новые методы для сообщений,

различные правки для актуальной версий InstantCMS

Author: fuzegit

manifest.en.ini

@@ -5,12 +5,12 @@ addon_id = "600"
 
 [version]
 major = "2"
-minor = "1"
+minor = "2"
 build = "0"
-date  = "20180913"
+date  = "20190409"
 
 [depends]
-core = "2.5.0"
+core = "2.11.0"
 
 [author]
 name  = "InstantCMS Team"

manifest.ru.ini

@@ -5,12 +5,12 @@ addon_id = "600"
 
 [version]
 major = "2"
-minor = "1"
+minor = "2"
 build = "0"
-date  = "20180913"
+date  = "20190409"
 
 [depends]
-core = "2.5.0"
+core = "2.11.0"
 
 [author]
 name  = "InstantCMS Team"

package/system/controllers/api/actions/method.php

@@ -206,6 +206,8 @@ public function run($method_name = null){
         // ставим ключ API в свойство
         $this->method_action->key = $this->key;
         $this->method_action->method_name = $this->method_name;
+        // опции api в свойство
+        $this->method_action->api_options = $this->options;
 
         // валидация параметров запроса
         $params_error = $this->validateMethodParams();

package/system/controllers/api/api_actions/api_auth_confirm.php

@@ -82,15 +82,11 @@ public function run(){
 
             cmsUser::setUserSession($this->user);
 
-            $update_data = array(
-                'ip' => cmsUser::getIp()
-            );
-
-            $this->model->update('{users}', $this->user['id'], $update_data, true);
+            $this->model_users->updateUserIp($this->user['id']);
 
             cmsEventsManager::hook('auth_login', $this->user['id']);
 
-            unset($this->user['password'], $this->user['password_salt'], $this->user['pass_token'], $this->user['date_token'], $this->user['ip'], $this->user['is_admin']);
+            unset($this->user['password_hash'], $this->user['password'], $this->user['password_salt'], $this->user['pass_token'], $this->user['date_token'], $this->user['ip'], $this->user['is_admin']);
 
             $auth_user = array(
                 'session_name' => session_name(),

package/system/controllers/api/api_actions/api_auth_login.php

@@ -52,7 +52,7 @@ class actionAuthApiAuthLogin extends cmsAction {
         'user_info' => array(   // название ключа в $this->result
             'type'   => 'item', // list или item
             'unsets' => array(  // массив названий ключей для удаления
-                'password', 'password_salt', 'pass_token', 'date_token', 'ip', 'is_admin'
+                'password_hash', 'password', 'password_salt', 'pass_token', 'date_token', 'ip', 'is_admin'
             )
         )
     );
@@ -81,7 +81,7 @@ public function validateApiRequest() {
 
         $this->user = $this->model_users->getUser($logged_id);
 
-        if ($this->user['is_admin']) {
+        if (empty($this->api_options['allow_admin_login']) && $this->user['is_admin']) {
 
             cmsUser::logout();
 

package/system/controllers/api/api_actions/api_content_add_item.php

@@ -199,9 +199,8 @@ public function validateApiRequest($ctype_name = null) {
 
         }
 
-        if (!$errors){
-            list($this->item, $errors) = cmsEventsManager::hook('content_validate', array($this->item, $errors));
-        }
+        list($this->item, $errors) = cmsEventsManager::hook('content_validate', array($this->item, $errors));
+        list($this->item, $errors, $this->ctype, $this->fields) = cmsEventsManager::hook("content_{$ctype['name']}_validate", array($this->item, $errors, $this->ctype, $this->fields), null, $this->request);
 
         if($errors){
 
@@ -288,26 +287,6 @@ public function run($ctype_name){
         $this->item = cmsEventsManager::hook('content_before_add', $this->item);
         $this->item = cmsEventsManager::hook("content_{$this->ctype['name']}_before_add", $this->item);
 
-        // SEO параметры
-        $item_seo = $this->prepareItemSeo($this->item, $this->fields, $this->ctype);
-        if(empty($this->ctype['options']['is_manual_title']) && !empty($this->ctype['options']['seo_title_pattern'])){
-            $this->item['seo_title'] = string_replace_keys_values_extended($this->ctype['options']['seo_title_pattern'], $item_seo);
-        }
-        if ($this->ctype['is_auto_keys']){
-            if(!empty($this->ctype['options']['seo_keys_pattern'])){
-                $this->item['seo_keys'] = string_replace_keys_values_extended($this->ctype['options']['seo_keys_pattern'], $item_seo);
-            } else {
-                $this->item['seo_keys'] = string_get_meta_keywords($this->item['content']);
-            }
-        }
-        if ($this->ctype['is_auto_desc']){
-            if(!empty($this->ctype['options']['seo_desc_pattern'])){
-                $this->item['seo_desc'] = string_get_meta_description(string_replace_keys_values_extended($this->ctype['options']['seo_desc_pattern'], $item_seo));
-            } else {
-                $this->item['seo_desc'] = string_get_meta_description($this->item['content']);
-            }
-        }
-
         $this->item = $this->model->addContentItem($this->ctype, $this->item, $this->fields);
 
         $this->bindItemToParents($this->ctype, $this->item, $this->parents);

package/system/controllers/api/api_actions/api_content_get_item.php

@@ -174,30 +174,6 @@ public function run($ctype_name){
             }
         }
 
-        // Комментарии
-        if ($this->ctype['is_comments'] &&
-                $this->ctype['is_approved'] &&
-                $this->ctype['is_comments_on'] &&
-                $this->isControllerEnabled('comments')){
-
-            $this->item['is_comments_on'] = true;
-
-        } else {
-            $this->item['is_comments_on'] = false;
-        }
-
-        // Рейтинг. Если выключен, убираем ячейку из ответа
-        if (!$this->ctype['is_rating'] && !$this->isControllerEnabled('rating')){
-            unset($this->item['rating']);
-        }
-
-        // Получаем теги
-        if ($this->ctype['is_tags']){
-            $this->item['tags'] = cmsCore::getModel('tags')->getTagsForTarget($this->name, $this->ctype['name'], $this->item['id']);
-        } else {
-            unset($this->item['tags']);
-        }
-
         list($this->ctype, $this->item, $fields) = cmsEventsManager::hook('content_before_item', array($this->ctype, $this->item, $fields));
         list($this->ctype, $this->item, $fields) = cmsEventsManager::hook("content_{$this->ctype['name']}_before_item", array($this->ctype, $this->item, $fields));
         list($this->ctype, $this->item, $fields) = cmsEventsManager::hook('api_content_before_item', array($this->ctype, $this->item, $fields));
@@ -209,8 +185,24 @@ public function run($ctype_name){
 
             if (empty($this->item[$name]) || $field['is_system']) { continue; }
 
+            // проверяем что группа пользователя имеет доступ к чтению этого поля
             if ($field['groups_read'] && !$this->cms_user->isInGroups($field['groups_read'])) {
+                // если группа пользователя не имеет доступ к чтению этого поля,
+                // проверяем на доступ к нему для авторов
+                if (!empty($this->item['user_id']) && !empty($field['options']['author_access'])){
+
+                    if (!in_array('is_read', $field['options']['author_access'])){
+                        unset($this->item[$name]); continue;
+                    }
+
+                    if ($this->item['user_id'] == $this->cms_user->id){
+                        unset($this->item[$name]); continue;
+                    }
+
+                }
+
                 unset($this->item[$name]); continue;
+
             }
 
             if (in_array($field['type'], array('images','image'))){

package/system/controllers/api/api_actions/api_messages_delete_contact.php

@@ -0,0 +1,57 @@
+<?php
+
+class actionMessagesApiMessagesDeleteContact extends cmsAction {
+
+    public $lock_explicit_call = true;
+
+    public $result;
+
+    public $auth_required = true;
+
+    public $check_sig = true;
+
+    public $request_params = array(
+        'contact_id' => array(
+            'default' => 0,
+            'rules'   => array(
+                array('required'),
+                array('digits')
+            )
+        )
+    );
+
+    private $contact_id;
+
+    public function validateApiRequest() {
+
+        $this->contact_id = $this->request->get('contact_id');
+
+        $contact = $this->model->getContact($this->cms_user->id, $this->contact_id);
+
+        if (!$contact){
+            return array(
+                'error_code'     => 100,
+                'error_msg'      => '',
+                'request_params' => array(
+                    'contact_id' => ERR_VALIDATE_INVALID
+                )
+            );
+        }
+
+        return false;
+
+    }
+
+    public function run(){
+
+        $this->model->deleteContact($this->cms_user->id, $this->contact_id);
+
+        $count = $this->model->getContactsCount($this->cms_user->id);
+
+        $this->result = array(
+            'count' => $count
+        );
+
+    }
+
+}

package/system/controllers/api/api_actions/api_messages_delete_mesages.php

@@ -0,0 +1,46 @@
+<?php
+
+class actionMessagesApiMessagesDeleteMesages extends cmsAction {
+
+    public $lock_explicit_call = true;
+
+    public $result;
+
+    public $auth_required = true;
+
+    public $check_sig = true;
+
+    public $request_params = array(
+        'message_ids' => array(
+            'default' => [],
+            'rules'   => array(
+                array('required')
+            )
+        )
+    );
+
+    public function run(){
+
+        $_message_ids = $this->request->get('message_ids');
+
+        $message_ids = [];
+
+        foreach ($_message_ids as $message_id) {
+            $message_ids[] = (int)$message_id;
+        }
+
+        $delete_msg_ids = $this->model->deleteMessages($this->cms_user->id, $message_ids);
+
+        if($delete_msg_ids){
+            $message_ids = array_diff($message_ids, $delete_msg_ids);
+        }
+
+        $this->result = array(
+            'remove_text'    => LANG_PM_IS_DELETE,
+            'message_ids'    => $message_ids,
+            'delete_msg_ids' => $delete_msg_ids
+        );
+
+    }
+
+}

package/system/controllers/api/api_actions/api_messages_delete_notice.php

@@ -0,0 +1,42 @@
+<?php
+
+class actionMessagesApiMessagesDeleteNotice extends cmsAction {
+
+    public $lock_explicit_call = true;
+
+    public $result;
+
+    public $auth_required = true;
+
+    public $request_params = array(
+        'id' => array(
+            'default' => 0,
+            'rules'   => array(
+                array('digits')
+            )
+        )
+    );
+
+    public function run(){
+
+        $notice_id = $this->request->get('id');
+
+        if($notice_id){
+
+            $notice = $this->model->getNotice($notice_id);
+
+            if($notice && $notice['user_id'] == $this->cms_user->id && !empty($notice['options']['is_closeable'])){
+                $this->model->deleteNotice($notice_id);
+            }
+
+        } else {
+            $this->model->deleteUserNotices($this->cms_user->id);
+        }
+
+        $this->result = array(
+            'count' => $this->model->getNoticesCount($this->cms_user->id)
+        );
+
+    }
+
+}