MDL-20293 strict param validation support
[moodle.git] / lib / externallib.php
CommitLineData
9a0df45a 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Support for external API
20 *
21 * @package moodlecore
22 * @subpackage webservice
23 * @copyright 2008 Petr Skoda (http://skodak.org)
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 */
26
27/**
28 * Exception indicating user is not allowed to use external function in
29 * the current context.
30 */
31class restricted_context_exception extends moodle_exception {
32 /**
33 * Constructor
34 */
35 function __construct() {
36 parent::__construct('restrictedcontextexception', 'error');
37 }
38}
39
40/**
41 * Base class for external api methods.
42 */
43class external_api {
44
45
46 private static $contextrestriction;
47
48 public static function set_context_restriction($contex) {
49 self::$contextrestriction = $context;
50 }
51
52 /**
53 * Makes sure user may execute functions in this context.
54 * @param object $context
55 * @return void
56 */
57 protected static function validate_context($context) {
58 if (empty(self::$contextrestriction)) {
59 self::$contextrestriction = get_context_instance(CONTEXT_SYSTEM);
60 }
61 $rcontext = self::$contextrestriction;
62
63 if ($rcontext->contextlevel == $context->contextlevel) {
64 if ($rcontex->id != $context->id) {
65 throw new restricted_context_exception();
66 }
67 } else if ($rcontext->contextlevel > $context->contextlevel) {
68 throw new restricted_context_exception();
69 } else {
70 $parents = get_parent_contexts($context);
71 if (!in_array($rcontext->id, $parents)) {
72 throw new restricted_context_exception();
73 }
74 }
75
76 if ($context->contextlevel >= CONTEXT_COURSE) {
77 //TODO: temporary bloody hack, this needs to be replaced by
78 // proper enrolment and course visibility check
79 // similar to require_login() (which can not be used
80 // because it can be used only once and redirects)
81 // oh - did I tell we need to rewrite enrolments in 2.0
82 // to solve this bloody mess?
83 //
84 // missing: hidden courses and categories, groupmembersonly,
85 // conditional activities, etc.
86 require_capability('moodle/course:view', $context);
87 }
88 }
89
90 /**
91 * Some automatic type validation of parameters
92 * @param string $functionname
93 * @param mixed $params
94 * @return mixed cleaned parameters
95 */
96 protected static function cleanparams($functionname, $params) {
97 //TODO: implement cleaning
98 // do we need this? We need only basic data types for web services, right?
99 return $params;
100 }
101
102 /**
103 * Returns detailed information about external function
104 * @param string $functionname name of external function
105 * @return aray
106 */
107 public static function get_function_info($functionname) {
108 global $CFG, $DB;
109
110 //TODO: this is very slow, we should add some caching here
111 $function = $DB->get_record('external_functions', array('name'=>$functionname), '*', MUST_EXIST);
112
113 $defpath = get_component_directory($function->component);
114 if (!file_exists("$defpath/db/services.php")) {
115 //TODO: maybe better throw invalid parameter exception
116 return null;
117 }
118
119 $functions = array();
120 include("$defpath/db/services.php");
121
122 if (empty($functions[$functionname])) {
123 return null;
124 }
125
126 $desc = $functions[$functionname];
127 if (empty($desc['classpath'])) {
128 $desc['classpath'] = "$defpath/externallib.php";
129 } else {
130 $desc['classpath'] = "$CFG->dirroot/".$desc['classpath'];
131 }
132 $desc['component'] = $function->component;
133
134 return $desc;
135 }
136}
137