hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-10 19:43:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-946_delete-record-api

Browse Source 
- add : api route to delete record : verb DELETE ; /api/v1/records/{{databox_id}}/{{record_id}}
This commit is contained in:
Jean-Yves Gaulier
2016-09-29 15:54:04 +02:00
parent 154c2616a7
commit c6186abe56
4 changed files with 42 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
View File

@@ -1936,6 +1936,22 @@ class V1Controller extends Controller
return Result::create($request, $ret)->createResponse(); return Result::create($request, $ret)->createResponse();
} }
/**
* @param Request $request
* @param int $databox_id
* @param int $record_id
* @return Response
*/
public function deleteRecordAction(Request $request, $databox_id, $record_id)
{
$databox = $this->findDataboxById($databox_id);
$record = $databox->get_record($record_id);
$record->delete();
return Result::create($request, [])->createResponse();
}
/** /**
* Return detailed information about one record * Return detailed information about one record
* *
@@ -2843,6 +2859,18 @@ class V1Controller extends Controller
return null; return null;
} }
public function ensureCanDeleteRecord(Request $request)
{
$user = $this->getApiAuthenticatedUser();
$record = $this->findDataboxById($request->attributes->get('databox_id'))
->get_record($request->attributes->get('record_id'));
if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) {
return Result::createError($request, 401, 'You are not authorized')->createResponse();
}
return null;
}
public function ensureJsonContentType(Request $request) public function ensureJsonContentType(Request $request)
{ {

5
lib/Alchemy/Phrasea/ControllerProvider/Api/V1.php
View File

@@ -175,6 +175,11 @@ class V1 implements ControllerProviderInterface, ServiceProviderInterface
'controller.api.v1:getBadRequestAction' 'controller.api.v1:getBadRequestAction'
); );
$controllers->delete('/records/{databox_id}/{record_id}/', 'controller.api.v1:deleteRecordAction')
->before('controller.api.v1:ensureCanDeleteToRecord')
->assert('databox_id', '\d+')
->assert('record_id', '\d+');
$controllers->get('/records/{databox_id}/{record_id}/', 'controller.api.v1:getRecordAction') $controllers->get('/records/{databox_id}/{record_id}/', 'controller.api.v1:getRecordAction')
->before('controller.api.v1:ensureCanAccessToRecord') ->before('controller.api.v1:ensureCanAccessToRecord')
->assert('databox_id', '\d+') ->assert('databox_id', '\d+')

13
lib/classes/ACL.php
View File

@@ -950,14 +950,15 @@ class ACL implements cache_cacheableInterface
$this->_limited = $data; $this->_limited = $data;
return $this; return $this;
} catch (\Exception $e) { }
catch (\Exception $e) {
// no-op
} }
$sql = 'SELECT u.* FROM basusr u, bas b, sbas s $sql = "SELECT u.* FROM basusr u, bas b, sbas s\n"
WHERE usr_id= :usr_id . "WHERE usr_id= :usr_id\n"
AND b.base_id = u.base_id . "AND b.base_id = u.base_id\n"
AND b.sbas_id = s.sbas_id . "AND s.sbas_id = b.sbas_id";
AND s.sbas_id = b.sbas_id ';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);

24
lib/classes/record/adapter.php
View File

@@ -1360,16 +1360,6 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$sql = "DELETE FROM prop WHERE record_id = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM idx WHERE record_id = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM permalinks WHERE subdef_id IN (SELECT subdef_id FROM subdef WHERE record_id=:record_id)"; $sql = "DELETE FROM permalinks WHERE subdef_id IN (SELECT subdef_id FROM subdef WHERE record_id=:record_id)";
$stmt = $connection->prepare($sql); $stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
@@ -1385,19 +1375,9 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$sql = "DELETE FROM thit WHERE record_id = :record_id"; $sql = "DELETE FROM regroup WHERE rid_parent = :record_id1 OR rid_child = :record_id2";
$stmt = $connection->prepare($sql); $stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id1' => $this->getRecordId(), ':record_id2' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM regroup WHERE rid_parent = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM regroup WHERE rid_child = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$orderElementRepository = $this->app['repo.order-elements']; $orderElementRepository = $this->app['repo.order-elements'];