API - Basic API calls #24

Open
wants to merge 84 commits into
from
Commits
Jump to file or symbol
Failed to load files and symbols.
+3,424 −0
Diff settings

Always

Just for now

View
@@ -0,0 +1,5 @@
+RewriteEngine On
+RewriteCond %{ENV:REDIRECT_STATUS} ^$
+#RewriteCond %{REQUEST_FILENAME} !-f
+#RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php/$1 [L]
@@ -0,0 +1,105 @@
+<?php

This comment has been minimized.

@anvk

anvk Jul 9, 2014

Where is an example when a custom field is returned back (e.g. after POST you return ID of the freshly created entity) ?

@anvk

anvk Jul 9, 2014

Where is an example when a custom field is returned back (e.g. after POST you return ID of the freshly created entity) ?

This comment has been minimized.

@anvk

anvk Jul 9, 2014

Where is an example where you show how extra logic is being execute right after api_backbone() function?

@anvk

anvk Jul 9, 2014

Where is an example where you show how extra logic is being execute right after api_backbone() function?

+

This comment has been minimized.

@anvk

anvk Jul 9, 2014

I do not see sql_clause() function anywhere. It is VERY important function when you pass query parameters but not sure if all of them are present. Where is explanation for that?

@anvk

anvk Jul 9, 2014

I do not see sql_clause() function anywhere. It is VERY important function when you pass query parameters but not sure if all of them are present. Where is explanation for that?

+class BoilerplateClass {
+ function get() {
+ // Make a call to the API function like this
+ // Specify a request type, access level and query to be executed.
+
+ // You may want to add certain WHERE parameters to your query (which may or may not be present)
+ // An associative array is an argument - the keys are the names of the db columns as they appear in the query
+ // - the values are the variables that may or may not exist in the call
+ // Uncomment the following call to generate the clause according to the variables that are present
+
+ // create_SQL_clause(array(
+ // "title" => $_GET["title"],
+ // "language" => $_GET["language"]
+ // ));
+
+ // Uncomment the following for a sample call (make sure you set the variables first)
+
+ /* api_backbone(array(
+ * "request_type" => HTTP_GET,
+ * "access_level" => INSTRUCTOR_ACCESS_LEVEL,
+ * "query" => $query,
+ * "query_array" => $array
+ * ));
+ */
+ print "You are at the boilerplate home!";
+ }
+
+ function post() {
+ // Make a call to the API function like this
+ // Specify a request type, access level and query to be executed.
+ // We create an object and return the ID with this call.
+ // To get the ID of the newly created object, set returned_id_name to true
+
+ // Uncomment the following for a sample call (make sure you set the variables first)
+ /* api_backbone(array(
+ * "request_type" => HTTP_POST,
+ * "access_level" => INSTRUCTOR_ACCESS_LEVEL,
+ * "query" => $query,
+ * "query_array" => $array,
+ * "returned_id_name" => true
+ * ));
+ */
+ print "You are at the boilerplate home! Creating an object.";
+ }
+}
+
+class BoilerplateClassWithUrlParameter{
+ function get($boilerplate_id) {
+ // Make a call to the API function like this
+ // Since we want a single object, we specify one_row to be true
+ /* api_backbone(array(
+ * "request_type" => HTTP_GET,
+ * "access_level" => ADMIN_ACCESS_LEVEL,
+ * "query" => $query,
+ * "query_array" => $array,
+ * "one_row" => true

This comment has been minimized.

@anvk

anvk Jul 9, 2014

what is this option : "one_row" what is it for ?

@anvk

anvk Jul 9, 2014

what is this option : "one_row" what is it for ?

+ * ));
+ */
+ print "Checking boilerplace with id - ".$boilerplate_id;
+ }
+
+ function put($boilerplate_id) {
+ // Make a call to the API function like this
+ // We update an object here, so we need to check if it exists first, which is accomplished by query_id_existence
+ // No need to specify one_row because we perform an update operation here
+ // Uncomment the following for a sample call (make sure you set the variables first)
+ /* api_backbone(array(
+ * "request_type" => HTTP_PUT,
+ * "access_level" => ADMIN_ACCESS_LEVEL,
+ * "query_id_existence" => $query_id_existence,
+ * "query_id_existence_array" => $query_id_existence_array,
+ * "query" => $query,
+ * "query_array" => $array
+ * ));
+ */
+ print "Updating boilerplace object with id - ".$boilerplate_id;
+ }
+
+ function delete($boilerplate_id) {
+ // Make a call to the API function like this
+ // We delete an object here, so we need to check if it exists first, which is accomplished by query_id_existence
+ // Uncomment the following for a sample call (make sure you set the variables first)
+ /* api_backbone(array(
+ * "request_type" => HTTP_DELETE,
+ * "access_level" => ADMIN_ACCESS_LEVEL,
+ * "query_id_existence" => $query_id_existence,
+ * "query_id_existence_array" => $query_id_existence_array,
+ * "query" => $query,
+ * "query_array" => $array
+ * ));
+ */
+
+ // There are chances where you might want to execute something after the API call
+ // For example, after you delete a course, you want to clear the enrollment tables
+ // For this you need to manually use queryDB after you complete the call to api_backbone
+
+ // queryDB($second_query, $second_query_array);
+
+ print "Deleting boilerplace with id - ".$boilerplate_id;
+ }
+}
+
+?>
@@ -0,0 +1,17 @@
+<?php
+
+if (!defined('AT_INCLUDE_PATH')) {
+ exit;
+}
+
+// The prefix common to all URLs in this boilerplate example app
+$boilerplate_url_prefix = "/boilerplate";
+
+$boilerplate_base_urls = array(
+ "/" => "BoilerplateClass",
+ "/:number" => "BoilerplateClassWithUrlParameter"
+);
+
+$boilerplate_urls = generate_urls($boilerplate_base_urls, $boilerplate_url_prefix);
+
+?>
View
@@ -0,0 +1,234 @@
+<?php
+
+if (!defined('AT_INCLUDE_PATH')) {
+ exit;

This comment has been minimized.

@anvk

anvk May 25, 2014

why do you use exit instead of return ?

@anvk

anvk May 25, 2014

why do you use exit instead of return ?

This comment has been minimized.

@sdaityari

sdaityari May 25, 2014

Owner

So that if someone opens that in a browser, it doesn't open. I have noticed the same block of code in many other ATutor files.

@sdaityari

sdaityari May 25, 2014

Owner

So that if someone opens that in a browser, it doesn't open. I have noticed the same block of code in many other ATutor files.

This comment has been minimized.

+}
+
+/*
+ * Support for PHP < 5.4
+ * More info - http://stackoverflow.com/questions/3258634/php-how-to-send-http-response-code
+ */
+
+if (!function_exists('http_response_code'))
+{
+ function http_response_code($newcode = NULL)
+ {
+ static $code = 200;
+ if($newcode != NULL)
+ {
+ header('X-PHP-Response-Code: '.$newcode, true, $newcode);
+ if(!headers_sent())
+ $code = $newcode;
+ }
+ return $code;
+ }
+}
+
+function api_module_status() {
+ // To check if the module is activated/activated
+ $enabled = queryDB("SELECT
+ *
+ FROM
+ %smodules
+ WHERE
+ dir_name = '%s'
+ AND
+ status = %d",
+ array(TABLE_PREFIX,
+ "_standard/api",
+ 2));
+
+ return count($enabled)?true:false;
+}
+
+function generate_urls($old_array, $prefix) {
+ // Add prefix to all indices of old array
+ $new_array = array();
+ foreach($old_array as $key => $value) {
+ $new_array[$prefix.$key] = $value;
+ }
+ return $new_array;
+}
+
+function check_token($token, $minimum_access_level){
+ $check = queryDB("SELECT
+ access_level
+ , member_id
+ FROM
+ %sapi
+ WHERE
+ token = '%s'
+ AND
+ expiry > CURRENT_TIMESTAMP",
+ array(TABLE_PREFIX,
+ $token), true);
+
+ if (!$check) {
+ http_response_code(401);
+ print_message(ERROR, TOKEN_DOES_NOT_EXIST);
+ exit;
+ } else if ($check["access_level"] > $minimum_access_level) {
+ http_response_code(401);
+ print_message(ERROR, YOU_ARE_NOT_AUTHORIZED_TO_ACCESS_THIS_RESOURCE);
+ exit;
+ }
+
+ $query = "UPDATE
+ %sapi
+ SET
+ modified = CURRENT_TIMESTAMP
+ , expiry = NOW() + INTERVAL %d DAY
+ WHERE
+ token = '%s'";
+
+ $query_array = array(TABLE_PREFIX,
+ TOKEN_EXPIRY,
+ $token);
+
+ if (DEBUG) {
+ print vsprintf($query, $query_array);
+ print "\n\n";
+ }
+
+ // Update modified timestamp
+ queryDB($query, $query_array);
+
+ return $check["member_id"];
+}
+
+function check_access_level($token, $access_level = ADMIN_ACCESS_LEVEL) {
+ $check = queryDB("SELECT
+ COUNT(*)
+ FROM
+ %sapi
+ WHERE
+ token = '%s'
+ AND
+ access_level <= %d",
+ array(TABLE_PREFIX,
+ $token,
+ $access_level), true);
+
+ return $check > 0 ? true : false;
+}
+
+function get_access_token($headers, $minimum_access_level = ADMIN_ACCESS_LEVEL,
+ $return_member_id = false) {
+
+ /**
+ * $headers - assoc array of headers
+ * $minimum_access_level - the user with the lowest permissions that can access this
+ * $return_member_id - whether to return a tuple or token and member_id
+ */
+
+ $token = addslashes($headers[TOKEN_NAME]);
+ $member_id = check_token($token, $minimum_access_level);
+
+ if ($member_id && $return_member_id){
+ return array($token, $member_id);
+ } else if ($member_id) {
+ return $token;
+ } else {
+ return false;
+ }
+}
+
+function print_message($type, $message, $log = array(), $http_method = HTTP_GET) {
+ if (!$log) {
+ $log = generate_basic_log($_SERVER);
+ $headers = getallheaders();
+ $log["token"] = $headers[TOKEN_NAME];
+ }
+ $key = $type == ERROR ? "errorMessage" : "successMessage";
+ $response = json_encode(array(
+ $key => $message
+ ));
+ $log["response"] = $response;
+ log_request($log, $http_method, $type == ERROR);
+ echo $response;
+ exit;
+}
+
+function generate_basic_log($request) {
+ $log = array();
+ $log["ip_address"] = $request["REMOTE_ADDR"];
+ $log["request_uri"] = $request["REQUEST_URI"];
+ $log["http_method"] = $request["REQUEST_METHOD"];
+ $log["user_agent"] = $request["HTTP_USER_AGENT"];
+ return $log;
+}
+
+function log_request($log = array(), $http_method = HTTP_GET, $error = false) {
+ if ((LOGGING_LEVEL == NO_LOGGING) ||
+ ($http_method == HTTP_GET && LOGGING_LEVEL == LOGGING_EXCEPT_GET && !$error)) {
+ return;
+ }
+
+ $query = "INSERT INTO %sapi_logs(
+ ip_address
+ , user_agent
+ , request_uri
+ , http_method
+ , token
+ , response)
+ VALUES(
+ '%s'
+ , '%s'
+ , '%s'
+ , '%s'
+ , '%s'
+ , '%s')";
+
+ $query_array = array(TABLE_PREFIX,
+ $log["ip_address"],
+ $log["user_agent"],
+ $log["request_uri"],
+ $log["http_method"],
+ $log["token"],
+ $log["response"]
+ );
+
+ if (DEBUG) {
+ print vsprintf($query, $query_array);
+ print "\n\n";
+ }
+
+ queryDB($query, $query_array);
+
+
+}
+
+function return_created_id($id, $log) {
+ $response = json_encode(array(
+ "successMessage" => ACTION_COMPLETED_SUCCESSFULLY,
+ "id" => $id
+ ));
+ echo $response;
+}
+
+function create_SQL_clause($terms, $prefix = "WHERE", $sanitize = true) {
+ /*
+ * Function to create SQL clause
+ * $terms is an associative array
+ * The keys of $terms represent the column names as they appear in the SQL
+ * For example, create_SQL_clause(array(
+ * "title" => "My Course",
+ * "language" => "en")) should return
+ * "WHERE c.title = 'My Course' AND c.language = 'en'"
+ */
+ $query = "";
+ $prefix = $prefix ? $prefix . " " : "";
+ foreach ($terms as $key => $value) {
+ if ($value) {
+ if ($query != "")
+ $query = $query."AND ";
+ $query = $sanitize ? $query.$key." = '". addslashes($value) ."' " : $query.$key." = '". $value ."' ";
+ }
+ }
+ if ($query != ""){
+ $query = $prefix . $query;
+ }
+ return $query;
+}
+
+?>
Oops, something went wrong.