_amount')))
|
|
{
|
|
$this->getStockService()->AddMissingProductsToShoppingList($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'shopping_list_auto_add_below_min_stock_amount_list_id'));
|
|
}
|
|
|
|
return $this->ApiResponse($response, [
|
|
'created_object_id' => $newObjectId
|
|
]);
|
|
}
|
|
catch (\Exception $ex)
|
|
{
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
}
|
|
}
|
|
else
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
|
|
}
|
|
}
|
|
|
|
public function DeleteObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
if ($args['entity'] == 'shopping_list' || $args['entity'] == 'shopping_lists')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_DELETE);
|
|
}
|
|
elseif ($args['entity'] == 'recipes' || $args['entity'] == 'recipes_pos' || $args['entity'] == 'recipes_nestings')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES);
|
|
}
|
|
elseif ($args['entity'] == 'meal_plan')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES_MEALPLAN);
|
|
}
|
|
elseif ($args['entity'] == 'equipment')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_EQUIPMENT);
|
|
}
|
|
elseif ($args['entity'] == 'api_keys')
|
|
{
|
|
// Always allowed
|
|
}
|
|
else
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
|
|
}
|
|
|
|
if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoDelete($args['entity']))
|
|
{
|
|
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
|
}
|
|
|
|
$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
|
|
if ($row == null)
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Object not found', 400);
|
|
}
|
|
|
|
$row->delete();
|
|
|
|
return $this->EmptyApiResponse($response);
|
|
}
|
|
else
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Invalid entity');
|
|
}
|
|
}
|
|
|
|
public function EditObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
if ($args['entity'] == 'shopping_list' || $args['entity'] == 'shopping_lists')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
|
|
}
|
|
elseif ($args['entity'] == 'recipes' || $args['entity'] == 'recipes_pos' || $args['entity'] == 'recipes_nestings')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES);
|
|
}
|
|
elseif ($args['entity'] == 'meal_plan')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_RECIPES_MEALPLAN);
|
|
}
|
|
elseif ($args['entity'] == 'equipment')
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_EQUIPMENT);
|
|
}
|
|
else
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
|
|
}
|
|
|
|
if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
|
|
{
|
|
if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
|
}
|
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
|
|
|
try
|
|
{
|
|
if ($requestBody === null)
|
|
{
|
|
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
|
|
}
|
|
|
|
$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
|
|
if ($row == null)
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Object not found', 400);
|
|
}
|
|
|
|
$row->update($requestBody);
|
|
|
|
// TODO: This should be better done somehow in StockService
|
|
if ($args['entity'] == 'products' && boolval($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'shopping_list_auto_add_below_min_stock_amount')))
|
|
{
|
|
$this->getStockService()->AddMissingProductsToShoppingList($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'shopping_list_auto_add_below_min_stock_amount_list_id'));
|
|
}
|
|
|
|
return $this->EmptyApiResponse($response);
|
|
}
|
|
catch (\Exception $ex)
|
|
{
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
}
|
|
}
|
|
else
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
|
|
}
|
|
}
|
|
|
|
public function GetObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoListing($args['entity']))
|
|
{
|
|
$userfields = $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']);
|
|
if (count($userfields) === 0)
|
|
{
|
|
$userfields = null;
|
|
}
|
|
|
|
$object = $this->getDatabase()->{$args['entity']}($args['objectId']);
|
|
if ($object == null)
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Object not found', 404);
|
|
}
|
|
|
|
$object['userfields'] = $userfields;
|
|
|
|
return $this->ApiResponse($response, $object);
|
|
}
|
|
else
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
|
|
}
|
|
}
|
|
|
|
public function GetObjects(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
if (!$this->IsValidExposedEntity($args['entity']) || $this->IsEntityWithNoListing($args['entity']))
|
|
{
|
|
return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
|
|
}
|
|
|
|
$objects = $this->queryData($this->getDatabase()->{$args['entity']}(), $request->getQueryParams());
|
|
$userfields = $this->getUserfieldsService()->GetFields($args['entity']);
|
|
|
|
if (count($userfields) > 0)
|
|
{
|
|
$allUserfieldValues = $this->getUserfieldsService()->GetAllValues($args['entity']);
|
|
|
|
foreach ($objects as $object)
|
|
{
|
|
$userfieldKeyValuePairs = null;
|
|
foreach ($userfields as $userfield)
|
|
{
|
|
$value = FindObjectInArrayByPropertyValue(FindAllObjectsInArrayByPropertyValue($allUserfieldValues, 'object_id', $object->id), 'name', $userfield->name);
|
|
if ($value)
|
|
{
|
|
$userfieldKeyValuePairs[$userfield->name] = $value->value;
|
|
}
|
|
else
|
|
{
|
|
$userfieldKeyValuePairs[$userfield->name] = null;
|
|
}
|
|
}
|
|
|
|
$object->userfields = $userfieldKeyValuePairs;
|
|
}
|
|
}
|
|
|
|
return $this->ApiResponse($response, $objects);
|
|
}
|
|
|
|
public function GetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
try
|
|
{
|
|
return $this->ApiResponse($response, $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']));
|
|
}
|
|
catch (\Exception $ex)
|
|
{
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
}
|
|
}
|
|
|
|
public function SetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
{
|
|
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
|
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
|
|
|
try
|
|
{
|
|
if ($requestBody === null)
|
|
{
|
|
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
|
|
}
|
|
|
|
$this->getUserfieldsService()->SetValues($args['entity'], $args['objectId'], $requestBody);
|
|
return $this->EmptyApiResponse($response);
|
|
}
|
|
catch (\Exception $ex)
|
|
{
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
}
|
|
}
|
|
|
|
private function IsEntityWithEditRequiresAdmin($entity)
|
|
{
|
|
return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityEditRequiresAdmin->enum);
|
|
}
|
|
|
|
private function IsEntityWithNoListing($entity)
|
|
{
|
|
return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoListing->enum);
|
|
}
|
|
|
|
private function IsEntityWithNoEdit($entity)
|
|
{
|
|
return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoEdit->enum);
|
|
}
|
|
|
|
private function IsEntityWithNoDelete($entity)
|
|
{
|
|
return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoDelete->enum);
|
|
}
|
|
|
|
private function IsValidExposedEntity($entity)
|
|
{
|
|
return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntity->enum);
|
|
}
|
|
}
|