From 2ce5f0588584e6fde6683f23f5fb192cd39d1bb4 Mon Sep 17 00:00:00 2001 From: Korina Cordero Date: Mon, 5 Jul 2021 10:01:54 +0000 Subject: [PATCH] Modify PromoController. #591 --- config/api_acl.yaml | 5 ++ src/Controller/ResqAPI/PromoController.php | 99 ++-------------------- 2 files changed, 12 insertions(+), 92 deletions(-) diff --git a/config/api_acl.yaml b/config/api_acl.yaml index c6867ac3..9c951917 100644 --- a/config/api_acl.yaml +++ b/config/api_acl.yaml @@ -110,3 +110,8 @@ access_keys: label: Update Mobile Customer Vehicle - id: mobile_customer_vehicle.list label: List Mobile Customer Vehicles + - id: mobile_promo + label: Mobile Promo Access + acls: + - id: mobile_promo.list + label: List Mobile Promos diff --git a/src/Controller/ResqAPI/PromoController.php b/src/Controller/ResqAPI/PromoController.php index 75dc419c..74fdb850 100644 --- a/src/Controller/ResqAPI/PromoController.php +++ b/src/Controller/ResqAPI/PromoController.php @@ -9,10 +9,7 @@ use Doctrine\ORM\Query; use Doctrine\ORM\EntityManagerInterface; use Catalyst\APIBundle\Controller\APIController; -// TODO: what do we use for response? APIResponse or APIResult? -// APIResult is what is used by APIController. APIResponse is what is used by CAPI use Catalyst\APIBundle\Response\APIResponse; -use App\Ramcar\APIResult; use App\Entity\Promo; @@ -29,96 +26,14 @@ class PromoController extends APIController public function listPromos(Request $req, EntityManagerInterface $em) { - // check required parameters and api key + $this->denyAccessUnlessGranted('mobile_promo.list', null, 'No access.'); + + // check required parameters $required_params = []; - $res = $this->checkParamsAndKey($req, $em, $required_params); - if ($res->isError()) - return $res->getReturnResponse(); + $msg = $this->checkRequiredParameters($req, $required_params); + if ($msg) + return new APIResponse(false, $msg); - return $res->getReturnResponse(); - } - - // TODO: since we broke the functions into separate files, we need - // to figure out how to make this accessible to all ResqAPI controllers - protected function checkParamsAndKey(Request $req, $em, $params) - { - // TODO: depends on what we decide to return - // returns APIResult object - $res = new APIResult(); - - // check for api_key in query string - $api_key = $req->query->get('api_key'); - if (empty($api_key)) - { - $res->setError(true) - ->setErrorMessage('Missing API key'); - return $res; - } - - // check missing parameters - $missing = $this->checkMissingParameters($req, $params); - if (count($missing) > 0) - { - $miss_string = implode(', ', $missing); - $res->setError(true) - ->setErrorMessage('Missing parameter(s): ' . $miss_string); - return $res; - } - - // check api key - $mobile_user = $this->checkAPIKey($em, $req->query->get('api_key')); - if ($mobile_user == null) - { - $res->setError(true) - ->setErrorMessage('Invalid API Key'); - return $res; - } - - // store session - $this->session = $sess; - - return $res; - } - - // TODO: this might not be needed if we use APIController's checkRequiredParameters - // or we put this into a service? - protected function checkMissingParameters(Request $req, $params = []) - { - $missing = []; - - // check if parameters are there - foreach ($params as $param) - { - if ($req->getMethod() == 'GET') - { - $check = $req->query->get($param); - if (empty($check)) - $missing[] = $param; - } - else if ($req->getMethod() == 'POST') - { - $check = $req->request->get($param); - if (empty($check)) - $missing[] = $param; - } - else - return $params; - } - - return $missing; - } - - // TODO: type hint entity manager - // TODO: since we broke the functions into separate files, we need - // to figure out how to make this accessible to all ResqAPI controllers - protected function checkAPIKey($em, $api_key) - { - // find the api key (session id) - // TODO: user validation needs to be changed - $m_user = $em->getRepository(MobileUser::class)->find($api_key); - if ($m_user == null) - return null; - - return $m_user; + return new APIResponse(true, 'Promos listed'); } }