diff --git a/core/Controllers/GroupController.php b/core/Controllers/GroupController.php
index 14e2391aee2bf53b7214b596a04516e029d7c97e..237426b543d92cc05e582bf0db54857fa2d165c2 100644
--- a/core/Controllers/GroupController.php
+++ b/core/Controllers/GroupController.php
@@ -9,12 +9,13 @@ use Psr\Http\Message\ResponseInterface;
use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
+use SrcCore\controllers\PreparedClauseController;
class GroupController
{
- public function get(RequestInterface $request, ResponseInterface $response)
+ public function get(Request $request, Response $response)
{
- if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $_SESSION['user']['UserId'], 'location' => 'apps', 'type' => 'admin'])) {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
@@ -26,31 +27,53 @@ class GroupController
return $response->withJson(['groups' => $groups]);
}
- public function create(RequestInterface $request, ResponseInterface $response)
+ public function getById(Request $request, Response $response, array $aArgs)
{
- if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $_SESSION['user']['UserId'], 'location' => 'apps', 'type' => 'admin'])) {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+ }
+
+ $group = GroupModel::getById(['id' => $aArgs['id']]);
+ if (empty($group)) {
+ return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
+ }
+
+ return $response->withJson(['group' => $group]);
+ }
+
+ public function create(Request $request, Response $response)
+ {
+ if (!ServiceModel::hasService(['id' => 'admin_groups', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
$data = $request->getParams();
- $check = Validator::stringType()->notEmpty()->validate($data['group_desc']);
- $check = $check && Validator::stringType()->notEmpty()->validate($data['group_id']);
+ $check = Validator::stringType()->notEmpty()->validate($data['group_id']) && preg_match("/^[\w-]*$/", $data['group_id']) && (strlen($data['group_id']) < 32);
+ $check = $check && Validator::stringType()->notEmpty()->validate($data['group_desc']);
$check = $check && Validator::stringType()->notEmpty()->validate($data['security']['where_clause']);
$check = $check && Validator::stringType()->notEmpty()->validate($data['security']['maarch_comment']);
-
if (!$check) {
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
}
+ $existingGroup = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['1']]);
+ if (!empty($existingGroup)) {
+ return $response->withStatus(400)->withJson(['errors' => 'Group already exists']);
+ }
+
+ if (!PreparedClauseController::isClauseValid(['clause' => $data['security']['where_clause'], 'userId' => $GLOBALS['userId']])) {
+ return $response->withStatus(400)->withJson(['errors' => _INVALID_CLAUSE]);
+ }
+
GroupModel::create(['groupId' => $data['group_id'], 'description' => $data['group_desc'], 'clause' => $data['security']['where_clause'], 'comment' => $data['security']['maarch_comment']]);
- $group = GroupModel::getByGroupId(['groupId' => $data['group_id']]);
- if (!Validator::intType()->notEmpty()->validate($group['id'])) {
+ $group = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['id']]);
+ if (empty($group)) {
return $response->withStatus(500)->withJson(['errors' => 'Group Creation Error']);
}
- return $response->withJson(['group' => $group]);
+ return $response->withJson(['group' => $group['id']]);
}
public function update(RequestInterface $request, ResponseInterface $response, $aArgs)
diff --git a/core/Models/GroupModelAbstract.php b/core/Models/GroupModelAbstract.php
index 9c0dac0262365c45de1df5f9aff9547c938e6e69..aea37bf0ed1492522ac01dc3983af24d9fc4cd9b 100755
--- a/core/Models/GroupModelAbstract.php
+++ b/core/Models/GroupModelAbstract.php
@@ -30,7 +30,7 @@ class GroupModelAbstract
return $aGroups;
}
- public static function getById(array $aArgs = [])
+ public static function getById(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['id']);
ValidatorModel::stringType($aArgs, ['id']);
@@ -42,14 +42,10 @@ class GroupModelAbstract
'data' => [$aArgs['id']]
]);
- if (empty($aGroups[0])) {
- return [];
- }
-
return $aGroups[0];
}
- public static function getByGroupId(array $aArgs = [])
+ public static function getByGroupId(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['groupId']);
ValidatorModel::stringType($aArgs, ['groupId']);
@@ -61,10 +57,6 @@ class GroupModelAbstract
'data' => [$aArgs['groupId']]
]);
- if (empty($aGroups[0])) {
- return [];
- }
-
return $aGroups[0];
}
diff --git a/rest/index.php b/rest/index.php
index 5eda195d35c1cf9e575f9caa9cd76a2568768106..48a4508d433b57fe864ce5bd35a9ab9194618436 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -142,6 +142,7 @@ $app->get('/administration/statuses/new', \Status\controllers\StatusController::
//groups
$app->get('/groups', \Core\Controllers\GroupController::class . ':get');
$app->post('/groups', \Core\Controllers\GroupController::class . ':create');
+$app->get('/groups/{id}', \Core\Controllers\GroupController::class . ':getById');
$app->put('/groups/{id}', \Core\Controllers\GroupController::class . ':update');
$app->delete('/groups/{id}', \Core\Controllers\GroupController::class . ':delete');
$app->get('/groups/{id}/details', \Core\Controllers\GroupController::class . ':getDetailledById');