diff --git a/config/api_acl.yaml b/config/api_acl.yaml index 09f6429c..759d3816 100644 --- a/config/api_acl.yaml +++ b/config/api_acl.yaml @@ -120,3 +120,8 @@ access_keys: acls: - id: mobile_battery.list label: List Compatible Batteries + - id: mobile_service + label: Mobile Service Access + acls: + - id: mobile_service.list + label: List Mobile Services diff --git a/src/Controller/ResqAPI/ServiceController.php b/src/Controller/ResqAPI/ServiceController.php index 0c47867e..855aea92 100644 --- a/src/Controller/ResqAPI/ServiceController.php +++ b/src/Controller/ResqAPI/ServiceController.php @@ -9,13 +9,12 @@ use Doctrine\ORM\Query; use Doctrine\ORM\EntityManagerInterface; use Catalyst\APIBundle\Controller\APIController; -// TODO: what do we use for response? APIResponse or APIResult? -// APIResult is what is used by APIController. APIResponse is what is used by CAPI use Catalyst\APIBundle\Response\APIResponse; -use App\Ramcar\APIResult; use App\Entity\Service; +use App\Service\MobileAPIHandler; + use Catalyst\APIBundle\Access\Generator as ACLGenerator; class ServiceController extends APIController @@ -27,138 +26,42 @@ class ServiceController extends APIController $this->acl_gen = $acl_gen; } - public function listServices(Request $req, EntityManagerInterface $em) + public function listServices(Request $req, EntityManagerInterface $em, + MobileAPIHandler $mah) { - $required_params = []; - $res = $this->checkParamsAndKey($req, $em, $required_params); - if ($res->isError()) - return $res->getReturnResponse(); + $this->denyAccessUnlessGranted('mobile_service.list', null, 'No access.'); + // check required parameters + $required_params = []; + $msg = $this->checkRequiredParameters($req, $required_params); + if ($msg) + return new APIResponse(false, $msg); + + // get capi user to link to mobile user + $user_id = $this->getUser()->getID(); + + // get mobile user + $mobile_user = $mah->findMobileUser($em, $user_id); + + if ($mobile_user == null) + return new APIResponse(false, 'No mobile user found.'); + // services $results = $em->getRepository(Service::class)->findAll(); if (empty($results)) - { - $res->setError(true) - ->setErrorMessage('No services available.'); - return $res->getReturnResponse(); - } + return new APIResponse(false, 'No services available'); $services = []; foreach ($results as $result) { - /* - // get partners - $partners = []; - $service_partners = $result->getPartners(); - foreach($service_partners as $sp) - { - $partners[] = [ - 'id' => $sp->getID(), - 'name' => $sp->getName(), - 'branch' => $sp->getBranch(), - 'address' => $sp->getAddress(), - 'contact_nums' => $sp->getContactNumbers(), - 'time_open' => $sp->getTimeOpen()->format("g:i A"), - 'time_close' => $sp->getTimeClose()->format("g:i A"), - ]; - } - */ - $services[] = [ 'id' => $result->getID(), 'name' => $result->getName(), - // 'partners' => $partners, ]; } $data['services'] = $services; - $res->setData($data); - - return $res->getReturnResponse(); - } - - // TODO: since we broke the functions into separate files, we need - // to figure out how to make this accessible to all ResqAPI controllers - protected function checkParamsAndKey(Request $req, $em, $params) - { - // TODO: depends on what we decide to return - // returns APIResult object - $res = new APIResult(); - - // check for api_key in query string - $api_key = $req->query->get('api_key'); - if (empty($api_key)) - { - $res->setError(true) - ->setErrorMessage('Missing API key'); - return $res; - } - - // check missing parameters - $missing = $this->checkMissingParameters($req, $params); - if (count($missing) > 0) - { - $miss_string = implode(', ', $missing); - $res->setError(true) - ->setErrorMessage('Missing parameter(s): ' . $miss_string); - return $res; - } - - // check api key - $mobile_user = $this->checkAPIKey($em, $req->query->get('api_key')); - if ($mobile_user == null) - { - $res->setError(true) - ->setErrorMessage('Invalid API Key'); - return $res; - } - - // store session - $this->session = $sess; - - return $res; - } - - // TODO: this might not be needed if we use APIController's checkRequiredParameters - // or we put this into a service? - protected function checkMissingParameters(Request $req, $params = []) - { - $missing = []; - - // check if parameters are there - foreach ($params as $param) - { - if ($req->getMethod() == 'GET') - { - $check = $req->query->get($param); - if (empty($check)) - $missing[] = $param; - } - else if ($req->getMethod() == 'POST') - { - $check = $req->request->get($param); - if (empty($check)) - $missing[] = $param; - } - else - return $params; - } - - return $missing; - } - - // TODO: type hint entity manager - // TODO: since we broke the functions into separate files, we need - // to figure out how to make this accessible to all ResqAPI controllers - protected function checkAPIKey($em, $api_key) - { - // find the api key (session id) - // TODO: user validation needs to be changed - $m_user = $em->getRepository(MobileUser::class)->find($api_key); - if ($m_user == null) - return null; - - return $m_user; + return new APIResponse(true, 'Services found', $data); } }