PluginProbe ʕ •ᴥ•ʔ
VikAppointments Services Booking Calendar / trunk
VikAppointments Services Booking Calendar vtrunk
trunk 1.2.17 1.2.18 1.2.19
vikappointments / admin / controllers / apiplugin.php
vikappointments / admin / controllers Last commit date
analytics.php 4 years ago apiban.php 4 years ago apilog.php 4 years ago apiplugin.php 4 years ago apiuser.php 4 years ago backup.php 4 years ago calendar.php 4 years ago city.php 4 years ago closure.php 1 month ago configapp.php 4 years ago configcldays.php 2 years ago configcron.php 4 years ago configemp.php 4 years ago configsmsapi.php 4 years ago configuration.php 1 month ago conversion.php 1 year ago country.php 4 years ago coupon.php 4 years ago coupongroup.php 4 years ago cronjob.php 2 years ago cronjoblog.php 4 years ago customer.php 4 months ago customf.php 1 year ago dashboard.php 4 years ago emplocwdays.php 4 years ago employee.php 1 year ago emprates.php 4 years ago export.php 4 years ago exportres.php 4 years ago file.php 4 months ago findreservation.php 1 month ago group.php 4 years ago import.php 4 years ago index.html 4 years ago invoice.php 1 month ago langcustomf.php 4 years ago langemployee.php 4 years ago langgroup.php 4 years ago langmedia.php 4 years ago langoption.php 4 years ago langoptiongroup.php 4 years ago langpackage.php 4 years ago langpackgroup.php 4 years ago langpayment.php 4 years ago langservice.php 4 years ago langstatuscode.php 4 years ago langsubscr.php 4 years ago langtax.php 4 years ago location.php 4 years ago mailtext.php 2 years ago makerecurrence.php 1 month ago media.php 4 years ago multiorder.php 4 years ago option.php 4 months ago optiongroup.php 4 years ago package.php 2 years ago packgroup.php 4 years ago packorder.php 1 year ago payment.php 4 years ago rate.php 4 years ago reportsemp.php 4 years ago reportsser.php 4 years ago reservation.php 1 month ago restriction.php 4 years ago review.php 4 years ago service.php 1 year ago serworkday.php 4 months ago state.php 4 years ago statuscode.php 4 years ago subscription.php 4 years ago subscrorder.php 4 years ago tag.php 4 years ago tax.php 4 years ago usernote.php 4 years ago waitinglist.php 4 years ago webhook.php 4 years ago wizard.php 1 year ago
apiplugin.php
160 lines
1 <?php
2 /**
3 * @package VikAppointments
4 * @subpackage core
5 * @author E4J s.r.l.
6 * @copyright Copyright (C) 2021 E4J s.r.l. All Rights Reserved.
7 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
8 * @link https://vikwp.com
9 */
10
11 // No direct access
12 defined('ABSPATH') or die('No script kiddies please!');
13
14 VAPLoader::import('libraries.mvc.controllers.admin');
15
16 /**
17 * VikAppointments API plugin controller.
18 *
19 * @since 1.7
20 */
21 class VikAppointmentsControllerApiplugin extends VAPControllerAdmin
22 {
23 /**
24 * Task used to access the management page of an existing record.
25 *
26 * @return boolean
27 */
28 public function edit()
29 {
30 $app = JFactory::getApplication();
31
32 // unset user state for being recovered again
33 $app->setUserState('vap.apiplugin.data', array());
34
35 // check user permissions
36 if (!JFactory::getUser()->authorise('core.edit', 'com_vikappointments') || !VAPFactory::getApi()->isEnabled())
37 {
38 // back to main list, not authorised to edit records
39 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
40 $this->cancel();
41
42 return false;
43 }
44
45 $cid = $app->input->getString('cid', array(''));
46
47 $this->setRedirect('index.php?option=com_vikappointments&view=manageapiplugin&cid[]=' . $cid[0]);
48
49 return true;
50 }
51
52 /**
53 * Deletes a list of records set in the request.
54 *
55 * @return boolean
56 */
57 public function delete()
58 {
59 $app = JFactory::getApplication();
60 $cid = $app->input->get('cid', array(), 'string');
61
62 /**
63 * Added token validation.
64 * Both GET and POST are supported.
65 *
66 * @since 1.7
67 */
68 if (!JSession::checkToken() && !JSession::checkToken('get'))
69 {
70 // back to main list, missing CSRF-proof token
71 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
72 $this->cancel();
73
74 return false;
75 }
76
77 // check user permissions
78 if (!JFactory::getUser()->authorise('core.delete', 'com_vikappointments') || !VAPFactory::getApi()->isEnabled())
79 {
80 // back to main list, not authorised to delete records
81 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
82 $this->cancel();
83
84 return false;
85 }
86
87 // delete selected records
88 $res = $this->getModel()->delete($cid);
89
90 // back to main list
91 $this->cancel();
92
93 return true;
94 }
95
96 /**
97 * Redirects the users to the main records list.
98 *
99 * @return void
100 */
101 public function cancel()
102 {
103 $this->setRedirect('index.php?option=com_vikappointments&view=apiplugins');
104 }
105
106 /**
107 * AJAX end-point used to load the supported columns of the given model.
108 * In case the given model doesn't support tables, an empty object will
109 * be returned.
110 *
111 * This task expects the following arguments to be set in request.
112 *
113 * @param string model The model to load.
114 *
115 * @return void
116 */
117 public function tableajax()
118 {
119 $input = JFactory::getApplication()->input;
120
121 /**
122 * Added token validation.
123 *
124 * @since 1.7
125 */
126 if (!JSession::checkToken())
127 {
128 // missing CSRF-proof token
129 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
130 }
131
132 // load model from request
133 $modelName = $input->get('model');
134
135 if (!$modelName)
136 {
137 UIErrorFactory::raiseError(400, 'Missing model name');
138 }
139
140 // load model
141 $model = JModelVAP::getInstance($modelName);
142
143 if (!$model)
144 {
145 UIErrorFactory::raiseError(404, sprintf('Model [%s] not found', $modelName));
146 }
147
148 try
149 {
150 // send default item details
151 $this->sendJSON($model->getItem(0, true));
152 }
153 catch (Exception $e)
154 {
155 // an error occurred, send empty object
156 $this->sendJSON(new stdClass);
157 }
158 }
159 }
160