invoiceninja/app/Http/Controllers/BaseAPIController.php

<?php

namespace App\Http\Controllers;

use App\Models\EntityModel;
use App\Ninja\Serializers\ArraySerializer;
use Auth;
use Input;
use League\Fractal\Manager;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
use League\Fractal\Resource\Collection;
use League\Fractal\Resource\Item;
use League\Fractal\Serializer\JsonApiSerializer;
use Request;
use Response;
use Utils;

/**
 * @SWG\Swagger(
 *     schemes={"http","https"},
 *     host="ninja.test",
 *     basePath="/api/v1",
 *     produces={"application/json"},
 *     @SWG\Info(
 *         version="1.0.0",
 *         title="Invoice Ninja API",
 *         description="An open-source invoicing and time-tracking app built with Laravel",
 *         termsOfService="",
 *         @SWG\Contact(
 *             email="contact@invoiceninja.com"
 *         ),
 *         @SWG\License(
 *             name="Attribution Assurance License",
 *             url="https://raw.githubusercontent.com/invoiceninja/invoiceninja/master/LICENSE"
 *         )
 *     ),
 *     @SWG\ExternalDocumentation(
 *         description="Find out more about Invoice Ninja",
 *         url="https://www.invoiceninja.com"
 *     ),
 *     security={"api_key": {}},
 *     @SWG\SecurityScheme(
 *         securityDefinition="api_key",
 *         type="apiKey",
 *         in="header",
 *         name="X-Ninja-Token"
 *     )
 * )
 */
class BaseAPIController extends Controller
{
    protected $manager;
    protected $serializer;

    public function __construct()
    {
        $this->manager = new Manager();

        if ($include = Request::get('include')) {
            $this->manager->parseIncludes($include);
        }

        $this->serializer = Request::get('serializer') ?: API_SERIALIZER_ARRAY;

        if ($this->serializer === API_SERIALIZER_JSON) {
            $this->manager->setSerializer(new JsonApiSerializer());
        } else {
            $this->manager->setSerializer(new ArraySerializer());
        }
    }

    protected function handleAction($request)
    {
        $entity = $request->entity();
        $action = $request->action;

        if (! in_array($action, ['archive', 'delete', 'restore', 'mark_sent', 'markSent', 'emailInvoice', 'markPaid'])) {
            return $this->errorResponse("Action [$action] is not supported");
        }

        if ($action == 'mark_sent') {
            $action = 'markSent';
        }

        $repo = Utils::toCamelCase($this->entityType) . 'Repo';

        $this->$repo->$action($entity);

        return $this->itemResponse($entity);
    }

    protected function listResponse($query)
    {
        $transformerClass = EntityModel::getTransformerName($this->entityType);
        $transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));

        $includes = $transformer->getDefaultIncludes();
        $includes = $this->getRequestIncludes($includes);

        $query->with($includes);

        if (Input::get('filter_active')) {
            $query->whereNull('deleted_at');
        }

        if (Input::get('updated_at') > 0) {
                $updatedAt = intval(Input::get('updated_at'));
                $query->where('updated_at', '>=', date('Y-m-d H:i:s', $updatedAt));
        }

        if (Input::get('client_id') > 0) {
                $clientPublicId = Input::get('client_id');
                $filter = function ($query) use ($clientPublicId) {
                $query->where('public_id', '=', $clientPublicId);
             };
             $query->whereHas('client', $filter);
        }

        if (! Utils::hasPermission('admin')) {
            if ($this->entityType == ENTITY_USER) {
                $query->where('id', '=', Auth::user()->id);
            } else {
                $query->where('user_id', '=', Auth::user()->id);
            }
        }

        $data = $this->createCollection($query, $transformer, $this->entityType);

        return $this->response($data);
    }

    protected function itemResponse($item)
    {
        if (! $item) {
            return $this->errorResponse('Record not found', 404);
        }

        $transformerClass = EntityModel::getTransformerName($this->entityType);
        $transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));

        $data = $this->createItem($item, $transformer, $this->entityType);

        return $this->response($data);
    }

    protected function createItem($data, $transformer, $entityType)
    {
        if ($this->serializer && $this->serializer != API_SERIALIZER_JSON) {
            $entityType = null;
        }

        $resource = new Item($data, $transformer, $entityType);

        return $this->manager->createData($resource)->toArray();
    }

    protected function createCollection($query, $transformer, $entityType)
    {
        if ($this->serializer && $this->serializer != API_SERIALIZER_JSON) {
            $entityType = null;
        }

        if (is_a($query, "Illuminate\Database\Eloquent\Builder")) {
            $limit = Input::get('per_page', DEFAULT_API_PAGE_SIZE);
            if (Utils::isNinja()) {
                $limit = min(MAX_API_PAGE_SIZE, $limit);
            }
            $paginator = $query->paginate($limit);
            $query = $paginator->getCollection();
            $resource = new Collection($query, $transformer, $entityType);
            $resource->setPaginator(new IlluminatePaginatorAdapter($paginator));
        } else {
            $resource = new Collection($query, $transformer, $entityType);
        }

        return $this->manager->createData($resource)->toArray();
    }

    protected function response($response)
    {
        $index = Request::get('index') ?: 'data';

        if ($index == 'none') {
            unset($response['meta']);
        } else {
            $meta = isset($response['meta']) ? $response['meta'] : null;
            $response = [
                $index => $response,
            ];

            if ($meta) {
                $response['meta'] = $meta;
                unset($response[$index]['meta']);
            }
        }

        $response = json_encode($response, JSON_PRETTY_PRINT);
        $headers = Utils::getApiHeaders();

        return Response::make($response, 200, $headers);
    }

    protected function errorResponse($response, $httpErrorCode = 400)
    {
        $error['error'] = $response;
        $error = json_encode($error, JSON_PRETTY_PRINT);
        $headers = Utils::getApiHeaders();

        return Response::make($error, $httpErrorCode, $headers);
    }

    protected function getRequestIncludes($data)
    {
        $included = Request::get('include');
        $included = explode(',', $included);

        foreach ($included as $include) {
            if ($include == 'invoices') {
                $data[] = 'invoices.invoice_items';
                $data[] = 'invoices.client.contacts';
            } elseif ($include == 'invoice') {
                $data[] = 'invoice.invoice_items';
                $data[] = 'invoice.client.contacts';
            } elseif ($include == 'client') {
                $data[] = 'client.contacts';
            } elseif ($include == 'clients') {
                $data[] = 'clients.contacts';
            } elseif ($include == 'vendors') {
                $data[] = 'vendors.vendor_contacts';
            } elseif ($include == 'documents' && $this->entityType == ENTITY_INVOICE) {
                $data[] = 'documents.expense';
            } elseif ($include) {
                $data[] = $include;
            }
        }

        return $data;
    }

    protected function fileReponse($name, $data)
    {
        header('Content-Type: application/pdf');
        header('Content-Length: ' . strlen($data));
        header('Content-disposition: attachment; filename="' . $name . '"');
        header('Cache-Control: public, must-revalidate, max-age=0');
        header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

        return $data;
    }
}
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`<?php`
Working on the API 2015-11-03 20:03:24 +01:00
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`namespace App\Http\Controllers;`

			`use App\Models\EntityModel;`
			`use App\Ninja\Serializers\ArraySerializer;`
Refactored API index methods 2016-05-01 22:55:13 +02:00			`use Auth;`
			`use Input;`
Working on the API 2015-11-03 20:03:24 +01:00			`use League\Fractal\Manager;`
Working on the API 2015-11-27 13:55:28 +01:00			`use League\Fractal\Pagination\IlluminatePaginatorAdapter;`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`use League\Fractal\Resource\Collection;`
			`use League\Fractal\Resource\Item;`
Working on the API 2015-11-27 13:55:28 +01:00			`use League\Fractal\Serializer\JsonApiSerializer;`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`use Request;`
			`use Response;`
			`use Utils;`
Working on the API 2015-11-03 20:03:24 +01:00
Added Swagger 2015-11-08 21:34:26 +01:00			`/**`
			`* @SWG\Swagger(`
			`* schemes={"http","https"},`
Change from .dev to .test 2017-12-31 10:08:46 +01:00			`* host="ninja.test",`
Added Swagger 2015-11-08 21:34:26 +01:00			`* basePath="/api/v1",`
Fix swagger's operationId for all API endpoints 2017-03-09 17:22:37 +01:00			`* produces={"application/json"},`
Added Swagger 2015-11-08 21:34:26 +01:00			`* @SWG\Info(`
			`* version="1.0.0",`
			`* title="Invoice Ninja API",`
			`* description="An open-source invoicing and time-tracking app built with Laravel",`
			`* termsOfService="",`
			`* @SWG\Contact(`
			`* email="contact@invoiceninja.com"`
			`* ),`
			`* @SWG\License(`
			`* name="Attribution Assurance License",`
			`* url="https://raw.githubusercontent.com/invoiceninja/invoiceninja/master/LICENSE"`
			`* )`
			`* ),`
			`* @SWG\ExternalDocumentation(`
			`* description="Find out more about Invoice Ninja",`
			`* url="https://www.invoiceninja.com"`
			`* ),`
Fix header name for API token 2017-03-17 10:28:46 +01:00			`* security={"api_key": {}},`
Added Swagger 2015-11-08 21:34:26 +01:00			`* @SWG\SecurityScheme(`
			`* securityDefinition="api_key",`
			`* type="apiKey",`
			`* in="header",`
Fix header name for API token 2017-03-17 10:28:46 +01:00			`* name="X-Ninja-Token"`
Added Swagger 2015-11-08 21:34:26 +01:00			`* )`
			`* )`
			`*/`
Working on the API 2015-11-03 20:03:24 +01:00			`class BaseAPIController extends Controller`
			`{`
			`protected $manager;`
Working on the API 2015-11-27 13:55:28 +01:00			`protected $serializer;`
Working on the API 2015-11-03 20:03:24 +01:00
			`public function __construct()`
			`{`
			`$this->manager = new Manager();`
Working on the API 2015-11-27 13:55:28 +01:00
			`if ($include = Request::get('include')) {`
			`$this->manager->parseIncludes($include);`
			`}`

			`$this->serializer = Request::get('serializer') ?: API_SERIALIZER_ARRAY;`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on the API 2015-11-27 13:55:28 +01:00			`if ($this->serializer === API_SERIALIZER_JSON) {`
			`$this->manager->setSerializer(new JsonApiSerializer());`
			`} else {`
			`$this->manager->setSerializer(new ArraySerializer());`
			`}`
Working on the API 2015-11-03 20:03:24 +01:00			`}`

Working on permissions in the API 2016-05-02 10:38:01 +02:00			`protected function handleAction($request)`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00			`{`
Working on permissions in the API 2016-05-02 10:38:01 +02:00			`$entity = $request->entity();`
			`$action = $request->action;`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Changes for mobile app 2018-07-07 21:13:02 +02:00			`if (! in_array($action, ['archive', 'delete', 'restore', 'mark_sent', 'markSent', 'emailInvoice', 'markPaid'])) {`
Add credit support to the API 2017-05-30 12:56:51 +02:00			`return $this->errorResponse("Action [$action] is not supported");`
Add 'action' to API docs 2017-05-22 11:16:27 +02:00			`}`

Add mark_sent to the API 2017-10-01 20:25:59 +02:00			`if ($action == 'mark_sent') {`
			`$action = 'markSent';`
			`}`

Working on permissions in the API 2016-05-02 10:38:01 +02:00			`$repo = Utils::toCamelCase($this->entityType) . 'Repo';`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on permissions in the API 2016-05-02 10:38:01 +02:00			`$this->$repo->$action($entity);`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on permissions in the API 2016-05-02 10:38:01 +02:00			`return $this->itemResponse($entity);`
			`}`

			`protected function listResponse($query)`
Refactored API index methods 2016-05-01 22:55:13 +02:00			`{`
API optimizations 2016-05-03 10:39:10 +02:00			`$transformerClass = EntityModel::getTransformerName($this->entityType);`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00			`$transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));`
API optimizations 2016-05-03 10:39:10 +02:00
Added support for filtering API lists by updated_at 2016-05-04 22:49:20 +02:00			`$includes = $transformer->getDefaultIncludes();`
			`$includes = $this->getRequestIncludes($includes);`

Added support for filtering API lists by updated_at 2016-05-04 23:26:39 +02:00			`$query->with($includes);`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Support filtering API to active 2018-06-17 12:01:43 +02:00			`if (Input::get('filter_active')) {`
			`$query->whereNull('deleted_at');`
			`}`

Update BaseAPIController.php Refactor If blocks. 2018-01-31 03:16:30 +01:00			`if (Input::get('updated_at') > 0) {`
			`$updatedAt = intval(Input::get('updated_at'));`
			`$query->where('updated_at', '>=', date('Y-m-d H:i:s', $updatedAt));`
Added support for filtering API lists by updated_at 2016-05-04 23:26:39 +02:00			`}`
Eager load API data 2018-02-26 11:04:25 +01:00
Update BaseAPIController.php Refactor If blocks. 2018-01-31 03:16:30 +01:00			`if (Input::get('client_id') > 0) {`
			`$clientPublicId = Input::get('client_id');`
			`$filter = function ($query) use ($clientPublicId) {`
Refactored API index methods 2016-05-01 22:55:13 +02:00			`$query->where('public_id', '=', $clientPublicId);`
Update BaseAPIController.php Refactor If blocks. 2018-01-31 03:16:30 +01:00			`};`
			`$query->whereHas('client', $filter);`
Refactored API index methods 2016-05-01 22:55:13 +02:00			`}`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
This PR implements Create/View/Edit permissions based on ENTITY TYPE (ie invoice/expense/client). (#2150) * migration for new permissions schema * update permissions across data tables * refactor migrations to prevent duplicate attribute * update permissions in views * Product Permissions * permissions via controllers * Refactor to use Laravel authorization gate * Doc Blocks for EntityPolicy * check permissions conditional on create new client * Bug Fixes * Data table permissions * working on UI * settings UI/UX finalised * Datatable permissions * remove legacy permissions * permission fix for viewing client * remove all instances of viewByOwner * refactor after PR * Bug fix for Functional test and implementation of Functional tests for Permissions * fix for tests 2018-06-07 12:08:34 +02:00			`if (! Utils::hasPermission('admin')) {`
Adding permissions to the API 2016-05-02 08:33:48 +02:00			`if ($this->entityType == ENTITY_USER) {`
			`$query->where('id', '=', Auth::user()->id);`
			`} else {`
			`$query->where('user_id', '=', Auth::user()->id);`
			`}`
			`}`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Refactored API index methods 2016-05-01 22:55:13 +02:00			`$data = $this->createCollection($query, $transformer, $this->entityType);`

			`return $this->response($data);`
			`}`

Working on permissions in the API 2016-05-02 10:38:01 +02:00			`protected function itemResponse($item)`
			`{`
Clean up error logs from API 2017-07-12 22:56:31 +02:00			`if (! $item) {`
			`return $this->errorResponse('Record not found', 404);`
			`}`

Working on permissions in the API 2016-05-02 10:38:01 +02:00			`$transformerClass = EntityModel::getTransformerName($this->entityType);`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00			`$transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));`
Working on permissions in the API 2016-05-02 10:38:01 +02:00
			`$data = $this->createItem($item, $transformer, $this->entityType);`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on permissions in the API 2016-05-02 10:38:01 +02:00			`return $this->response($data);`
			`}`

Working on the API 2015-11-27 13:55:28 +01:00			`protected function createItem($data, $transformer, $entityType)`
Working on the API 2015-11-03 20:03:24 +01:00			`{`
Working on the API 2015-11-27 13:55:28 +01:00			`if ($this->serializer && $this->serializer != API_SERIALIZER_JSON) {`
			`$entityType = null;`
			`}`

			`$resource = new Item($data, $transformer, $entityType);`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00
Working on the API 2015-11-08 10:43:32 +01:00			`return $this->manager->createData($resource)->toArray();`
			`}`
Working on the API 2015-11-05 09:44:48 +01:00
Refactored API index methods 2016-05-01 22:55:13 +02:00			`protected function createCollection($query, $transformer, $entityType)`
Working on the API 2015-11-08 10:43:32 +01:00			`{`
Working on the API 2015-11-27 13:55:28 +01:00			`if ($this->serializer && $this->serializer != API_SERIALIZER_JSON) {`
			`$entityType = null;`
			`}`

Adding permissions to the API 2016-05-02 08:33:48 +02:00			`if (is_a($query, "Illuminate\Database\Eloquent\Builder")) {`
Remove per page API limit for self hosters 2017-12-31 19:57:22 +01:00			`$limit = Input::get('per_page', DEFAULT_API_PAGE_SIZE);`
			`if (Utils::isNinja()) {`
			`$limit = min(MAX_API_PAGE_SIZE, $limit);`
			`}`
Fix for API pagination 2016-07-17 12:31:31 +02:00			`$paginator = $query->paginate($limit);`
			`$query = $paginator->getCollection();`
			`$resource = new Collection($query, $transformer, $entityType);`
			`$resource->setPaginator(new IlluminatePaginatorAdapter($paginator));`
Adding permissions to the API 2016-05-02 08:33:48 +02:00			`} else {`
			`$resource = new Collection($query, $transformer, $entityType);`
Working on the API 2015-11-27 13:55:28 +01:00			`}`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on the API 2015-11-08 10:43:32 +01:00			`return $this->manager->createData($resource)->toArray();`
			`}`

			`protected function response($response)`
			`{`
Working on the API 2015-11-27 13:55:28 +01:00			`$index = Request::get('index') ?: 'data';`
Zapier improvements 2016-02-16 16:30:09 +01:00
			`if ($index == 'none') {`
			`unset($response['meta']);`
			`} else {`
			`$meta = isset($response['meta']) ? $response['meta'] : null;`
			`$response = [`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`$index => $response,`
Zapier improvements 2016-02-16 16:30:09 +01:00			`];`

			`if ($meta) {`
			`$response['meta'] = $meta;`
			`unset($response[$index]['meta']);`
			`}`
Working on the API 2015-11-27 13:55:28 +01:00			`}`

Working on the API 2015-11-03 20:03:24 +01:00			`$response = json_encode($response, JSON_PRETTY_PRINT);`
			`$headers = Utils::getApiHeaders();`

			`return Response::make($response, 200, $headers);`
			`}`

php-cs-fixer clean up 2017-01-30 17:05:31 +01:00			`protected function errorResponse($response, $httpErrorCode = 400)`
update account from API 2016-02-01 04:42:05 +01:00			`{`
			`$error['error'] = $response;`
			`$error = json_encode($error, JSON_PRETTY_PRINT);`
			`$headers = Utils::getApiHeaders();`

Error handling for API 2016-02-15 11:24:06 +01:00			`return Response::make($error, $httpErrorCode, $headers);`
update account from API 2016-02-01 04:42:05 +01:00			`}`

API optimizations 2016-05-03 10:39:10 +02:00			`protected function getRequestIncludes($data)`
Working on the API 2015-11-27 13:55:28 +01:00			`{`
			`$included = Request::get('include');`
			`$included = explode(',', $included);`

			`foreach ($included as $include) {`
			`if ($include == 'invoices') {`
			`$data[] = 'invoices.invoice_items';`
Eager load API data 2018-02-26 11:04:25 +01:00			`$data[] = 'invoices.client.contacts';`
			`} elseif ($include == 'invoice') {`
			`$data[] = 'invoice.invoice_items';`
			`$data[] = 'invoice.client.contacts';`
Add user permissions to API delete 2016-05-03 10:53:00 +02:00			`} elseif ($include == 'client') {`
			`$data[] = 'client.contacts';`
Working on the API 2015-11-27 13:55:28 +01:00			`} elseif ($include == 'clients') {`
			`$data[] = 'clients.contacts';`
Vendor management 2016-01-06 15:23:58 +01:00			`} elseif ($include == 'vendors') {`
Changed vendorcontacts to vendor_contacts 2016-05-04 14:16:49 +02:00			`$data[] = 'vendors.vendor_contacts';`
API optimizations 2017-07-04 11:04:21 +02:00			`} elseif ($include == 'documents' && $this->entityType == ENTITY_INVOICE) {`
			`$data[] = 'documents.expense';`
API optimizations 2016-05-03 22:02:29 +02:00			`} elseif ($include) {`
Working on the API 2015-11-27 13:55:28 +01:00			`$data[] = $include;`
			`}`
			`}`
Support query counter in webapp as well as API 2016-05-13 11:08:41 +02:00
Working on the API 2015-11-27 13:55:28 +01:00			`return $data;`
			`}`
API changes for Zapier 2016-06-23 11:38:06 +02:00
			`protected function fileReponse($name, $data)`
			`{`
			`header('Content-Type: application/pdf');`
			`header('Content-Length: ' . strlen($data));`
			`header('Content-disposition: attachment; filename="' . $name . '"');`
			`header('Cache-Control: public, must-revalidate, max-age=0');`
			`header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');`

			`return $data;`
			`}`
Working on the API 2015-11-03 20:03:24 +01:00			`}`