added services/caches/edit for log passwords; resolves #488

Author: following5

okapi/core/Db.php

@@ -284,4 +284,16 @@ public static function field_exists($table, $field)
         }
         return false;
     }
+
+    public static function field_length($table, $field)
+    {
+        return self::select_value("
+            select character_maximum_length
+            from information_schema.columns
+            where
+                table_schema='".self::escape_string(Settings::get('DB_NAME'))."'
+                and table_name='".self::escape_string($table)."'
+                and column_name='".self::escape_string($field)."'
+        ");
+    }
 }

okapi/core/OkapiServiceRunner.php

@@ -33,6 +33,7 @@ class OkapiServiceRunner
         'services/caches/search/by_urls',
         'services/caches/search/save',
         'services/caches/shortcuts/search_and_retrieve',
+        'services/caches/edit',
         'services/caches/geocache',
         'services/caches/geocaches',
         'services/caches/mark',

okapi/services/apisrv/installation/WebService.php

@@ -4,6 +4,7 @@
 
 use okapi\core\Okapi;
 use okapi\core\Request\OkapiRequest;
+use okapi\core\Db;
 use okapi\Settings;
 
 class WebService
@@ -29,6 +30,8 @@ public static function call(OkapiRequest $request)
         $result['mobile_registration_url'] = Settings::get('MOBILE_REGISTRATION_URL');
         $result['image_max_upload_size'] = Settings::get('IMAGE_MAX_UPLOAD_SIZE');
         $result['image_rcmd_max_pixels'] = Settings::get('IMAGE_MAX_PIXEL_COUNT');
+        $result['geocache_passwd_max_length'] = Db::field_length('caches', 'logpw');
+
         return Okapi::formatted_response($request, $result);
     }
 }

okapi/services/apisrv/installation/docs.xml

@@ -93,6 +93,11 @@
                 site to fit this restriction. Larger images may have been
                 uploaded in the past, or by other means than OKAPI.</p>
             </li>
+            <li>
+                <p><b>geocache_passwd_max_length</b> - the maximum length of
+                a password that will be accepted by
+                <a href='%OKAPI:methodargref:services/caches/edit%'>services/caches/edit</a>.</p>
+            </li>
         </ul>
     </returns>
-</xml>
+</xml>

okapi/services/caches/edit/WebService.php

@@ -0,0 +1,112 @@
+<?php
+
+namespace okapi\services\caches\edit;
+
+use okapi\core\Okapi;
+use okapi\core\Db;
+use okapi\core\Exception\BadRequest;
+use okapi\core\Exception\InvalidParam;
+use okapi\core\Exception\ParamMissing;
+use okapi\core\Request\OkapiRequest;
+use okapi\core\Request\OkapiInternalRequest;
+use okapi\core\OkapiServiceRunner;
+use okapi\Settings;
+
+
+class WebService
+{
+    public static function options()
+    {
+        return array(
+            'min_auth_level' => 3,
+        );
+    }
+
+    public static function call(OkapiRequest $request)
+    {
+        $cache_code = $request->get_parameter('cache_code');
+        if ($cache_code == null)
+            throw new ParamMissing('cache_code');
+        $geocache = OkapiServiceRunner::call(
+            'services/caches/geocache',
+            new OkapiInternalRequest(
+                $request->consumer,
+                $request->token,
+                array('cache_code' => $cache_code, 'fields' => 'internal_id|type|date_created')
+            )
+        );
+        $internal_id_escaped = Db::escape_string($geocache['internal_id']);
+        $owner_id = Db::select_value(
+            "select user_id from caches where cache_id = '".$internal_id_escaped."'"
+        );
+        if ($owner_id != $request->token->user_id)
+            throw new BadRequest("Only own caches may be edited.");
+
+        $problems = [];
+        $change_sqls_escaped = [];
+
+        $langpref = $request->get_parameter('langpref');
+        if (!$langpref) $langpref = "en";
+        $langprefs = explode("|", $langpref);
+
+        Okapi::gettext_domain_init($langprefs);
+        try
+        {
+            # passwd
+            $newpw = $request->get_parameter('passwd');
+            if ($newpw !== null)
+            {
+                $installation = OkapiServiceRunner::call(
+                    'services/apisrv/installation',
+                    new OkapiInternalRequest($request->consumer, $request->token, [])
+                );
+                if (strlen($newpw) > $installation['geocache_passwd_max_length']) {
+                    $problems['passwd'] = sprintf(
+                        _('The password must not be longer than %d characters.'),
+                        $installation['geocache_passwd_max_length']
+                    );
+                } elseif (
+                    Settings::get('OC_BRANCH') == 'oc.pl' &&
+                    $geocache['type'] == 'Traditional' &&
+                    $geocache['date_created'] > '2010-06-18 20:03:18'
+                ) {
+                    # We won't bother the user with the creation date thing here.
+                    # The *current* rule is that OCPL sites do not allow tradi passwords.
+                    # For older caches, the user won't see this message.
+
+                    $problems['passwd'] = sprintf(
+                        _('%s does not allow log passwords for traditional caches.'),
+                        Okapi::get_normalized_site_name()
+                    );
+                } else {
+                    $oldpw = Db::select_value("select logpw from caches where cache_id='".$internal_id_escaped."'");
+                    if ($newpw != $oldpw)
+                        $change_sqls_escaped[] = "logpw = '".Db::escape_string($newpw)."'";
+                    unset($oldpw);
+                }
+            }
+            unset($newpw);
+
+            Okapi::gettext_domain_restore();
+        }
+        catch (Exception $e)
+        {
+            Okapi::gettext_domain_restore();
+            throw $e;
+        }
+
+        # save changes
+        if (count($problems) == 0 && count($change_sqls_escaped) > 0) {
+            Db::execute("
+                update caches
+                set " . implode(', ', $change_sqls_escaped) . ", last_modified=NOW()
+                where cache_id = '".$internal_id_escaped."'
+            ");
+        }
+
+        $result = ['success' => count($problems) == 0, 'messages' => $problems];
+
+        Okapi::update_user_activity($request);
+        return Okapi::formatted_response($request, $result);
+    }
+}

okapi/services/caches/edit/docs.xml

@@ -0,0 +1,50 @@
+<xml>
+    <brief>Change the properties of a geocache</brief>
+    <issue-id>TODO</issue-id>
+    <desc>
+        <p>This method allows your users to change properties of an owned
+        geocache. Currently, only the log password can be changed.
+        Let us know if you need to edit other geocache properties.</p>
+    </desc>
+    <req name='cache_code'>
+        <p>Code of the geocache.</p>
+    </req>
+    <opt name='passwd'>
+        <p>String - the new password for 'Found it' or 'Attended' log entries.
+        If you supply an empty string, the password will be cleared, i.e.
+        the geocache will not require a log password.</p>
+        <p>You may query the maximum accepted password length for the OC site by
+        <a href='%OKAPI:methodargref:services/apisrv/installation%'>services/apsrv/installation</a>.
+        There may also be installation-dependent restrictions on which
+        geocaches may have passwords. <b>success</b> will be <b>false</b> and
+        an explanation message will be returned if a password is rejected.</p>
+    </opt>
+    <opt name='langpref' default='en'>
+        <p>Pipe-separated list of ISO 639-1 language codes. This indicates the
+        order of preference in which language will be chosen for the
+        <b>messages</b> return value.</p>
+    </opt>
+    <common-format-params/>
+    <returns>
+        <p>A dictionary of the following structure:</p>
+        <ul>
+            <li>
+                <p><b>success</b> - boolean,</p>
+                <ul>
+                    <li><b>true</b> if all of the supplied geocache properties
+                    were saved successfully or if no property to be changed was
+                    supplied. The geocache's <b>last_modified</b> date has been
+                    updated if any property was changed,</li>
+                    <li><b>false</b> if nothing was saved, which means that at
+                    least one of the supplied parameters was not acceptable.</li>
+                </ul>
+            </li>
+            <li>
+                <p><b>messages</b> - a dictionary of the supplied parameters
+                that were not acceptable, each entry giving a plain-text string
+                that explains the reason of rejection. The dictionary is empty
+                in case of success.</p>
+            </li>
+        </ul>
+    </returns>
+</xml>