summaryrefslogtreecommitdiffstats
path: root/application/service/user.php
blob: 1d678106a7616f0515c765272d9ee5a7619b2150 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/*
 * Copyright 2014 Florian "Bluewind" Pritz <bluewind@server-speed.net>
 *
 * Licensed under AGPLv3
 * (see COPYING for full license text)
 *
 */

namespace service;

class user {

	/**
	 * Create a new api key.
	 *
	 * Refer to Muser->get_access_levels() for a list of valid access levels.
	 *
	 * @param userid ID of the user
	 * @param comment free text comment describing the api key/it's usage/allowing to identify the key
	 * @param access_level access level of the key
	 * @return the new key
	 */
	static public function create_apikey($userid, $comment, $access_level)
	{
		$CI =& get_instance();

		$valid_levels = $CI->muser->get_access_levels();
		if (array_search($access_level, $valid_levels) === false) {
			throw new \exceptions\UserInputException("user/validation/access_level/invalid", "Invalid access levels requested.");
		}

		if (strlen($comment) > 255) {
			throw new \exceptions\UserInputException("user/validation/comment/too-long", "Comment may only be 255 chars long.");
		}

		$key = random_alphanum(32);

		$CI->db->set(array(
				'key'          => $key,
				'user'         => $userid,
				'comment'      => $comment,
				'access_level' => $access_level
			))
			->insert('apikeys');

		return $key;
	}

	/**
	 * Get apikeys for a user
	 * @param userid ID of the user
	 * @return array with the key data
	 */
	static public function apikeys($userid)
	{
		$CI =& get_instance();
		$ret = array();

		$query = $CI->db->select('key, created, comment, access_level')
			->from('apikeys')
			->where('user', $userid)
			->order_by('created', 'desc')
			->get()->result_array();

		// Convert timestamp to unix timestamp
		// TODO: migrate database to integer timestamp and get rid of this
		foreach ($query as &$record) {
			if (!empty($record['created'])) {
				$record['created'] = strtotime($record['created']);
			}
			$ret[$record["key"]] = $record;
		}
		unset($record);

		return array(
			"apikeys" => $ret,
		);
	}

	/**
	 * Create an invitation key for a user
	 * @param userid id of the user
	 * @return key the created invitation key
	 */
	static public function create_invitation_key($userid) {
		$CI =& get_instance();

		$invitations = $CI->db->select('user')
			->from('actions')
			->where('user', $userid)
			->where('action', 'invitation')
			->count_all_results();

		if ($invitations + 1 > $CI->config->item('max_invitation_keys')) {
			throw new \exceptions\InsufficientPermissionsException("user/invitation-limit", "You can't create more invitation keys at this time.");
		}

		$key = random_alphanum(12, 16);

		$CI->db->set(array(
				'key'    => $key,
				'user'   => $userid,
				'date'   => time(),
				'action' => 'invitation'
			))
			->insert('actions');

		return $key;
	}

	/**
	 * Remove an invitation key belonging to a user
	 * @param userid id of the user
	 * @param key key to remove
	 * @return number of removed keys
	 */
	static public function delete_invitation_key($userid, $key) {
		$CI =& get_instance();

		$CI->db
			->where('key', $key)
			->where('user', $userid)
			->delete('actions');

		return $CI->db->affected_rows();
	}
}