Головна сторінка Огляд Довідка
Реєстрація Увійти
SKZH
/
ITSSTOOLS
3
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 94e958326f
Гілки Теги
ITSSTOOLS
/
core
/
restservices.class.inc.php

restservices.class.inc.php 25 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777 
  1. <?php
    2. 

  2. // Copyright (C) 2013-2015 Combodo SARL
    3. 

  3. //
    4. 

  4. //   This file is part of iTop.
    5. 

  5. //
    6. 

  6. //   iTop is free software; you can redistribute it and/or modify	
    7. 

  7. //   it under the terms of the GNU Affero General Public License as published by
    8. 

  8. //   the Free Software Foundation, either version 3 of the License, or
    9. 

  9. //   (at your option) any later version.
    10. 

  10. //
    11. 

  11. //   iTop is distributed in the hope that it will be useful,
    12. 

  12. //   but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. //   GNU Affero General Public License for more details.
    15. 

  15. //
    16. 

  16. //   You should have received a copy of the GNU Affero General Public License
    17. 

  17. //   along with iTop. If not, see <http://www.gnu.org/licenses/>
    18. 

  18. 

  19. /**
    20. 

  20.  * REST/json services
    21. 

  21.  * 
    22. 

  22.  * Definition of common structures + the very minimum service provider (manage objects)
    23. 

  23.  *
    24. 

  24.  * @package     REST Services
    25. 

  25.  * @copyright   Copyright (C) 2013 Combodo SARL
    26. 

  26.  * @license     http://opensource.org/licenses/AGPL-3.0
    27. 

  27.  * @api
    28. 

  28.  */
    29. 

  29. 

  30. /**
    31. 

  31.  * Element of the response formed by RestResultWithObjects
    32. 

  32.  *
    33. 

  33.  * @package     REST Services
    34. 

  34.  */
    35. 

  35. class ObjectResult
    36. 

  36. {
    37. 

  37. 	public $code;
    38. 

  38. 	public $message;
    39. 

  39. 	public $class;
    40. 

  40. 	public $key;
    41. 

  41. 	public $fields;
    42. 

  42. 	
    43. 

  43. 	/**
    44. 

  44. 	 * Default constructor
    45. 

  45. 	 */
    46. 

  46. 	public function __construct($sClass = null, $iId = null)
    47. 

  47. 	{
    48. 

  48. 		$this->code = RestResult::OK;
    49. 

  49. 		$this->message = '';
    50. 

  50. 		$this->class = $sClass;
    51. 

  51. 		$this->key = $iId;
    52. 

  52. 		$this->fields = array();
    53. 

  53. 	}
    54. 

  54. 

  55. 	/**
    56. 

  56. 	 * Helper to make an output value for a given attribute
    57. 

  57. 	 * 	 
    58. 

  58. 	 * @param DBObject $oObject The object being reported
    59. 

  59. 	 * @param string $sAttCode The attribute code (must be valid)
    60. 

  60. 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
    61. 

  61. 	 * @return string A scalar representation of the value
    62. 

  62. 	 */
    63. 

  63. 	protected function MakeResultValue(DBObject $oObject, $sAttCode, $bExtendedOutput = false)
    64. 

  64. 	{
    65. 

  65. 		if ($sAttCode == 'id')
    66. 

  66. 		{
    67. 

  67. 			$value = $oObject->GetKey();
    68. 

  68. 		}
    69. 

  69. 		else
    70. 

  70. 		{
    71. 

  71. 			$sClass = get_class($oObject);
    72. 

  72. 			$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
    73. 

  73. 			if ($oAttDef instanceof AttributeLinkedSet)
    74. 

  74. 			{
    75. 

  75. 				// Iterate on the set and build an array of array of attcode=>value
    76. 

  76. 				$oSet = $oObject->Get($sAttCode);
    77. 

  77. 				$value = array();
    78. 

  78. 				while ($oLnk = $oSet->Fetch())
    79. 

  79. 				{
    80. 

  80. 					$sLnkRefClass = $bExtendedOutput ? get_class($oLnk) : $oAttDef->GetLinkedClass();
    81. 

  81. 

  82. 					$aLnkValues = array();
    83. 

  83. 					foreach (MetaModel::ListAttributeDefs($sLnkRefClass) as $sLnkAttCode => $oLnkAttDef)
    84. 

  84. 					{
    85. 

  85. 						// Skip attributes pointing to the current object (redundant data)
    86. 

  86. 						if ($sLnkAttCode == $oAttDef->GetExtKeyToMe())
    87. 

  87. 						{
    88. 

  88. 							continue;
    89. 

  89. 						}
    90. 

  90. 						// Skip any attribute of the link that points to the current object
    91. 

  91. 						$oLnkAttDef = MetaModel::GetAttributeDef($sLnkRefClass, $sLnkAttCode);
    92. 

  92. 						if (method_exists($oLnkAttDef, 'GetKeyAttCode'))
    93. 

  93. 						{
    94. 

  94. 							if ($oLnkAttDef->GetKeyAttCode() == $oAttDef->GetExtKeyToMe())
    95. 

  95. 							{
    96. 

  96. 								continue;
    97. 

  97. 							}
    98. 

  98. 						}
    99. 

  99. 						
    100. 

  100. 						$aLnkValues[$sLnkAttCode] = $this->MakeResultValue($oLnk, $sLnkAttCode, $bExtendedOutput);
    101. 

  101. 					}
    102. 

  102. 					$value[] = $aLnkValues;
    103. 

  103. 				}
    104. 

  104. 			}
    105. 

  105. 			else
    106. 

  106. 			{
    107. 

  107. 				$value = $oAttDef->GetForJSON($oObject->Get($sAttCode));
    108. 

  108. 			}
    109. 

  109. 		}
    110. 

  110. 		return $value;
    111. 

  111. 	}
    112. 

  112. 

  113. 	/**
    114. 

  114. 	 * Report the value for the given object attribute
    115. 

  115. 	 * 	 
    116. 

  116. 	 * @param DBObject $oObject The object being reported
    117. 

  117. 	 * @param string $sAttCode The attribute code (must be valid)
    118. 

  118. 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
    119. 

  119. 	 * @return void
    120. 

  120. 	 */
    121. 

  121. 	public function AddField(DBObject $oObject, $sAttCode, $bExtendedOutput = false)
    122. 

  122. 	{
    123. 

  123. 		$this->fields[$sAttCode] = $this->MakeResultValue($oObject, $sAttCode, $bExtendedOutput);
    124. 

  124. 	}
    125. 

  125. }
    126. 

  126. 

  127. 

  128. 

  129. /**
    130. 

  130.  * REST response for services managing objects. Derive this structure to add information and/or constants
    131. 

  131.  *
    132. 

  132.  * @package     Extensibility
    133. 

  133.  * @package     REST Services
    134. 

  134.  * @api
    135. 

  135.  */
    136. 

  136. class RestResultWithObjects extends RestResult
    137. 

  137. {
    138. 

  138. 	public $objects;
    139. 

  139. 

  140. 	/**
    141. 

  141. 	 * Report the given object
    142. 

  142. 	 * 	 
    143. 

  143. 	 * @param int An error code (RestResult::OK is no issue has been found)
    144. 

  144. 	 * @param string $sMessage Description of the error if any, an empty string otherwise
    145. 

  145. 	 * @param DBObject $oObject The object being reported
    146. 

  146. 	 * @param array $aFieldSpec An array of class => attribute codes (Cf. RestUtils::GetFieldList). List of the attributes to be reported.
    147. 

  147. 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
    148. 

  148. 	 * @return void
    149. 

  149. 	 */
    150. 

  150. 	public function AddObject($iCode, $sMessage, $oObject, $aFieldSpec = null, $bExtendedOutput = false)
    151. 

  151. 	{
    152. 

  152. 		$sClass = get_class($oObject);
    153. 

  153. 		$oObjRes = new ObjectResult($sClass, $oObject->GetKey());
    154. 

  154. 		$oObjRes->code = $iCode;
    155. 

  155. 		$oObjRes->message = $sMessage;
    156. 

  156. 

  157. 		$aFields = null;
    158. 

  158. 		if (!is_null($aFieldSpec))
    159. 

  159. 		{
    160. 

  160. 			// Enum all classes in the hierarchy, starting with the current one
    161. 

  161. 			foreach (MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL, false) as $sRefClass)
    162. 

  162. 			{
    163. 

  163. 				if (array_key_exists($sRefClass, $aFieldSpec))
    164. 

  164. 				{
    165. 

  165. 					$aFields = $aFieldSpec[$sRefClass];
    166. 

  166. 					break;
    167. 

  167. 				}
    168. 

  168. 			}
    169. 

  169. 		}
    170. 

  170. 		if (is_null($aFields))
    171. 

  171. 		{
    172. 

  172. 			// No fieldspec given, or not found...
    173. 

  173. 			$aFields = array('id', 'friendlyname');
    174. 

  174. 		}
    175. 

  175. 

  176. 		foreach ($aFields as $sAttCode)
    177. 

  177. 		{
    178. 

  178. 			$oObjRes->AddField($oObject, $sAttCode, $bExtendedOutput);
    179. 

  179. 		}
    180. 

  180. 

  181. 		$sObjKey = get_class($oObject).'::'.$oObject->GetKey();
    182. 

  182. 		$this->objects[$sObjKey] = $oObjRes;
    183. 

  183. 	}
    184. 

  184. }
    185. 

  185. 

  186. class RestResultWithRelations extends RestResultWithObjects
    187. 

  187. {
    188. 

  188. 	public $relations;
    189. 

  189. 	
    190. 

  190. 	public function __construct()
    191. 

  191. 	{
    192. 

  192. 		parent::__construct();
    193. 

  193. 		$this->relations = array();
    194. 

  194. 	}
    195. 

  195. 	
    196. 

  196. 	public function AddRelation($sSrcKey, $sDestKey)
    197. 

  197. 	{
    198. 

  198. 		if (!array_key_exists($sSrcKey, $this->relations))
    199. 

  199. 		{
    200. 

  200. 			$this->relations[$sSrcKey] = array();
    201. 

  201. 		}
    202. 

  202. 		$this->relations[$sSrcKey][] = array('key' => $sDestKey);
    203. 

  203. 	}
    204. 

  204. }
    205. 

  205. 

  206. /**
    207. 

  207.  * Deletion result codes for a target object (either deleted or updated)
    208. 

  208.  *
    209. 

  209.  * @package     Extensibility
    210. 

  210.  * @api
    211. 

  211.  * @since 2.0.1  
    212. 

  212.  */
    213. 

  213. class RestDelete
    214. 

  214. {
    215. 

  215. 	/**
    216. 

  216. 	 * Result: Object deleted as per the initial request
    217. 

  217. 	 */
    218. 

  218. 	const OK = 0;
    219. 

  219. 	/**
    220. 

  220. 	 * Result: general issue (user rights or ... ?) 
    221. 

  221. 	 */
    222. 

  222. 	const ISSUE = 1;
    223. 

  223. 	/**
    224. 

  224. 	 * Result: Must be deleted to preserve database integrity 
    225. 

  225. 	 */
    226. 

  226. 	const AUTO_DELETE = 2;
    227. 

  227. 	/**
    228. 

  228. 	 * Result: Must be deleted to preserve database integrity, but that is NOT possible 
    229. 

  229. 	 */
    230. 

  230. 	const AUTO_DELETE_ISSUE = 3;
    231. 

  231. 	/**
    232. 

  232. 	 * Result: Must be deleted to preserve database integrity, but this must be requested explicitely 
    233. 

  233. 	 */
    234. 

  234. 	const REQUEST_EXPLICITELY = 4;
    235. 

  235. 	/**
    236. 

  236. 	 * Result: Must be updated to preserve database integrity
    237. 

  237. 	 */
    238. 

  238. 	const AUTO_UPDATE = 5;
    239. 

  239. 	/**
    240. 

  240. 	 * Result: Must be updated to preserve database integrity, but that is NOT possible
    241. 

  241. 	 */
    242. 

  242. 	const AUTO_UPDATE_ISSUE = 6;
    243. 

  243. }
    244. 

  244. 

  245. /**
    246. 

  246.  * Implementation of core REST services (create/get/update... objects)
    247. 

  247.  *
    248. 

  248.  * @package     Core
    249. 

  249.  */
    250. 

  250. class CoreServices implements iRestServiceProvider
    251. 

  251. {
    252. 

  252. 	/**
    253. 

  253. 	 * Enumerate services delivered by this class
    254. 

  254. 	 * 	 
    255. 

  255. 	 * @param string $sVersion The version (e.g. 1.0) supported by the services
    256. 

  256. 	 * @return array An array of hash 'verb' => verb, 'description' => description
    257. 

  257. 	 */
    258. 

  258. 	public function ListOperations($sVersion)
    259. 

  259. 	{
    260. 

  260. 		// 1.3 - iTop 2.2.0, Verb 'get_related': added the options 'redundancy' and 'direction' to take into account the redundancy in the impact analysis
    261. 

  261. 		// 1.2 - was documented in the wiki but never released ! Same as 1.3
    262. 

  262. 		// 1.1 - In the reply, objects have a 'key' entry so that it is no more necessary to split class::key programmaticaly
    263. 

  263. 		// 1.0 - Initial implementation in iTop 2.0.1
    264. 

  264. 		//
    265. 

  265. 		$aOps = array();
    266. 

  266. 		if (in_array($sVersion, array('1.0', '1.1', '1.2', '1.3'))) 
    267. 

  267. 		{
    268. 

  268. 			$aOps[] = array(
    269. 

  269. 				'verb' => 'core/create',
    270. 

  270. 				'description' => 'Create an object'
    271. 

  271. 			);
    272. 

  272. 			$aOps[] = array(
    273. 

  273. 				'verb' => 'core/update',
    274. 

  274. 				'description' => 'Update an object'
    275. 

  275. 			);
    276. 

  276. 			$aOps[] = array(
    277. 

  277. 				'verb' => 'core/apply_stimulus',
    278. 

  278. 				'description' => 'Apply a stimulus to change the state of an object'
    279. 

  279. 			);
    280. 

  280. 			$aOps[] = array(
    281. 

  281. 				'verb' => 'core/get',
    282. 

  282. 				'description' => 'Search for objects'
    283. 

  283. 			);
    284. 

  284. 			$aOps[] = array(
    285. 

  285. 				'verb' => 'core/delete',
    286. 

  286. 				'description' => 'Delete objects'
    287. 

  287. 			);
    288. 

  288. 			$aOps[] = array(
    289. 

  289. 				'verb' => 'core/get_related',
    290. 

  290. 				'description' => 'Get related objects through the specified relation'
    291. 

  291. 			);
    292. 

  292. 			$aOps[] = array(
    293. 

  293. 				'verb' => 'core/check_credentials',
    294. 

  294. 				'description' => 'Check user credentials'
    295. 

  295. 			);
    296. 

  296. 		}
    297. 

  297. 		return $aOps;
    298. 

  298. 	}
    299. 

  299. 

  300. 	/**
    301. 

  301. 	 * Enumerate services delivered by this class
    302. 

  302. 	 * @param string $sVersion The version (e.g. 1.0) supported by the services
    303. 

  303. 	 * @return RestResult The standardized result structure (at least a message)
    304. 

  304. 	 * @throws Exception in case of internal failure.	 
    305. 

  305. 	 */
    306. 

  306. 	public function ExecOperation($sVersion, $sVerb, $aParams)
    307. 

  307. 	{
    308. 

  308. 		$oResult = new RestResultWithObjects();
    309. 

  309. 		switch ($sVerb)
    310. 

  310. 		{
    311. 

  311. 		case 'core/create':
    312. 

  312. 			RestUtils::InitTrackingComment($aParams);
    313. 

  313. 			$sClass = RestUtils::GetClass($aParams, 'class');
    314. 

  314. 			$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
    315. 

  315. 			$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
    316. 

  316. 			$bExtendedOutput = (RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+');
    317. 

  317. 

  318. 			if (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY) != UR_ALLOWED_YES)
    319. 

  319. 			{
    320. 

  320. 				$oResult->code = RestResult::UNAUTHORIZED;
    321. 

  321. 				$oResult->message = "The current user does not have enough permissions for creating data of class $sClass";
    322. 

  322. 			}
    323. 

  323. 			elseif (UserRights::IsActionAllowed($sClass, UR_ACTION_BULK_MODIFY) != UR_ALLOWED_YES)
    324. 

  324. 			{
    325. 

  325. 				$oResult->code = RestResult::UNAUTHORIZED;
    326. 

  326. 				$oResult->message = "The current user does not have enough permissions for massively creating data of class $sClass";
    327. 

  327. 			}
    328. 

  328. 			else
    329. 

  329. 			{
    330. 

  330. 				$oObject = RestUtils::MakeObjectFromFields($sClass, $aFields);
    331. 

  331. 				$oObject->DBInsert();
    332. 

  332. 				$oResult->AddObject(0, 'created', $oObject, $aShowFields, $bExtendedOutput);
    333. 

  333. 			}
    334. 

  334. 			break;
    335. 

  335. 	
    336. 

  336. 		case 'core/update':
    337. 

  337. 			RestUtils::InitTrackingComment($aParams);
    338. 

  338. 			$sClass = RestUtils::GetClass($aParams, 'class');
    339. 

  339. 			$key = RestUtils::GetMandatoryParam($aParams, 'key');
    340. 

  340. 			$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
    341. 

  341. 			$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
    342. 

  342. 			$bExtendedOutput = (RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+');
    343. 

  343. 	
    344. 

  344. 			// Note: the target class cannot be based on the result of FindObjectFromKey, because in case the user does not have read access, that function already fails with msg 'Nothing found'
    345. 

  345. 			$sTargetClass = RestUtils::GetObjectSetFromKey($sClass, $key)->GetFilter()->GetClass();
    346. 

  346. 			if (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_MODIFY) != UR_ALLOWED_YES)
    347. 

  347. 			{
    348. 

  348. 				$oResult->code = RestResult::UNAUTHORIZED;
    349. 

  349. 				$oResult->message = "The current user does not have enough permissions for modifying data of class $sTargetClass";
    350. 

  350. 			}
    351. 

  351. 			elseif (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_MODIFY) != UR_ALLOWED_YES)
    352. 

  352. 			{
    353. 

  353. 				$oResult->code = RestResult::UNAUTHORIZED;
    354. 

  354. 				$oResult->message = "The current user does not have enough permissions for massively modifying data of class $sTargetClass";
    355. 

  355. 			}
    356. 

  356. 			else
    357. 

  357. 			{
    358. 

  358. 				$oObject = RestUtils::FindObjectFromKey($sClass, $key);
    359. 

  359. 				RestUtils::UpdateObjectFromFields($oObject, $aFields);
    360. 

  360. 				$oObject->DBUpdate();
    361. 

  361. 				$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
    362. 

  362. 			}
    363. 

  363. 			break;
    364. 

  364. 	
    365. 

  365. 		case 'core/apply_stimulus':
    366. 

  366. 			RestUtils::InitTrackingComment($aParams);
    367. 

  367. 			$sClass = RestUtils::GetClass($aParams, 'class');
    368. 

  368. 			$key = RestUtils::GetMandatoryParam($aParams, 'key');
    369. 

  369. 			$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
    370. 

  370. 			$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
    371. 

  371. 			$bExtendedOutput = (RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+');
    372. 

  372. 			$sStimulus = RestUtils::GetMandatoryParam($aParams, 'stimulus');
    373. 

  373. 	
    374. 

  374. 			// Note: the target class cannot be based on the result of FindObjectFromKey, because in case the user does not have read access, that function already fails with msg 'Nothing found'
    375. 

  375. 			$sTargetClass = RestUtils::GetObjectSetFromKey($sClass, $key)->GetFilter()->GetClass();
    376. 

  376. 			if (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_MODIFY) != UR_ALLOWED_YES)
    377. 

  377. 			{
    378. 

  378. 				$oResult->code = RestResult::UNAUTHORIZED;
    379. 

  379. 				$oResult->message = "The current user does not have enough permissions for modifying data of class $sTargetClass";
    380. 

  380. 			}
    381. 

  381. 			elseif (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_BULK_MODIFY) != UR_ALLOWED_YES)
    382. 

  382. 			{
    383. 

  383. 				$oResult->code = RestResult::UNAUTHORIZED;
    384. 

  384. 				$oResult->message = "The current user does not have enough permissions for massively modifying data of class $sTargetClass";
    385. 

  385. 			}
    386. 

  386. 			else
    387. 

  387. 			{
    388. 

  388. 				$oObject = RestUtils::FindObjectFromKey($sClass, $key);
    389. 

  389. 				RestUtils::UpdateObjectFromFields($oObject, $aFields);
    390. 

  390. 			
    391. 

  391. 				$aTransitions = $oObject->EnumTransitions();
    392. 

  392. 				$aStimuli = MetaModel::EnumStimuli(get_class($oObject));
    393. 

  393. 				if (!isset($aTransitions[$sStimulus]))
    394. 

  394. 				{
    395. 

  395. 					// Invalid stimulus
    396. 

  396. 					$oResult->code = RestResult::INTERNAL_ERROR;
    397. 

  397. 					$oResult->message = "Invalid stimulus: '$sStimulus' on the object ".$oObject->GetName()." in state '".$oObject->GetState()."'";
    398. 

  398. 				}
    399. 

  399. 				else
    400. 

  400. 				{
    401. 

  401. 					$aTransition = $aTransitions[$sStimulus];
    402. 

  402. 					$sTargetState = $aTransition['target_state'];
    403. 

  403. 					$aStates = MetaModel::EnumStates($sClass);
    404. 

  404. 					$aTargetStateDef = $aStates[$sTargetState];
    405. 

  405. 					$aExpectedAttributes = $aTargetStateDef['attribute_list'];
    406. 

  406. 					
    407. 

  407. 					$aMissingMandatory = array();
    408. 

  408. 					foreach($aExpectedAttributes as $sAttCode => $iExpectCode)
    409. 

  409. 					{
    410. 

  410. 						if ( ($iExpectCode & OPT_ATT_MANDATORY) && ($oObject->Get($sAttCode) == ''))
    411. 

  411. 						{
    412. 

  412. 							$aMissingMandatory[] = $sAttCode;
    413. 

  413. 						}
    414. 

  414. 					}				
    415. 

  415. 					if (count($aMissingMandatory) == 0)
    416. 

  416. 					{
    417. 

  417. 						// If all the mandatory fields are already present, just apply the transition silently...
    418. 

  418. 						if ($oObject->ApplyStimulus($sStimulus))
    419. 

  419. 						{
    420. 

  420. 							$oObject->DBUpdate();
    421. 

  421. 							$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
    422. 

  422. 						}
    423. 

  423. 					}
    424. 

  424. 					else
    425. 

  425. 					{
    426. 

  426. 						// Missing mandatory attributes for the transition
    427. 

  427. 						$oResult->code = RestResult::INTERNAL_ERROR;
    428. 

  428. 						$oResult->message = 'Missing mandatory attribute(s) for applying the stimulus: '.implode(', ', $aMissingMandatory).'.';
    429. 

  429. 					}
    430. 

  430. 				}
    431. 

  431. 			}	
    432. 

  432. 			break;
    433. 

  433. 	
    434. 

  434. 		case 'core/get':
    435. 

  435. 			$sClass = RestUtils::GetClass($aParams, 'class');
    436. 

  436. 			$key = RestUtils::GetMandatoryParam($aParams, 'key');
    437. 

  437. 			$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
    438. 

  438. 			$bExtendedOutput = (RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+');
    439. 

  439. 

  440. 			$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
    441. 

  441. 			$sTargetClass = $oObjectSet->GetFilter()->GetClass();
    442. 

  442. 	
    443. 

  443. 			if (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_READ) != UR_ALLOWED_YES)
    444. 

  444. 			{
    445. 

  445. 				$oResult->code = RestResult::UNAUTHORIZED;
    446. 

  446. 				$oResult->message = "The current user does not have enough permissions for reading data of class $sTargetClass";
    447. 

  447. 			}
    448. 

  448. 			elseif (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_BULK_READ) != UR_ALLOWED_YES)
    449. 

  449. 			{
    450. 

  450. 				$oResult->code = RestResult::UNAUTHORIZED;
    451. 

  451. 				$oResult->message = "The current user does not have enough permissions for exporting data of class $sTargetClass";
    452. 

  452. 			}
    453. 

  453. 			else
    454. 

  454. 			{
    455. 

  455. 				while ($oObject = $oObjectSet->Fetch())
    456. 

  456. 				{
    457. 

  457. 					$oResult->AddObject(0, '', $oObject, $aShowFields, $bExtendedOutput);
    458. 

  458. 				}
    459. 

  459. 				$oResult->message = "Found: ".$oObjectSet->Count();
    460. 

  460. 			}
    461. 

  461. 			break;
    462. 

  462. 

  463. 		case 'core/delete':
    464. 

  464. 			$sClass = RestUtils::GetClass($aParams, 'class');
    465. 

  465. 			$key = RestUtils::GetMandatoryParam($aParams, 'key');
    466. 

  466. 			$bSimulate = RestUtils::GetOptionalParam($aParams, 'simulate', false);
    467. 

  467. 	
    468. 

  468. 			$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
    469. 

  469. 			$sTargetClass = $oObjectSet->GetFilter()->GetClass();
    470. 

  470. 	
    471. 

  471. 			if (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_DELETE) != UR_ALLOWED_YES)
    472. 

  472. 			{
    473. 

  473. 				$oResult->code = RestResult::UNAUTHORIZED;
    474. 

  474. 				$oResult->message = "The current user does not have enough permissions for deleting data of class $sTargetClass";
    475. 

  475. 			}
    476. 

  476. 			elseif (UserRights::IsActionAllowed($sTargetClass, UR_ACTION_DELETE) != UR_ALLOWED_YES)
    477. 

  477. 			{
    478. 

  478. 				$oResult->code = RestResult::UNAUTHORIZED;
    479. 

  479. 				$oResult->message = "The current user does not have enough permissions for massively deleting data of class $sTargetClass";
    480. 

  480. 			}
    481. 

  481. 			else
    482. 

  482. 			{
    483. 

  483. 				$aObjects = $oObjectSet->ToArray();
    484. 

  484. 				$this->DeleteObjects($oResult, $aObjects, $bSimulate);
    485. 

  485. 			}
    486. 

  486. 			break;
    487. 

  487. 

  488. 		case 'core/get_related':
    489. 

  489. 			$oResult = new RestResultWithRelations();
    490. 

  490. 			$sClass = RestUtils::GetClass($aParams, 'class');
    491. 

  491. 			$key = RestUtils::GetMandatoryParam($aParams, 'key');
    492. 

  492. 			$sRelation = RestUtils::GetMandatoryParam($aParams, 'relation');
    493. 

  493. 			$iMaxRecursionDepth = RestUtils::GetOptionalParam($aParams, 'depth', 20 /* = MAX_RECURSION_DEPTH */);
    494. 

  494. 			$sDirection = RestUtils::GetOptionalParam($aParams, 'direction', null);
    495. 

  495. 			$bEnableRedundancy = RestUtils::GetOptionalParam($aParams, 'redundancy', false);
    496. 

  496. 			$bReverse = false;
    497. 

  497. 

  498. 			if (is_null($sDirection) && ($sRelation == 'depends on'))
    499. 

  499. 			{
    500. 

  500. 				// Legacy behavior, consider "depends on" as a forward relation
    501. 

  501. 				$sRelation = 'impacts';
    502. 

  502. 				$sDirection = 'up'; 
    503. 

  503. 				$bReverse = true; // emulate the legacy behavior by returning the edges
    504. 

  504. 			}
    505. 

  505. 			else if(is_null($sDirection))
    506. 

  506. 			{
    507. 

  507. 				$sDirection = 'down';
    508. 

  508. 			}
    509. 

  509. 	
    510. 

  510. 			$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
    511. 

  511. 			if ($sDirection == 'down')
    512. 

  512. 			{
    513. 

  513. 				$oRelationGraph = $oObjectSet->GetRelatedObjectsDown($sRelation, $iMaxRecursionDepth, $bEnableRedundancy);
    514. 

  514. 			}
    515. 

  515. 			else if ($sDirection == 'up')
    516. 

  516. 			{
    517. 

  517. 				$oRelationGraph = $oObjectSet->GetRelatedObjectsUp($sRelation, $iMaxRecursionDepth, $bEnableRedundancy);
    518. 

  518. 			}
    519. 

  519. 			else
    520. 

  520. 			{
    521. 

  521. 				$oResult->code = RestResult::INTERNAL_ERROR;
    522. 

  522. 				$oResult->message = "Invalid value: '$sDirection' for the parameter 'direction'. Valid values are 'up' and 'down'";
    523. 

  523. 				return $oResult;
    524. 

  524. 				
    525. 

  525. 			}
    526. 

  526. 			
    527. 

  527. 			if ($bEnableRedundancy)
    528. 

  528. 			{
    529. 

  529. 				// Remove the redundancy nodes from the output
    530. 

  530. 				$oIterator = new RelationTypeIterator($oRelationGraph, 'Node');
    531. 

  531. 				foreach($oIterator as $oNode)
    532. 

  532. 				{
    533. 

  533. 					if ($oNode instanceof RelationRedundancyNode)
    534. 

  534. 					{
    535. 

  535. 						$oRelationGraph->FilterNode($oNode);
    536. 

  536. 					}
    537. 

  537. 				}
    538. 

  538. 			}
    539. 

  539. 			
    540. 

  540. 			$aIndexByClass = array();
    541. 

  541. 			$oIterator = new RelationTypeIterator($oRelationGraph);
    542. 

  542. 			foreach($oIterator as $oElement)
    543. 

  543. 			{
    544. 

  544. 				if ($oElement instanceof RelationObjectNode)
    545. 

  545. 				{
    546. 

  546. 					$oObject = $oElement->GetProperty('object');
    547. 

  547. 					if ($oObject)
    548. 

  548. 					{
    549. 

  549. 						if ($bEnableRedundancy)
    550. 

  550. 						{
    551. 

  551. 							// Add only the "reached" objects
    552. 

  552. 							if ($oElement->GetProperty('is_reached'))
    553. 

  553. 							{
    554. 

  554. 								$aIndexByClass[get_class($oObject)][$oObject->GetKey()] = null;
    555. 

  555. 								$oResult->AddObject(0, '', $oObject);
    556. 

  556. 							}
    557. 

  557. 						}
    558. 

  558. 						else
    559. 

  559. 						{
    560. 

  560. 							$aIndexByClass[get_class($oObject)][$oObject->GetKey()] = null;
    561. 

  561. 							$oResult->AddObject(0, '', $oObject);
    562. 

  562. 						}
    563. 

  563. 					}
    564. 

  564. 				}
    565. 

  565. 				else if ($oElement instanceof RelationEdge)
    566. 

  566. 				{
    567. 

  567. 					$oSrcObj = $oElement->GetSourceNode()->GetProperty('object');
    568. 

  568. 					$oDestObj = $oElement->GetSinkNode()->GetProperty('object');
    569. 

  569. 					$sSrcKey = get_class($oSrcObj).'::'.$oSrcObj->GetKey();
    570. 

  570. 					$sDestKey = get_class($oDestObj).'::'.$oDestObj->GetKey();
    571. 

  571. 					if ($bEnableRedundancy)
    572. 

  572. 					{
    573. 

  573. 						// Add only the edges where both source and destination are "reached"
    574. 

  574. 						if ($oElement->GetSourceNode()->GetProperty('is_reached') && $oElement->GetSinkNode()->GetProperty('is_reached'))
    575. 

  575. 						{
    576. 

  576. 							if ($bReverse)
    577. 

  577. 							{
    578. 

  578. 								$oResult->AddRelation($sDestKey, $sSrcKey);
    579. 

  579. 							}
    580. 

  580. 							else
    581. 

  581. 							{
    582. 

  582. 								$oResult->AddRelation($sSrcKey, $sDestKey);
    583. 

  583. 							}
    584. 

  584. 						}
    585. 

  585. 					}
    586. 

  586. 					else
    587. 

  587. 					{
    588. 

  588. 						if ($bReverse)
    589. 

  589. 						{
    590. 

  590. 							$oResult->AddRelation($sDestKey, $sSrcKey);
    591. 

  591. 						}
    592. 

  592. 						else
    593. 

  593. 						{
    594. 

  594. 							$oResult->AddRelation($sSrcKey, $sDestKey);
    595. 

  595. 						}
    596. 

  596. 					}
    597. 

  597. 				}
    598. 

  598. 			}
    599. 

  599. 

  600. 			if (count($aIndexByClass) > 0)
    601. 

  601. 			{
    602. 

  602. 				$aStats = array();
    603. 

  603. 				$aUnauthorizedClasses = array();
    604. 

  604. 				foreach ($aIndexByClass as $sClass => $aIds)
    605. 

  605. 				{
    606. 

  606. 					if (UserRights::IsActionAllowed($sClass, UR_ACTION_BULK_READ) != UR_ALLOWED_YES)
    607. 

  607. 					{
    608. 

  608. 						$aUnauthorizedClasses[$sClass] = true;
    609. 

  609. 					}
    610. 

  610. 					$aStats[] = $sClass.'= '.count($aIds);
    611. 

  611. 				}
    612. 

  612. 				if (count($aUnauthorizedClasses) > 0)
    613. 

  613. 				{
    614. 

  614. 					$sClasses = implode(', ', array_keys($aUnauthorizedClasses));
    615. 

  615. 					$oResult = new RestResult();
    616. 

  616. 					$oResult->code = RestResult::UNAUTHORIZED;
    617. 

  617. 					$oResult->message = "The current user does not have enough permissions for exporting data of class(es): $sClasses";
    618. 

  618. 				}
    619. 

  619. 				else
    620. 

  620. 				{
    621. 

  621. 					$oResult->message = "Scope: ".$oObjectSet->Count()."; Related objects: ".implode(', ', $aStats);
    622. 

  622. 				}
    623. 

  623. 			}
    624. 

  624. 			else
    625. 

  625. 			{
    626. 

  626. 				$oResult->message = "Nothing found";
    627. 

  627. 			}
    628. 

  628. 			break;
    629. 

  629. 			
    630. 

  630. 		case 'core/check_credentials':
    631. 

  631. 			$oResult = new RestResult();
    632. 

  632. 			$sUser = RestUtils::GetMandatoryParam($aParams, 'user');
    633. 

  633. 			$sPassword = RestUtils::GetMandatoryParam($aParams, 'password');
    634. 

  634. 

  635. 			if (UserRights::CheckCredentials($sUser, $sPassword) !== true)
    636. 

  636. 			{
    637. 

  637. 				$oResult->authorized = false;
    638. 

  638. 			}
    639. 

  639. 			else
    640. 

  640. 			{
    641. 

  641. 				$oResult->authorized = true;
    642. 

  642. 			}
    643. 

  643. 			break;
    644. 

  644. 	
    645. 

  645. 		default:
    646. 

  646. 			// unknown operation: handled at a higher level
    647. 

  647. 		}
    648. 

  648. 		return $oResult;
    649. 

  649. 	}
    650. 

  650. 

  651. 	/**
    652. 

  652. 	 * Helper for object deletion	
    653. 

  653. 	 */
    654. 

  654. 	public function DeleteObjects($oResult, $aObjects, $bSimulate)
    655. 

  655. 	{
    656. 

  656. 		$oDeletionPlan = new DeletionPlan();
    657. 

  657. 		foreach($aObjects as $oObj)
    658. 

  658. 		{
    659. 

  659. 			if ($bSimulate)
    660. 

  660. 			{
    661. 

  661. 				$oObj->CheckToDelete($oDeletionPlan);
    662. 

  662. 			}
    663. 

  663. 			else
    664. 

  664. 			{
    665. 

  665. 				$oObj->DBDelete($oDeletionPlan);
    666. 

  666. 			}
    667. 

  667. 		}
    668. 

  668. 

  669. 		foreach ($oDeletionPlan->ListDeletes() as $sTargetClass => $aDeletes)
    670. 

  670. 		{
    671. 

  671. 			foreach ($aDeletes as $iId => $aData)
    672. 

  672. 			{
    673. 

  673. 				$oToDelete = $aData['to_delete'];
    674. 

  674. 				$bAutoDel = (($aData['mode'] == DEL_SILENT) || ($aData['mode'] == DEL_AUTO));
    675. 

  675. 				if (array_key_exists('issue', $aData))
    676. 

  676. 				{
    677. 

  677. 					if ($bAutoDel)
    678. 

  678. 					{
    679. 

  679. 						if (isset($aData['requested_explicitely'])) // i.e. in the initial list of objects to delete
    680. 

  680. 						{
    681. 

  681. 							$iCode = RestDelete::ISSUE;
    682. 

  682. 							$sPlanned = 'Cannot be deleted: '.$aData['issue'];
    683. 

  683. 						}
    684. 

  684. 						else
    685. 

  685. 						{
    686. 

  686. 							$iCode = RestDelete::AUTO_DELETE_ISSUE;
    687. 

  687. 							$sPlanned = 'Should be deleted automatically... but: '.$aData['issue'];
    688. 

  688. 						}
    689. 

  689. 					}
    690. 

  690. 					else
    691. 

  691. 					{
    692. 

  692. 						$iCode = RestDelete::REQUEST_EXPLICITELY;
    693. 

  693. 						$sPlanned = 'Must be deleted explicitely... but: '.$aData['issue'];
    694. 

  694. 					}
    695. 

  695. 				}
    696. 

  696. 				else
    697. 

  697. 				{
    698. 

  698. 					if ($bAutoDel)
    699. 

  699. 					{
    700. 

  700. 						if (isset($aData['requested_explicitely']))
    701. 

  701. 						{
    702. 

  702. 							$iCode = RestDelete::OK;
    703. 

  703. 		               $sPlanned = '';
    704. 

  704. 						}
    705. 

  705. 						else
    706. 

  706. 						{
    707. 

  707. 							$iCode = RestDelete::AUTO_DELETE;
    708. 

  708. 							$sPlanned = 'Deleted automatically';
    709. 

  709. 						}
    710. 

  710. 					}
    711. 

  711. 					else
    712. 

  712. 					{
    713. 

  713. 						$iCode = RestDelete::REQUEST_EXPLICITELY;
    714. 

  714. 						$sPlanned = 'Must be deleted explicitely';
    715. 

  715. 					}
    716. 

  716. 				}
    717. 

  717. 				$oResult->AddObject($iCode, $sPlanned, $oToDelete);
    718. 

  718. 			}
    719. 

  719. 		}
    720. 

  720. 		foreach ($oDeletionPlan->ListUpdates() as $sRemoteClass => $aToUpdate)
    721. 

  721. 		{
    722. 

  722. 			foreach ($aToUpdate as $iId => $aData)
    723. 

  723. 			{
    724. 

  724. 				$oToUpdate = $aData['to_reset'];
    725. 

  725. 				if (array_key_exists('issue', $aData))
    726. 

  726. 				{
    727. 

  727. 					$iCode = RestDelete::AUTO_UPDATE_ISSUE;
    728. 

  728. 					$sPlanned = 'Should be updated automatically... but: '.$aData['issue'];
    729. 

  729. 				}
    730. 

  730. 				else
    731. 

  731. 				{
    732. 

  732. 					$iCode = RestDelete::AUTO_UPDATE;
    733. 

  733. 					$sPlanned = 'Reset external keys: '.$aData['attributes_list'];
    734. 

  734. 				}
    735. 

  735. 				$oResult->AddObject($iCode, $sPlanned, $oToUpdate);
    736. 

  736. 			}
    737. 

  737. 		}
    738. 

  738. 		
    739. 

  739. 		if ($oDeletionPlan->FoundStopper())
    740. 

  740. 		{
    741. 

  741. 			if ($oDeletionPlan->FoundSecurityIssue())
    742. 

  742. 			{
    743. 

  743. 				$iRes = RestResult::UNAUTHORIZED;
    744. 

  744. 				$sRes = 'Deletion not allowed on some objects';
    745. 

  745. 			}
    746. 

  746. 			elseif ($oDeletionPlan->FoundManualOperation())
    747. 

  747. 			{
    748. 

  748. 				$iRes = RestResult::UNSAFE; 
    749. 

  749. 				$sRes = 'The deletion requires that other objects be deleted/updated, and those operations must be requested explicitely';
    750. 

  750. 			}
    751. 

  751. 			else
    752. 

  752. 			{
    753. 

  753. 				$iRes = RestResult::INTERNAL_ERROR; 
    754. 

  754. 				$sRes = 'Some issues have been encountered. See the list of planned changes for more information about the issue(s).';
    755. 

  755. 			}		
    756. 

  756. 		}
    757. 

  757. 		else
    758. 

  758. 		{
    759. 

  759. 			$iRes = RestResult::OK; 
    760. 

  760. 			$sRes = 'Deleted: '.count($aObjects);
    761. 

  761. 			$iIndirect = $oDeletionPlan->GetTargetCount() - count($aObjects);
    762. 

  762. 			if ($iIndirect > 0)
    763. 

  763. 			{
    764. 

  764. 				$sRes .= ' plus (for DB integrity) '.$iIndirect;
    765. 

  765. 			}
    766. 

  766. 		}
    767. 

  767. 		$oResult->code = $iRes;
    768. 

  768. 		if ($bSimulate)
    769. 

  769. 		{
    770. 

  770. 			$oResult->message = 'SIMULATING: '.$sRes;
    771. 

  771. 		}
    772. 

  772. 		else
    773. 

  773. 		{
    774. 

  774. 			$oResult->message = $sRes;
    775. 

  775. 		}
    776. 

  776. 	}
    777. 

  777. }
    778.