MDL-50782 Ajax: No require_login for all ajax webservice calls
[moodle.git] / lib / ajax / service.php
CommitLineData
72f8324e
DW
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * This file is used to call any registered externallib function in Moodle.
19 *
20 * It will process more than one request and return more than one response if required.
21 * It is recommended to add webservice functions and re-use this script instead of
22 * writing any new custom ajax scripts.
23 *
24 * @since Moodle 2.9
25 * @package core
26 * @copyright 2015 Damyon Wiese
27 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
28 */
29
30define('AJAX_SCRIPT', true);
31
32require_once(dirname(__FILE__) . '/../../config.php');
33require_once($CFG->libdir . '/externallib.php');
34
b0a58393 35require_sesskey();
72f8324e
DW
36
37$rawjson = file_get_contents('php://input');
38
39$requests = json_decode($rawjson, true);
40if ($requests === null) {
41 $lasterror = json_last_error_msg();
42 throw new coding_exception('Invalid json in request: ' . $lasterror);
43}
44$responses = array();
45
46
47foreach ($requests as $request) {
48 $response = array();
49 $methodname = clean_param($request['methodname'], PARAM_ALPHANUMEXT);
50 $index = clean_param($request['index'], PARAM_INT);
51 $args = $request['args'];
52
53 try {
54 $externalfunctioninfo = external_function_info($methodname);
55
56 if (!$externalfunctioninfo->allowed_from_ajax) {
57 throw new moodle_exception('servicenotavailable', 'webservice');
58 }
59
5d8c1987
DW
60 // Do not allow access to write or delete webservices as a public user.
61 if ($externalfunctioninfo->loginrequired) {
62 if (!isloggedin()) {
63 error_log('This external function is not available to public users. Failed to call "' . $methodname . '"');
64 throw new moodle_exception('servicenotavailable', 'webservice');
65 }
66 }
67
72f8324e
DW
68 // Validate params, this also sorts the params properly, we need the correct order in the next part.
69 $callable = array($externalfunctioninfo->classname, 'validate_parameters');
70 $params = call_user_func($callable,
71 $externalfunctioninfo->parameters_desc,
72 $args);
73
74 // Execute - gulp!
75 $callable = array($externalfunctioninfo->classname, $externalfunctioninfo->methodname);
76 $result = call_user_func_array($callable,
77 array_values($params));
78
79 $response['error'] = false;
80 $response['data'] = $result;
81 $responses[$index] = $response;
82 } catch (Exception $e) {
83 $jsonexception = get_exception_info($e);
84 unset($jsonexception->a);
85 if (!debugging('', DEBUG_DEVELOPER)) {
86 unset($jsonexception->debuginfo);
87 unset($jsonexception->backtrace);
88 }
89 $response['error'] = true;
90 $response['exception'] = $jsonexception;
91 $responses[$index] = $response;
92 // Do not process the remaining requests.
93 break;
94 }
95}
96
97echo json_encode($responses);