From 8ac1114505a8b6b32300e8e2e8700b796eb0bd48 Mon Sep 17 00:00:00 2001
From: xrowkristina <kristina@xrow.de>
Date: Tue, 30 Jun 2015 18:22:18 +0200
Subject: [PATCH] added new functions

---
 CRM/CRMPluginInterface.php   |  4 ++
 Controller/ApiController.php | 74 +++++++++++++++++++++++++++++++++++-
 Resources/config/routing.yml | 29 --------------
 3 files changed, 76 insertions(+), 31 deletions(-)
 delete mode 100644 Resources/config/routing.yml

diff --git a/CRM/CRMPluginInterface.php b/CRM/CRMPluginInterface.php
index cf975d0..261ab23 100644
--- a/CRM/CRMPluginInterface.php
+++ b/CRM/CRMPluginInterface.php
@@ -12,5 +12,9 @@ public function getAccount($user);
 
     public function getSubscriptions($user);
 
+    public function checkPassword($loginData);
+
+    public function updateUser($user, $newData);
+
     public function getSubscription($user, $subscriptionId);
 }
\ No newline at end of file
diff --git a/Controller/ApiController.php b/Controller/ApiController.php
index 1404c6d..9840775 100644
--- a/Controller/ApiController.php
+++ b/Controller/ApiController.php
@@ -2,6 +2,9 @@
 
 namespace xrow\restBundle\Controller;
 
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
+
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\HttpFoundation\Request;
@@ -12,14 +15,21 @@
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\DependencyInjection\ContainerInterface;
+
 use FOS\OAuthServerBundle\Security\Authentication\Token\OAuthToken;
 use FOS\OAuthServerBundle\Model\AccessTokenInterface;
+
 use OAuth2\OAuth2;
 use OAuth2\OAuth2AuthenticateException;
+
 use xrow\restBundle\CRM\LoadCRMPlugin;
 use xrow\restBundle\Entity\User as APIUser;
+
 use eZ\Publish\Core\MVC\Symfony\Event\InteractiveLoginEvent;
 
+/**
+ * @Route("/xrowapi/v1")
+ */
 class ApiController extends Controller
 {
     /**
@@ -63,7 +73,9 @@ public function __construct(LoadCRMPlugin $loadCRMPlugin, SecurityContextInterfa
     }
 
     /**
-     *
+     * @Route("/auth")
+     * @Method({"GET", "POST"})
+     * 
      * @param Request $request
      * @throws AccessDeniedException
      */
@@ -148,6 +160,8 @@ function () use ( $currentEzUser )
     }
 
     /**
+     * @Route("/user")
+     * @Method({"GET", "PATCH"})
      * 
      * @param Request $request
      * @throws AccessDeniedException
@@ -163,7 +177,13 @@ public function getUserAction(Request $request)
                         'error_type' => 'NOUSER',
                         'error_description' => 'This user does not have access to this section.'), 403);
             }
-            $CRMUser = $this->crmPluginClassObject->getUser($user);
+            $httpMethod = $request->getMethod();
+            if ($httpMethod == 'GET') {
+                $CRMUser = $this->crmPluginClassObject->getUser($user);
+            }
+            elseif ($httpMethod == 'PATCH') {
+                $CRMUser = $this->crmPluginClassObject->updateUser($user, $request);
+            }
             if($CRMUser) {
                 return new JsonResponse(array(
                             'result' => $CRMUser,
@@ -184,6 +204,8 @@ public function getUserAction(Request $request)
     }
 
     /**
+     * @Route("/account")
+     * @Method({"GET"})
      * 
      * @param Request $request
      * @return \Symfony\Component\HttpFoundation\JsonResponse
@@ -219,6 +241,8 @@ public function getAccountAction(Request $request)
     }
 
     /**
+     * @Route("/subscriptions")
+     * @Method({"GET"})
      * 
      * @param Request $request
      * @throws AccessDeniedException
@@ -255,6 +279,52 @@ public function getSubscriptionsAction(Request $request)
     }
 
     /**
+     * @Route("/chekpassword")
+     * @Method({"GET"})
+     * 
+     * @param Request $request
+     * @throws AccessDeniedException
+     * @return \Symfony\Component\HttpFoundation\JsonResponse
+     */
+    public function checkPasswordAction(Request $request)
+    {
+        try {
+            $user = $this->checkAccessGranted($request);
+            if (!$user instanceof APIUser) {
+                return new JsonResponse(array(
+                    'error' => 'invalid_grant',
+                    'error_type' => 'NOUSER',
+                    'error_description' => 'This user does not have access to this section.'), 403);
+            }
+            $username = $request->get('username', null);
+            $password = $request->get('password', null);
+            if ($username !== null && $password !== null) {
+                $loginData = array('username' => $username, 
+                                   'password' => $password);
+                $return = $this->crmPluginClassObject->checkPassword($loginData);
+                if($this->crmPluginClassObject->checkPassword($loginData) === true) {
+                    return new JsonResponse(array(
+                        'result' => true,
+                        'type' => 'CONTENT',
+                        'message' => 'User data'));
+                }
+            }
+            return new JsonResponse(array(
+                'result' => null,
+                'type' => 'NOCONTENT',
+                'message' => 'User not found'), 204);
+        } catch (AuthenticationException $e) {
+            $exception = $this->errorHandling($e);
+            return new JsonResponse(array(
+                'error' => $exception['error'],
+                'error_type' => $exception['type'],
+                'error_description' => $exception['error_description']), $exception['httpCode']);
+        }
+    }
+
+    /**
+     * @Route("/logout")
+     * @Method({"GET"})
      * 
      * @return \Symfony\Component\HttpFoundation\JsonResponse
      */
diff --git a/Resources/config/routing.yml b/Resources/config/routing.yml
deleted file mode 100644
index b431d1d..0000000
--- a/Resources/config/routing.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-xrow_rest_api_auth:
-    path: /auth
-    defaults: 
-        _controller: xrow_rest.controller.api:setAuthenticationAction
-    methods: [GET|POST]
-
-xrowapi_user:
-    path: /user
-    defaults: 
-        _controller: xrow_rest.controller.api:getUserAction
-    methods: [GET]
-
-xrowapi_account:
-    path:     /account
-    defaults:
-        _controller: xrow_rest.controller.api:getAccountAction
-    methods: [GET]
-
-xrowapi_subscriptions:
-    path:     /subscriptions
-    defaults:
-        _controller: xrow_rest.controller.api:getSubscriptionsAction
-    methods: [GET]
-
-xrowapi_logout:
-    path:     /logout
-    defaults:
-        _controller: xrow_rest.controller.api:logoutAction
-    methods: [GET]
\ No newline at end of file