hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 23:13:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1968 from jygaulier/PHRAS-946_delete-record-api

Browse Source 
PHRAS-946_delete-record-api
This commit is contained in:
Thibaud Fabre
2016-09-29 17:41:24 +02:00
committed by GitHub
parent cdc410191c 485b9edf96
commit f2b956b015
5 changed files with 44 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
View File

@@ -1936,6 +1936,22 @@ class V1Controller extends Controller
return Result::create($request, $ret)->createResponse(); return Result::create($request, $ret)->createResponse();
} }
/**
* @param Request $request
* @param int $databox_id
* @param int $record_id
* @return Response
*/
public function deleteRecordAction(Request $request, $databox_id, $record_id)
{
$databox = $this->findDataboxById($databox_id);
$record = $databox->get_record($record_id);
$record->delete();
return Result::create($request, [])->createResponse();
}
/** /**
* Return detailed information about one record * Return detailed information about one record
* *
@@ -2843,6 +2859,18 @@ class V1Controller extends Controller
return null; return null;
} }
public function ensureCanDeleteRecord(Request $request)
{
$user = $this->getApiAuthenticatedUser();
$record = $this->findDataboxById($request->attributes->get('databox_id'))
->get_record($request->attributes->get('record_id'));
if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) {
return Result::createError($request, 401, 'You are not authorized')->createResponse();
}
return null;
}
public function ensureJsonContentType(Request $request) public function ensureJsonContentType(Request $request)
{ {

5
lib/Alchemy/Phrasea/ControllerProvider/Api/V1.php
View File

@@ -180,6 +180,11 @@ class V1 extends Api implements ControllerProviderInterface, ServiceProviderInte
'controller.api.v1:getBadRequestAction' 'controller.api.v1:getBadRequestAction'
); );
$controllers->delete('/records/{databox_id}/{record_id}/', 'controller.api.v1:deleteRecordAction')
->before('controller.api.v1:ensureCanDeleteToRecord')
->assert('databox_id', '\d+')
->assert('record_id', '\d+');
$controllers->get('/records/{databox_id}/{record_id}/', 'controller.api.v1:getRecordAction') $controllers->get('/records/{databox_id}/{record_id}/', 'controller.api.v1:getRecordAction')
->before('controller.api.v1:ensureCanAccessToRecord') ->before('controller.api.v1:ensureCanAccessToRecord')
->assert('databox_id', '\d+') ->assert('databox_id', '\d+')

13
lib/classes/ACL.php
View File

@@ -950,14 +950,15 @@ class ACL implements cache_cacheableInterface
$this->_limited = $data; $this->_limited = $data;
return $this; return $this;
} catch (\Exception $e) { }
catch (\Exception $e) {
// no-op
} }
$sql = 'SELECT u.* FROM basusr u, bas b, sbas s $sql = "SELECT u.* FROM basusr u, bas b, sbas s\n"
WHERE usr_id= :usr_id . "WHERE usr_id= :usr_id\n"
AND b.base_id = u.base_id . "AND b.base_id = u.base_id\n"
AND b.sbas_id = s.sbas_id . "AND s.sbas_id = b.sbas_id";
AND s.sbas_id = b.sbas_id ';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);

24
lib/classes/record/adapter.php
View File

@@ -1384,16 +1384,6 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$sql = "DELETE FROM prop WHERE record_id = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM idx WHERE record_id = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM permalinks WHERE subdef_id IN (SELECT subdef_id FROM subdef WHERE record_id=:record_id)"; $sql = "DELETE FROM permalinks WHERE subdef_id IN (SELECT subdef_id FROM subdef WHERE record_id=:record_id)";
$stmt = $connection->prepare($sql); $stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
@@ -1409,19 +1399,9 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$sql = "DELETE FROM thit WHERE record_id = :record_id"; $sql = "DELETE FROM regroup WHERE rid_parent = :record_id1 OR rid_child = :record_id2";
$stmt = $connection->prepare($sql); $stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]); $stmt->execute([':record_id1' => $this->getRecordId(), ':record_id2' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM regroup WHERE rid_parent = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor();
$sql = "DELETE FROM regroup WHERE rid_child = :record_id";
$stmt = $connection->prepare($sql);
$stmt->execute([':record_id' => $this->getRecordId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$orderElementRepository = $this->app['repo.order-elements']; $orderElementRepository = $this->app['repo.order-elements'];

4
tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php
View File

@@ -550,7 +550,7 @@ class ApiJsonTest extends ApiTestCase
$client = $this->getClient(); $client = $this->getClient();
$route = '/api/v1/records/' . $record_1->getDataboxId() . '/' . $record_1->getRecordId() . '/'; $route = '/api/v1/records/' . $record_1->getDataboxId() . '/' . $record_1->getRecordId() . '/';
$this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT', 'DELETE']); $this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT']);
$client->request('GET', $route, $this->getParameters(), [], ['HTTP_Accept' => $this->getAcceptMimeType()]); $client->request('GET', $route, $this->getParameters(), [], ['HTTP_Accept' => $this->getAcceptMimeType()]);
$content = $this->unserialize($client->getResponse()->getContent()); $content = $this->unserialize($client->getResponse()->getContent());
@@ -561,7 +561,7 @@ class ApiJsonTest extends ApiTestCase
$route = '/api/v1/records/1234567890/1/'; $route = '/api/v1/records/1234567890/1/';
$this->evaluateNotFoundRoute($route, ['GET']); $this->evaluateNotFoundRoute($route, ['GET']);
$this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT', 'DELETE']); $this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT']);
$route = '/api/v1/records/kjslkz84spm/sfsd5qfsd5/'; $route = '/api/v1/records/kjslkz84spm/sfsd5qfsd5/';
$this->evaluateBadRequestRoute($route, ['GET']); $this->evaluateBadRequestRoute($route, ['GET']);
$this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT', 'DELETE']); $this->evaluateMethodNotAllowedRoute($route, ['POST', 'PUT', 'DELETE']);