| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 18 /** 19 * Support for external API 20 * 21 * @package core_webservice 22 * @copyright 2009 Petr Skodak 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26 defined('MOODLE_INTERNAL') || die(); 27 28 /** 29 * Exception indicating user is not allowed to use external function in the current context. 30 * 31 * @package core_webservice 32 * @copyright 2009 Petr Skodak 33 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 34 * @since Moodle 2.0 35 */ 36 class restricted_context_exception extends moodle_exception { 37 /** 38 * Constructor 39 * 40 * @since Moodle 2.0 41 */ 42 function __construct() { 43 parent::__construct('restrictedcontextexception', 'error'); 44 } 45 } 46 47 /** 48 * Base class for external api methods. 49 * 50 * @package core_webservice 51 * @copyright 2009 Petr Skodak 52 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 53 * @since Moodle 2.0 54 */ 55 class external_api { 56 57 /** @var stdClass context where the function calls will be restricted */ 58 private static $contextrestriction; 59 60 /** 61 * Returns detailed function information 62 * 63 * @param string|object $function name of external function or record from external_function 64 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found; 65 * MUST_EXIST means throw exception if no record or multiple records found 66 * @return stdClass description or false if not found or exception thrown 67 * @since Moodle 2.0 68 */ 69 public static function external_function_info($function, $strictness=MUST_EXIST) { 70 global $DB, $CFG; 71 72 if (!is_object($function)) { 73 if (!$function = $DB->get_record('external_functions', array('name' => $function), '*', $strictness)) { 74 return false; 75 } 76 } 77 78 // First try class autoloading. 79 if (!class_exists($function->classname)) { 80 // Fallback to explicit include of externallib.php. 81 if (empty($function->classpath)) { 82 $function->classpath = core_component::get_component_directory($function->component).'/externallib.php'; 83 } else { 84 $function->classpath = $CFG->dirroot.'/'.$function->classpath; 85 } 86 if (!file_exists($function->classpath)) { 87 throw new coding_exception('Cannot find file with external function implementation'); 88 } 89 require_once($function->classpath); 90 if (!class_exists($function->classname)) { 91 throw new coding_exception('Cannot find external class'); 92 } 93 } 94 95 $function->ajax_method = $function->methodname.'_is_allowed_from_ajax'; 96 $function->parameters_method = $function->methodname.'_parameters'; 97 $function->returns_method = $function->methodname.'_returns'; 98 $function->deprecated_method = $function->methodname.'_is_deprecated'; 99 100 // Make sure the implementaion class is ok. 101 if (!method_exists($function->classname, $function->methodname)) { 102 throw new coding_exception('Missing implementation method of '.$function->classname.'::'.$function->methodname); 103 } 104 if (!method_exists($function->classname, $function->parameters_method)) { 105 throw new coding_exception('Missing parameters description'); 106 } 107 if (!method_exists($function->classname, $function->returns_method)) { 108 throw new coding_exception('Missing returned values description'); 109 } 110 if (method_exists($function->classname, $function->deprecated_method)) { 111 if (call_user_func(array($function->classname, $function->deprecated_method)) === true) { 112 $function->deprecated = true; 113 } 114 } 115 $function->allowed_from_ajax = false; 116 117 // Fetch the parameters description. 118 $function->parameters_desc = call_user_func(array($function->classname, $function->parameters_method)); 119 if (!($function->parameters_desc instanceof external_function_parameters)) { 120 throw new coding_exception('Invalid parameters description'); 121 } 122 123 // Fetch the return values description. 124 $function->returns_desc = call_user_func(array($function->classname, $function->returns_method)); 125 // Null means void result or result is ignored. 126 if (!is_null($function->returns_desc) and !($function->returns_desc instanceof external_description)) { 127 throw new coding_exception('Invalid return description'); 128 } 129 130 // Now get the function description. 131 132 // TODO MDL-31115 use localised lang pack descriptions, it would be nice to have 133 // easy to understand descriptions in admin UI, 134 // on the other hand this is still a bit in a flux and we need to find some new naming 135 // conventions for these descriptions in lang packs. 136 $function->description = null; 137 $servicesfile = core_component::get_component_directory($function->component).'/db/services.php'; 138 if (file_exists($servicesfile)) { 139 $functions = null; 140 include($servicesfile); 141 if (isset($functions[$function->name]['description'])) { 142 $function->description = $functions[$function->name]['description']; 143 } 144 if (isset($functions[$function->name]['testclientpath'])) { 145 $function->testclientpath = $functions[$function->name]['testclientpath']; 146 } 147 if (isset($functions[$function->name]['type'])) { 148 $function->type = $functions[$function->name]['type']; 149 } 150 if (isset($functions[$function->name]['ajax'])) { 151 $function->allowed_from_ajax = $functions[$function->name]['ajax']; 152 } else if (method_exists($function->classname, $function->ajax_method)) { 153 if (call_user_func(array($function->classname, $function->ajax_method)) === true) { 154 debugging('External function ' . $function->ajax_method . '() function is deprecated.' . 155 'Set ajax=>true in db/service.php instead.', DEBUG_DEVELOPER); 156 $function->allowed_from_ajax = true; 157 } 158 } 159 if (isset($functions[$function->name]['loginrequired'])) { 160 $function->loginrequired = $functions[$function->name]['loginrequired']; 161 } else { 162 $function->loginrequired = true; 163 } 164 } 165 166 return $function; 167 } 168 169 /** 170 * Call an external function validating all params/returns correctly. 171 * 172 * Note that an external function may modify the state of the current page, so this wrapper 173 * saves and restores tha PAGE and COURSE global variables before/after calling the external function. 174 * 175 * @param string $function A webservice function name. 176 * @param array $args Params array (named params) 177 * @param boolean $ajaxonly If true, an extra check will be peformed to see if ajax is required. 178 * @return array containing keys for error (bool), exception and data. 179 */ 180 public static function call_external_function($function, $args, $ajaxonly=false) { 181 global $PAGE, $COURSE, $CFG, $SITE; 182 183 require_once($CFG->libdir . "/pagelib.php"); 184 185 $externalfunctioninfo = self::external_function_info($function); 186 187 $currentpage = $PAGE; 188 $currentcourse = $COURSE; 189 $response = array(); 190 191 try { 192 // Taken straight from from setup.php. 193 if (!empty($CFG->moodlepageclass)) { 194 if (!empty($CFG->moodlepageclassfile)) { 195 require_once($CFG->moodlepageclassfile); 196 } 197 $classname = $CFG->moodlepageclass; 198 } else { 199 $classname = 'moodle_page'; 200 } 201 $PAGE = new $classname(); 202 $COURSE = clone($SITE); 203 204 if ($ajaxonly && !$externalfunctioninfo->allowed_from_ajax) { 205 throw new moodle_exception('servicenotavailable', 'webservice'); 206 } 207 208 // Do not allow access to write or delete webservices as a public user. 209 if ($externalfunctioninfo->loginrequired) { 210 if (defined('NO_MOODLE_COOKIES') && NO_MOODLE_COOKIES && !PHPUNIT_TEST) { 211 throw new moodle_exception('servicenotavailable', 'webservice'); 212 } 213 if (!isloggedin()) { 214 throw new moodle_exception('servicenotavailable', 'webservice'); 215 } else { 216 require_sesskey(); 217 } 218 } 219 220 // Validate params, this also sorts the params properly, we need the correct order in the next part. 221 $callable = array($externalfunctioninfo->classname, 'validate_parameters'); 222 $params = call_user_func($callable, 223 $externalfunctioninfo->parameters_desc, 224 $args); 225 226 // Execute - gulp! 227 $callable = array($externalfunctioninfo->classname, $externalfunctioninfo->methodname); 228 $result = call_user_func_array($callable, 229 array_values($params)); 230 231 // Validate the return parameters. 232 if ($externalfunctioninfo->returns_desc !== null) { 233 $callable = array($externalfunctioninfo->classname, 'clean_returnvalue'); 234 $result = call_user_func($callable, $externalfunctioninfo->returns_desc, $result); 235 } 236 237 $response['error'] = false; 238 $response['data'] = $result; 239 } catch (Exception $e) { 240 $exception = get_exception_info($e); 241 unset($exception->a); 242 if (!debugging('', DEBUG_DEVELOPER)) { 243 unset($exception->debuginfo); 244 unset($exception->backtrace); 245 } 246 $response['error'] = true; 247 $response['exception'] = $exception; 248 // Do not process the remaining requests. 249 } 250 251 $PAGE = $currentpage; 252 $COURSE = $currentcourse; 253 254 return $response; 255 } 256 257 /** 258 * Set context restriction for all following subsequent function calls. 259 * 260 * @param stdClass $context the context restriction 261 * @since Moodle 2.0 262 */ 263 public static function set_context_restriction($context) { 264 self::$contextrestriction = $context; 265 } 266 267 /** 268 * This method has to be called before every operation 269 * that takes a longer time to finish! 270 * 271 * @param int $seconds max expected time the next operation needs 272 * @since Moodle 2.0 273 */ 274 public static function set_timeout($seconds=360) { 275 $seconds = ($seconds < 300) ? 300 : $seconds; 276 core_php_time_limit::raise($seconds); 277 } 278 279 /** 280 * Validates submitted function parameters, if anything is incorrect 281 * invalid_parameter_exception is thrown. 282 * This is a simple recursive method which is intended to be called from 283 * each implementation method of external API. 284 * 285 * @param external_description $description description of parameters 286 * @param mixed $params the actual parameters 287 * @return mixed params with added defaults for optional items, invalid_parameters_exception thrown if any problem found 288 * @since Moodle 2.0 289 */ 290 public static function validate_parameters(external_description $description, $params) { 291 if ($description instanceof external_value) { 292 if (is_array($params) or is_object($params)) { 293 throw new invalid_parameter_exception('Scalar type expected, array or object received.'); 294 } 295 296 if ($description->type == PARAM_BOOL) { 297 // special case for PARAM_BOOL - we want true/false instead of the usual 1/0 - we can not be too strict here ;-) 298 if (is_bool($params) or $params === 0 or $params === 1 or $params === '0' or $params === '1') { 299 return (bool)$params; 300 } 301 } 302 $debuginfo = 'Invalid external api parameter: the value is "' . $params . 303 '", the server was expecting "' . $description->type . '" type'; 304 return validate_param($params, $description->type, $description->allownull, $debuginfo); 305 306 } else if ($description instanceof external_single_structure) { 307 if (!is_array($params)) { 308 throw new invalid_parameter_exception('Only arrays accepted. The bad value is: \'' 309 . print_r($params, true) . '\''); 310 } 311 $result = array(); 312 foreach ($description->keys as $key=>$subdesc) { 313 if (!array_key_exists($key, $params)) { 314 if ($subdesc->required == VALUE_REQUIRED) { 315 throw new invalid_parameter_exception('Missing required key in single structure: '. $key); 316 } 317 if ($subdesc->required == VALUE_DEFAULT) { 318 try { 319 $result[$key] = self::validate_parameters($subdesc, $subdesc->default); 320 } catch (invalid_parameter_exception $e) { 321 //we are only interested by exceptions returned by validate_param() and validate_parameters() 322 //(in order to build the path to the faulty attribut) 323 throw new invalid_parameter_exception($key." => ".$e->getMessage() . ': ' .$e->debuginfo); 324 } 325 } 326 } else { 327 try { 328 $result[$key] = self::validate_parameters($subdesc, $params[$key]); 329 } catch (invalid_parameter_exception $e) { 330 //we are only interested by exceptions returned by validate_param() and validate_parameters() 331 //(in order to build the path to the faulty attribut) 332 throw new invalid_parameter_exception($key." => ".$e->getMessage() . ': ' .$e->debuginfo); 333 } 334 } 335 unset($params[$key]); 336 } 337 if (!empty($params)) { 338 throw new invalid_parameter_exception('Unexpected keys (' . implode(', ', array_keys($params)) . ') detected in parameter array.'); 339 } 340 return $result; 341 342 } else if ($description instanceof external_multiple_structure) { 343 if (!is_array($params)) { 344 throw new invalid_parameter_exception('Only arrays accepted. The bad value is: \'' 345 . print_r($params, true) . '\''); 346 } 347 $result = array(); 348 foreach ($params as $param) { 349 $result[] = self::validate_parameters($description->content, $param); 350 } 351 return $result; 352 353 } else { 354 throw new invalid_parameter_exception('Invalid external api description'); 355 } 356 } 357 358 /** 359 * Clean response 360 * If a response attribute is unknown from the description, we just ignore the attribute. 361 * If a response attribute is incorrect, invalid_response_exception is thrown. 362 * Note: this function is similar to validate parameters, however it is distinct because 363 * parameters validation must be distinct from cleaning return values. 364 * 365 * @param external_description $description description of the return values 366 * @param mixed $response the actual response 367 * @return mixed response with added defaults for optional items, invalid_response_exception thrown if any problem found 368 * @author 2010 Jerome Mouneyrac 369 * @since Moodle 2.0 370 */ 371 public static function clean_returnvalue(external_description $description, $response) { 372 if ($description instanceof external_value) { 373 if (is_array($response) or is_object($response)) { 374 throw new invalid_response_exception('Scalar type expected, array or object received.'); 375 } 376 377 if ($description->type == PARAM_BOOL) { 378 // special case for PARAM_BOOL - we want true/false instead of the usual 1/0 - we can not be too strict here ;-) 379 if (is_bool($response) or $response === 0 or $response === 1 or $response === '0' or $response === '1') { 380 return (bool)$response; 381 } 382 } 383 $debuginfo = 'Invalid external api response: the value is "' . $response . 384 '", the server was expecting "' . $description->type . '" type'; 385 try { 386 return validate_param($response, $description->type, $description->allownull, $debuginfo); 387 } catch (invalid_parameter_exception $e) { 388 //proper exception name, to be recursively catched to build the path to the faulty attribut 389 throw new invalid_response_exception($e->debuginfo); 390 } 391 392 } else if ($description instanceof external_single_structure) { 393 if (!is_array($response) && !is_object($response)) { 394 throw new invalid_response_exception('Only arrays/objects accepted. The bad value is: \'' . 395 print_r($response, true) . '\''); 396 } 397 398 // Cast objects into arrays. 399 if (is_object($response)) { 400 $response = (array) $response; 401 } 402 403 $result = array(); 404 foreach ($description->keys as $key=>$subdesc) { 405 if (!array_key_exists($key, $response)) { 406 if ($subdesc->required == VALUE_REQUIRED) { 407 throw new invalid_response_exception('Error in response - Missing following required key in a single structure: ' . $key); 408 } 409 if ($subdesc instanceof external_value) { 410 if ($subdesc->required == VALUE_DEFAULT) { 411 try { 412 $result[$key] = self::clean_returnvalue($subdesc, $subdesc->default); 413 } catch (invalid_response_exception $e) { 414 //build the path to the faulty attribut 415 throw new invalid_response_exception($key." => ".$e->getMessage() . ': ' . $e->debuginfo); 416 } 417 } 418 } 419 } else { 420 try { 421 $result[$key] = self::clean_returnvalue($subdesc, $response[$key]); 422 } catch (invalid_response_exception $e) { 423 //build the path to the faulty attribut 424 throw new invalid_response_exception($key." => ".$e->getMessage() . ': ' . $e->debuginfo); 425 } 426 } 427 unset($response[$key]); 428 } 429 430 return $result; 431 432 } else if ($description instanceof external_multiple_structure) { 433 if (!is_array($response)) { 434 throw new invalid_response_exception('Only arrays accepted. The bad value is: \'' . 435 print_r($response, true) . '\''); 436 } 437 $result = array(); 438 foreach ($response as $param) { 439 $result[] = self::clean_returnvalue($description->content, $param); 440 } 441 return $result; 442 443 } else { 444 throw new invalid_response_exception('Invalid external api response description'); 445 } 446 } 447 448 /** 449 * Makes sure user may execute functions in this context. 450 * 451 * @param stdClass $context 452 * @since Moodle 2.0 453 */ 454 public static function validate_context($context) { 455 global $CFG, $PAGE; 456 457 if (empty($context)) { 458 throw new invalid_parameter_exception('Context does not exist'); 459 } 460 if (empty(self::$contextrestriction)) { 461 self::$contextrestriction = context_system::instance(); 462 } 463 $rcontext = self::$contextrestriction; 464 465 if ($rcontext->contextlevel == $context->contextlevel) { 466 if ($rcontext->id != $context->id) { 467 throw new restricted_context_exception(); 468 } 469 } else if ($rcontext->contextlevel > $context->contextlevel) { 470 throw new restricted_context_exception(); 471 } else { 472 $parents = $context->get_parent_context_ids(); 473 if (!in_array($rcontext->id, $parents)) { 474 throw new restricted_context_exception(); 475 } 476 } 477 478 $PAGE->reset_theme_and_output(); 479 list($unused, $course, $cm) = get_context_info_array($context->id); 480 require_login($course, false, $cm, false, true); 481 $PAGE->set_context($context); 482 } 483 484 /** 485 * Get context from passed parameters. 486 * The passed array must either contain a contextid or a combination of context level and instance id to fetch the context. 487 * For example, the context level can be "course" and instanceid can be courseid. 488 * 489 * See context_helper::get_all_levels() for a list of valid context levels. 490 * 491 * @param array $param 492 * @since Moodle 2.6 493 * @throws invalid_parameter_exception 494 * @return context 495 */ 496 protected static function get_context_from_params($param) { 497 $levels = context_helper::get_all_levels(); 498 if (!empty($param['contextid'])) { 499 return context::instance_by_id($param['contextid'], IGNORE_MISSING); 500 } else if (!empty($param['contextlevel']) && isset($param['instanceid'])) { 501 $contextlevel = "context_".$param['contextlevel']; 502 if (!array_search($contextlevel, $levels)) { 503 throw new invalid_parameter_exception('Invalid context level = '.$param['contextlevel']); 504 } 505 return $contextlevel::instance($param['instanceid'], IGNORE_MISSING); 506 } else { 507 // No valid context info was found. 508 throw new invalid_parameter_exception('Missing parameters, please provide either context level with instance id or contextid'); 509 } 510 } 511 } 512 513 /** 514 * Common ancestor of all parameter description classes 515 * 516 * @package core_webservice 517 * @copyright 2009 Petr Skodak 518 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 519 * @since Moodle 2.0 520 */ 521 abstract class external_description { 522 /** @var string Description of element */ 523 public $desc; 524 525 /** @var bool Element value required, null not allowed */ 526 public $required; 527 528 /** @var mixed Default value */ 529 public $default; 530 531 /** 532 * Contructor 533 * 534 * @param string $desc 535 * @param bool $required 536 * @param mixed $default 537 * @since Moodle 2.0 538 */ 539 public function __construct($desc, $required, $default) { 540 $this->desc = $desc; 541 $this->required = $required; 542 $this->default = $default; 543 } 544 } 545 546 /** 547 * Scalar value description class 548 * 549 * @package core_webservice 550 * @copyright 2009 Petr Skodak 551 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 552 * @since Moodle 2.0 553 */ 554 class external_value extends external_description { 555 556 /** @var mixed Value type PARAM_XX */ 557 public $type; 558 559 /** @var bool Allow null values */ 560 public $allownull; 561 562 /** 563 * Constructor 564 * 565 * @param mixed $type 566 * @param string $desc 567 * @param bool $required 568 * @param mixed $default 569 * @param bool $allownull 570 * @since Moodle 2.0 571 */ 572 public function __construct($type, $desc='', $required=VALUE_REQUIRED, 573 $default=null, $allownull=NULL_ALLOWED) { 574 parent::__construct($desc, $required, $default); 575 $this->type = $type; 576 $this->allownull = $allownull; 577 } 578 } 579 580 /** 581 * Associative array description class 582 * 583 * @package core_webservice 584 * @copyright 2009 Petr Skodak 585 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 586 * @since Moodle 2.0 587 */ 588 class external_single_structure extends external_description { 589 590 /** @var array Description of array keys key=>external_description */ 591 public $keys; 592 593 /** 594 * Constructor 595 * 596 * @param array $keys 597 * @param string $desc 598 * @param bool $required 599 * @param array $default 600 * @since Moodle 2.0 601 */ 602 public function __construct(array $keys, $desc='', 603 $required=VALUE_REQUIRED, $default=null) { 604 parent::__construct($desc, $required, $default); 605 $this->keys = $keys; 606 } 607 } 608 609 /** 610 * Bulk array description class. 611 * 612 * @package core_webservice 613 * @copyright 2009 Petr Skodak 614 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 615 * @since Moodle 2.0 616 */ 617 class external_multiple_structure extends external_description { 618 619 /** @var external_description content */ 620 public $content; 621 622 /** 623 * Constructor 624 * 625 * @param external_description $content 626 * @param string $desc 627 * @param bool $required 628 * @param array $default 629 * @since Moodle 2.0 630 */ 631 public function __construct(external_description $content, $desc='', 632 $required=VALUE_REQUIRED, $default=null) { 633 parent::__construct($desc, $required, $default); 634 $this->content = $content; 635 } 636 } 637 638 /** 639 * Description of top level - PHP function parameters. 640 * 641 * @package core_webservice 642 * @copyright 2009 Petr Skodak 643 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 644 * @since Moodle 2.0 645 */ 646 class external_function_parameters extends external_single_structure { 647 648 /** 649 * Constructor - does extra checking to prevent top level optional parameters. 650 * 651 * @param array $keys 652 * @param string $desc 653 * @param bool $required 654 * @param array $default 655 */ 656 public function __construct(array $keys, $desc='', $required=VALUE_REQUIRED, $default=null) { 657 global $CFG; 658 659 if ($CFG->debugdeveloper) { 660 foreach ($keys as $key => $value) { 661 if ($value instanceof external_value) { 662 if ($value->required == VALUE_OPTIONAL) { 663 debugging('External function parameters: invalid OPTIONAL value specified.', DEBUG_DEVELOPER); 664 break; 665 } 666 } 667 } 668 } 669 parent::__construct($keys, $desc, $required, $default); 670 } 671 } 672 673 /** 674 * Generate a token 675 * 676 * @param string $tokentype EXTERNAL_TOKEN_EMBEDDED|EXTERNAL_TOKEN_PERMANENT 677 * @param stdClass|int $serviceorid service linked to the token 678 * @param int $userid user linked to the token 679 * @param stdClass|int $contextorid 680 * @param int $validuntil date when the token expired 681 * @param string $iprestriction allowed ip - if 0 or empty then all ips are allowed 682 * @return string generated token 683 * @author 2010 Jamie Pratt 684 * @since Moodle 2.0 685 */ 686 function external_generate_token($tokentype, $serviceorid, $userid, $contextorid, $validuntil=0, $iprestriction=''){ 687 global $DB, $USER; 688 // make sure the token doesn't exist (even if it should be almost impossible with the random generation) 689 $numtries = 0; 690 do { 691 $numtries ++; 692 $generatedtoken = md5(uniqid(rand(),1)); 693 if ($numtries > 5){ 694 throw new moodle_exception('tokengenerationfailed'); 695 } 696 } while ($DB->record_exists('external_tokens', array('token'=>$generatedtoken))); 697 $newtoken = new stdClass(); 698 $newtoken->token = $generatedtoken; 699 if (!is_object($serviceorid)){ 700 $service = $DB->get_record('external_services', array('id' => $serviceorid)); 701 } else { 702 $service = $serviceorid; 703 } 704 if (!is_object($contextorid)){ 705 $context = context::instance_by_id($contextorid, MUST_EXIST); 706 } else { 707 $context = $contextorid; 708 } 709 if (empty($service->requiredcapability) || has_capability($service->requiredcapability, $context, $userid)) { 710 $newtoken->externalserviceid = $service->id; 711 } else { 712 throw new moodle_exception('nocapabilitytousethisservice'); 713 } 714 $newtoken->tokentype = $tokentype; 715 $newtoken->userid = $userid; 716 if ($tokentype == EXTERNAL_TOKEN_EMBEDDED){ 717 $newtoken->sid = session_id(); 718 } 719 720 $newtoken->contextid = $context->id; 721 $newtoken->creatorid = $USER->id; 722 $newtoken->timecreated = time(); 723 $newtoken->validuntil = $validuntil; 724 if (!empty($iprestriction)) { 725 $newtoken->iprestriction = $iprestriction; 726 } 727 $DB->insert_record('external_tokens', $newtoken); 728 return $newtoken->token; 729 } 730 731 /** 732 * Create and return a session linked token. Token to be used for html embedded client apps that want to communicate 733 * with the Moodle server through web services. The token is linked to the current session for the current page request. 734 * It is expected this will be called in the script generating the html page that is embedding the client app and that the 735 * returned token will be somehow passed into the client app being embedded in the page. 736 * 737 * @param string $servicename name of the web service. Service name as defined in db/services.php 738 * @param int $context context within which the web service can operate. 739 * @return int returns token id. 740 * @since Moodle 2.0 741 */ 742 function external_create_service_token($servicename, $context){ 743 global $USER, $DB; 744 $service = $DB->get_record('external_services', array('name'=>$servicename), '*', MUST_EXIST); 745 return external_generate_token(EXTERNAL_TOKEN_EMBEDDED, $service, $USER->id, $context, 0); 746 } 747 748 /** 749 * Delete all pre-built services (+ related tokens) and external functions information defined in the specified component. 750 * 751 * @param string $component name of component (moodle, mod_assignment, etc.) 752 */ 753 function external_delete_descriptions($component) { 754 global $DB; 755 756 $params = array($component); 757 758 $DB->delete_records_select('external_tokens', 759 "externalserviceid IN (SELECT id FROM {external_services} WHERE component = ?)", $params); 760 $DB->delete_records_select('external_services_users', 761 "externalserviceid IN (SELECT id FROM {external_services} WHERE component = ?)", $params); 762 $DB->delete_records_select('external_services_functions', 763 "functionname IN (SELECT name FROM {external_functions} WHERE component = ?)", $params); 764 $DB->delete_records('external_services', array('component'=>$component)); 765 $DB->delete_records('external_functions', array('component'=>$component)); 766 } 767 768 /** 769 * Standard Moodle web service warnings 770 * 771 * @package core_webservice 772 * @copyright 2012 Jerome Mouneyrac 773 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 774 * @since Moodle 2.3 775 */ 776 class external_warnings extends external_multiple_structure { 777 778 /** 779 * Constructor 780 * 781 * @since Moodle 2.3 782 */ 783 public function __construct($itemdesc = 'item', $itemiddesc = 'item id', 784 $warningcodedesc = 'the warning code can be used by the client app to implement specific behaviour') { 785 786 parent::__construct( 787 new external_single_structure( 788 array( 789 'item' => new external_value(PARAM_TEXT, $itemdesc, VALUE_OPTIONAL), 790 'itemid' => new external_value(PARAM_INT, $itemiddesc, VALUE_OPTIONAL), 791 'warningcode' => new external_value(PARAM_ALPHANUM, $warningcodedesc), 792 'message' => new external_value(PARAM_TEXT, 793 'untranslated english message to explain the warning') 794 ), 'warning'), 795 'list of warnings', VALUE_OPTIONAL); 796 } 797 } 798 799 /** 800 * A pre-filled external_value class for text format. 801 * 802 * Default is FORMAT_HTML 803 * This should be used all the time in external xxx_params()/xxx_returns functions 804 * as it is the standard way to implement text format param/return values. 805 * 806 * @package core_webservice 807 * @copyright 2012 Jerome Mouneyrac 808 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 809 * @since Moodle 2.3 810 */ 811 class external_format_value extends external_value { 812 813 /** 814 * Constructor 815 * 816 * @param string $textfieldname Name of the text field 817 * @param int $required if VALUE_REQUIRED then set standard default FORMAT_HTML 818 * @since Moodle 2.3 819 */ 820 public function __construct($textfieldname, $required = VALUE_REQUIRED) { 821 822 $default = ($required == VALUE_DEFAULT) ? FORMAT_HTML : null; 823 824 $desc = $textfieldname . ' format (' . FORMAT_HTML . ' = HTML, ' 825 . FORMAT_MOODLE . ' = MOODLE, ' 826 . FORMAT_PLAIN . ' = PLAIN or ' 827 . FORMAT_MARKDOWN . ' = MARKDOWN)'; 828 829 parent::__construct(PARAM_INT, $desc, $required, $default); 830 } 831 } 832 833 /** 834 * Validate text field format against known FORMAT_XXX 835 * 836 * @param array $format the format to validate 837 * @return the validated format 838 * @throws coding_exception 839 * @since Moodle 2.3 840 */ 841 function external_validate_format($format) { 842 $allowedformats = array(FORMAT_HTML, FORMAT_MOODLE, FORMAT_PLAIN, FORMAT_MARKDOWN); 843 if (!in_array($format, $allowedformats)) { 844 throw new moodle_exception('formatnotsupported', 'webservice', '' , null, 845 'The format with value=' . $format . ' is not supported by this Moodle site'); 846 } 847 return $format; 848 } 849 850 /** 851 * Format the string to be returned properly as requested by the either the web service server, 852 * either by an internally call. 853 * The caller can change the format (raw) with the external_settings singleton 854 * All web service servers must set this singleton when parsing the $_GET and $_POST. 855 * 856 * <pre> 857 * Options are the same that in {@link format_string()} with some changes: 858 * filter : Can be set to false to force filters off, else observes {@link external_settings}. 859 * </pre> 860 * 861 * @param string $str The string to be filtered. Should be plain text, expect 862 * possibly for multilang tags. 863 * @param boolean $striplinks To strip any link in the result text. Moodle 1.8 default changed from false to true! MDL-8713 864 * @param int $contextid The id of the context for the string (affects filters). 865 * @param array $options options array/object or courseid 866 * @return string text 867 * @since Moodle 3.0 868 */ 869 function external_format_string($str, $contextid, $striplinks = true, $options = array()) { 870 871 // Get settings (singleton). 872 $settings = external_settings::get_instance(); 873 if (empty($contextid)) { 874 throw new coding_exception('contextid is required'); 875 } 876 877 if (!$settings->get_raw()) { 878 $context = context::instance_by_id($contextid); 879 $options['context'] = $context; 880 $options['filter'] = isset($options['filter']) && !$options['filter'] ? false : $settings->get_filter(); 881 $str = format_string($str, $striplinks, $options); 882 } 883 884 return $str; 885 } 886 887 /** 888 * Format the text to be returned properly as requested by the either the web service server, 889 * either by an internally call. 890 * The caller can change the format (raw, filter, file, fileurl) with the external_settings singleton 891 * All web service servers must set this singleton when parsing the $_GET and $_POST. 892 * 893 * <pre> 894 * Options are the same that in {@link format_text()} with some changes in defaults to provide backwards compatibility: 895 * trusted : If true the string won't be cleaned. Default false. 896 * noclean : If true the string won't be cleaned only if trusted is also true. Default false. 897 * nocache : If true the string will not be cached and will be formatted every call. Default false. 898 * filter : Can be set to false to force filters off, else observes {@link external_settings}. 899 * para : If true then the returned string will be wrapped in div tags. Default (different from format_text) false. 900 * Default changed because div tags are not commonly needed. 901 * newlines : If true then lines newline breaks will be converted to HTML newline breaks. Default true. 902 * context : Not used! Using contextid parameter instead. 903 * overflowdiv : If set to true the formatted text will be encased in a div with the class no-overflow before being 904 * returned. Default false. 905 * allowid : If true then id attributes will not be removed, even when using htmlpurifier. Default (different from 906 * format_text) true. Default changed id attributes are commonly needed. 907 * blanktarget : If true all <a> tags will have target="_blank" added unless target is explicitly specified. 908 * </pre> 909 * 910 * @param string $text The content that may contain ULRs in need of rewriting. 911 * @param int $textformat The text format. 912 * @param int $contextid This parameter and the next two identify the file area to use. 913 * @param string $component 914 * @param string $filearea helps identify the file area. 915 * @param int $itemid helps identify the file area. 916 * @param object/array $options text formatting options 917 * @return array text + textformat 918 * @since Moodle 2.3 919 * @since Moodle 3.2 component, filearea and itemid are optional parameters 920 */ 921 function external_format_text($text, $textformat, $contextid, $component = null, $filearea = null, $itemid = null, 922 $options = null) { 923 global $CFG; 924 925 // Get settings (singleton). 926 $settings = external_settings::get_instance(); 927 928 if ($component and $filearea and $settings->get_fileurl()) { 929 require_once($CFG->libdir . "/filelib.php"); 930 $text = file_rewrite_pluginfile_urls($text, $settings->get_file(), $contextid, $component, $filearea, $itemid); 931 } 932 933 if (!$settings->get_raw()) { 934 $options = (array)$options; 935 936 // If context is passed in options, check that is the same to show a debug message. 937 if (isset($options['context'])) { 938 if ((is_object($options['context']) && $options['context']->id != $contextid) 939 || (!is_object($options['context']) && $options['context'] != $contextid)) { 940 debugging('Different contexts found in external_format_text parameters. $options[\'context\'] not allowed. 941 Using $contextid parameter...', DEBUG_DEVELOPER); 942 } 943 } 944 945 $options['filter'] = isset($options['filter']) && !$options['filter'] ? false : $settings->get_filter(); 946 $options['para'] = isset($options['para']) ? $options['para'] : false; 947 $options['context'] = context::instance_by_id($contextid); 948 $options['allowid'] = isset($options['allowid']) ? $options['allowid'] : true; 949 950 $text = format_text($text, $textformat, $options); 951 $textformat = FORMAT_HTML; // Once converted to html (from markdown, plain... lets inform consumer this is already HTML). 952 } 953 954 return array($text, $textformat); 955 } 956 957 /** 958 * Singleton to handle the external settings. 959 * 960 * We use singleton to encapsulate the "logic" 961 * 962 * @package core_webservice 963 * @copyright 2012 Jerome Mouneyrac 964 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 965 * @since Moodle 2.3 966 */ 967 class external_settings { 968 969 /** @var object the singleton instance */ 970 public static $instance = null; 971 972 /** @var boolean Should the external function return raw text or formatted */ 973 private $raw = false; 974 975 /** @var boolean Should the external function filter the text */ 976 private $filter = false; 977 978 /** @var boolean Should the external function rewrite plugin file url */ 979 private $fileurl = true; 980 981 /** @var string In which file should the urls be rewritten */ 982 private $file = 'webservice/pluginfile.php'; 983 984 /** 985 * Constructor - protected - can not be instanciated 986 */ 987 protected function __construct() { 988 if (!defined('AJAX_SCRIPT') && !defined('CLI_SCRIPT') && !defined('WS_SERVER')) { 989 // For normal pages, the default should match the default for format_text. 990 $this->filter = true; 991 } 992 } 993 994 /** 995 * Clone - private - can not be cloned 996 */ 997 private final function __clone() { 998 } 999 1000 /** 1001 * Return only one instance 1002 * 1003 * @return object 1004 */ 1005 public static function get_instance() { 1006 if (self::$instance === null) { 1007 self::$instance = new external_settings; 1008 } 1009 1010 return self::$instance; 1011 } 1012 1013 /** 1014 * Set raw 1015 * 1016 * @param boolean $raw 1017 */ 1018 public function set_raw($raw) { 1019 $this->raw = $raw; 1020 } 1021 1022 /** 1023 * Get raw 1024 * 1025 * @return boolean 1026 */ 1027 public function get_raw() { 1028 return $this->raw; 1029 } 1030 1031 /** 1032 * Set filter 1033 * 1034 * @param boolean $filter 1035 */ 1036 public function set_filter($filter) { 1037 $this->filter = $filter; 1038 } 1039 1040 /** 1041 * Get filter 1042 * 1043 * @return boolean 1044 */ 1045 public function get_filter() { 1046 return $this->filter; 1047 } 1048 1049 /** 1050 * Set fileurl 1051 * 1052 * @param boolean $fileurl 1053 */ 1054 public function set_fileurl($fileurl) { 1055 $this->fileurl = $fileurl; 1056 } 1057 1058 /** 1059 * Get fileurl 1060 * 1061 * @return boolean 1062 */ 1063 public function get_fileurl() { 1064 return $this->fileurl; 1065 } 1066 1067 /** 1068 * Set file 1069 * 1070 * @param string $file 1071 */ 1072 public function set_file($file) { 1073 $this->file = $file; 1074 } 1075 1076 /** 1077 * Get file 1078 * 1079 * @return string 1080 */ 1081 public function get_file() { 1082 return $this->file; 1083 } 1084 } 1085 1086 /** 1087 * Utility functions for the external API. 1088 * 1089 * @package core_webservice 1090 * @copyright 2015 Juan Leyva 1091 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 1092 * @since Moodle 3.0 1093 */ 1094 class external_util { 1095 1096 /** 1097 * Validate a list of courses, returning the complete course objects for valid courses. 1098 * 1099 * @param array $courseids A list of course ids 1100 * @param array $courses An array of courses already pre-fetched, indexed by course id. 1101 * @return array An array of courses and the validation warnings 1102 */ 1103 public static function validate_courses($courseids, $courses = array()) { 1104 // Delete duplicates. 1105 $courseids = array_unique($courseids); 1106 $warnings = array(); 1107 1108 // Remove courses which are not even requested. 1109 $courses = array_intersect_key($courses, array_flip($courseids)); 1110 1111 foreach ($courseids as $cid) { 1112 // Check the user can function in this context. 1113 try { 1114 $context = context_course::instance($cid); 1115 external_api::validate_context($context); 1116 1117 if (!isset($courses[$cid])) { 1118 $courses[$cid] = get_course($cid); 1119 } 1120 } catch (Exception $e) { 1121 unset($courses[$cid]); 1122 $warnings[] = array( 1123 'item' => 'course', 1124 'itemid' => $cid, 1125 'warningcode' => '1', 1126 'message' => 'No access rights in course context' 1127 ); 1128 } 1129 } 1130 1131 return array($courses, $warnings); 1132 } 1133 1134 /** 1135 * Returns all area files (optionally limited by itemid). 1136 * 1137 * @param int $contextid context ID 1138 * @param string $component component 1139 * @param string $filearea file area 1140 * @param int $itemid item ID or all files if not specified 1141 * @param bool $useitemidinurl wether to use the item id in the file URL (modules intro don't use it) 1142 * @return array of files, compatible with the external_files structure. 1143 * @since Moodle 3.2 1144 */ 1145 public static function get_area_files($contextid, $component, $filearea, $itemid = false, $useitemidinurl = true) { 1146 $files = array(); 1147 $fs = get_file_storage(); 1148 1149 if ($areafiles = $fs->get_area_files($contextid, $component, $filearea, $itemid, 'itemid, filepath, filename', false)) { 1150 foreach ($areafiles as $areafile) { 1151 $file = array(); 1152 $file['filename'] = $areafile->get_filename(); 1153 $file['filepath'] = $areafile->get_filepath(); 1154 $file['mimetype'] = $areafile->get_mimetype(); 1155 $file['filesize'] = $areafile->get_filesize(); 1156 $file['timemodified'] = $areafile->get_timemodified(); 1157 $fileitemid = $useitemidinurl ? $areafile->get_itemid() : null; 1158 $file['fileurl'] = moodle_url::make_webservice_pluginfile_url($contextid, $component, $filearea, 1159 $fileitemid, $areafile->get_filepath(), $areafile->get_filename())->out(false); 1160 $files[] = $file; 1161 } 1162 } 1163 return $files; 1164 } 1165 } 1166 1167 /** 1168 * External structure representing a set of files. 1169 * 1170 * @package core_webservice 1171 * @copyright 2016 Juan Leyva 1172 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 1173 * @since Moodle 3.2 1174 */ 1175 class external_files extends external_multiple_structure { 1176 1177 /** 1178 * Constructor 1179 * @param string $desc Description for the multiple structure. 1180 * @param int $required The type of value (VALUE_REQUIRED OR VALUE_OPTIONAL). 1181 */ 1182 public function __construct($desc = 'List of files.', $required = VALUE_REQUIRED) { 1183 1184 parent::__construct( 1185 new external_single_structure( 1186 array( 1187 'filename' => new external_value(PARAM_FILE, 'File name.', VALUE_OPTIONAL), 1188 'filepath' => new external_value(PARAM_PATH, 'File path.', VALUE_OPTIONAL), 1189 'filesize' => new external_value(PARAM_INT, 'File size.', VALUE_OPTIONAL), 1190 'fileurl' => new external_value(PARAM_URL, 'Downloadable file url.', VALUE_OPTIONAL), 1191 'timemodified' => new external_value(PARAM_INT, 'Time modified.', VALUE_OPTIONAL), 1192 'mimetype' => new external_value(PARAM_RAW, 'File mime type.', VALUE_OPTIONAL), 1193 ), 1194 'File.' 1195 ), 1196 $desc, 1197 $required 1198 ); 1199 } 1200 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Aug 11 10:00:09 2016 | Cross-referenced by PHPXref 0.7.1 |