2019-05-14 01:15:45 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @copyright Copyright (c) 2017 Vinzenz Rosenkranz <vinzenz.rosenkranz@gmail.com>
|
|
|
|
*
|
|
|
|
* @author René Gieling <github@dartcafe.de>
|
|
|
|
* @author Natalie Gilbert <ngilb634@umd.edu>
|
|
|
|
* @author Inigo Jiron
|
|
|
|
* @author Affan Hussain
|
|
|
|
*
|
|
|
|
* @license GNU AGPL version 3 or any later version
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OCA\Forms\Controller;
|
|
|
|
|
|
|
|
use OCP\AppFramework\Controller;
|
|
|
|
use OCP\AppFramework\Http;
|
|
|
|
use OCP\AppFramework\Http\DataResponse;
|
|
|
|
use OCP\AppFramework\Db\DoesNotExistException;
|
2020-03-27 10:29:30 +01:00
|
|
|
use OCP\AppFramework\Db\IMapperException;
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
use OCP\IGroupManager;
|
2020-03-27 10:29:30 +01:00
|
|
|
use OCP\ILogger;
|
2019-05-14 01:15:45 +02:00
|
|
|
use OCP\IRequest;
|
|
|
|
use OCP\IUser;
|
|
|
|
use OCP\IUserManager;
|
|
|
|
use OCP\Security\ISecureRandom;
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
use OCA\Forms\Db\Form;
|
|
|
|
use OCA\Forms\Db\FormMapper;
|
|
|
|
use OCA\Forms\Db\Submission;
|
|
|
|
use OCA\Forms\Db\SubmissionMapper;
|
|
|
|
use OCA\Forms\Db\Answer;
|
|
|
|
use OCA\Forms\Db\AnswerMapper;
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
use OCA\Forms\Db\Question;
|
|
|
|
use OCA\Forms\Db\QuestionMapper;
|
2020-03-30 13:48:14 +02:00
|
|
|
use OCA\Forms\Db\Option;
|
|
|
|
use OCA\Forms\Db\OptionMapper;
|
2019-05-14 01:15:45 +02:00
|
|
|
|
2020-03-27 10:29:30 +01:00
|
|
|
use OCP\Util;
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
class ApiController extends Controller {
|
|
|
|
|
|
|
|
private $groupManager;
|
|
|
|
private $userManager;
|
2020-03-30 13:48:14 +02:00
|
|
|
private $formMapper;
|
|
|
|
private $submissionMapper;
|
2019-05-14 01:15:45 +02:00
|
|
|
private $answerMapper;
|
2020-03-30 13:48:14 +02:00
|
|
|
private $questionMapper;
|
|
|
|
private $optionMapper;
|
2019-05-14 01:15:45 +02:00
|
|
|
|
2020-03-27 10:29:30 +01:00
|
|
|
/** @var ILogger */
|
|
|
|
private $logger;
|
|
|
|
|
|
|
|
/** @var string */
|
|
|
|
private $userId;
|
|
|
|
|
2019-05-14 01:15:45 +02:00
|
|
|
/**
|
|
|
|
* PageController constructor.
|
|
|
|
* @param string $appName
|
|
|
|
* @param IGroupManager $groupManager
|
|
|
|
* @param IRequest $request
|
|
|
|
* @param IUserManager $userManager
|
|
|
|
* @param string $userId
|
2020-03-30 13:48:14 +02:00
|
|
|
* @param FormMapper $formMapper
|
|
|
|
* @param SubmissionMapper $submissionMapper
|
2019-05-14 01:15:45 +02:00
|
|
|
* @param AnswerMapper $answerMapper
|
2020-03-30 13:48:14 +02:00
|
|
|
* @param QuestionMapper $questionMapper
|
|
|
|
* @param OptionMapper $optionMapper
|
2019-05-14 01:15:45 +02:00
|
|
|
*/
|
|
|
|
public function __construct(
|
|
|
|
$appName,
|
|
|
|
IGroupManager $groupManager,
|
|
|
|
IRequest $request,
|
|
|
|
IUserManager $userManager,
|
|
|
|
$userId,
|
2020-03-30 13:48:14 +02:00
|
|
|
FormMapper $formMapper,
|
|
|
|
SubmissionMapper $submissionMapper,
|
2020-03-27 10:29:30 +01:00
|
|
|
AnswerMapper $answerMapper,
|
2020-03-30 13:48:14 +02:00
|
|
|
QuestionMapper $questionMapper,
|
|
|
|
OptionMapper $optionMapper,
|
2020-03-27 10:29:30 +01:00
|
|
|
ILogger $logger
|
2019-05-14 01:15:45 +02:00
|
|
|
) {
|
|
|
|
parent::__construct($appName, $request);
|
|
|
|
$this->userId = $userId;
|
|
|
|
$this->groupManager = $groupManager;
|
|
|
|
$this->userManager = $userManager;
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->formMapper = $formMapper;
|
|
|
|
$this->submissionMapper = $submissionMapper;
|
2019-05-14 01:15:45 +02:00
|
|
|
$this->answerMapper = $answerMapper;
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->questionMapper = $questionMapper;
|
|
|
|
$this->optionMapper = $optionMapper;
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->logger = $logger;
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Transforms a string with user and group names to an array
|
|
|
|
* of nextcloud users and groups
|
|
|
|
* @param string $item
|
|
|
|
* @return Array
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
private function convertAccessList($item) : array {
|
|
|
|
$split = [];
|
2019-05-14 01:15:45 +02:00
|
|
|
if (strpos($item, 'user_') === 0) {
|
|
|
|
$user = $this->userManager->get(substr($item, 5));
|
|
|
|
$split = [
|
|
|
|
'id' => $user->getUID(),
|
|
|
|
'user' => $user->getUID(),
|
|
|
|
'type' => 'user',
|
|
|
|
'desc' => 'user',
|
|
|
|
'icon' => 'icon-user',
|
|
|
|
'displayName' => $user->getDisplayName(),
|
|
|
|
'avatarURL' => '',
|
|
|
|
'lastLogin' => $user->getLastLogin(),
|
|
|
|
'cloudId' => $user->getCloudId()
|
|
|
|
];
|
|
|
|
} elseif (strpos($item, 'group_') === 0) {
|
|
|
|
$group = substr($item, 6);
|
|
|
|
$group = $this->groupManager->get($group);
|
|
|
|
$split = [
|
|
|
|
'id' => $group->getGID(),
|
|
|
|
'user' => $group->getGID(),
|
|
|
|
'type' => 'group',
|
|
|
|
'desc' => 'group',
|
|
|
|
'icon' => 'icon-group',
|
|
|
|
'displayName' => $group->getDisplayName(),
|
|
|
|
'avatarURL' => '',
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
return($split);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if current user is in the access list
|
|
|
|
* @param Array $accessList
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
private function checkUserAccess($accessList) {
|
|
|
|
foreach ($accessList as $accessItem ) {
|
|
|
|
if ($accessItem['type'] === 'user' && $accessItem['id'] === \OC::$server->getUserSession()->getUser()->getUID()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check If current user is member of a group in the access list
|
|
|
|
* @param Array $accessList
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
private function checkGroupAccess($accessList) {
|
|
|
|
foreach ($accessList as $accessItem ) {
|
|
|
|
if ($accessItem['type'] === 'group' && $this->groupManager->isInGroup(\OC::$server->getUserSession()->getUser()->getUID(),$accessItem['id'])) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the access right of the current user for the form
|
2020-03-30 13:48:14 +02:00
|
|
|
* @param Array $form
|
2019-05-14 01:15:45 +02:00
|
|
|
* @param Array $shares
|
|
|
|
* @return String
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
private function grantAccessAs($form, $shares) {
|
2019-05-14 01:15:45 +02:00
|
|
|
if (!\OC::$server->getUserSession()->getUser() instanceof IUser) {
|
|
|
|
$currentUser = '';
|
|
|
|
} else {
|
|
|
|
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
|
|
|
}
|
|
|
|
|
|
|
|
$grantAccessAs = 'none';
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form['ownerId'] === $currentUser) {
|
2019-05-14 01:15:45 +02:00
|
|
|
$grantAccessAs = 'owner';
|
2020-03-30 13:48:14 +02:00
|
|
|
} elseif ($form['access'] === 'public') {
|
2019-05-14 01:15:45 +02:00
|
|
|
$grantAccessAs = 'public';
|
2020-03-30 13:48:14 +02:00
|
|
|
} elseif ($form['access'] === 'registered' && \OC::$server->getUserSession()->getUser() instanceof IUser) {
|
2019-05-14 01:15:45 +02:00
|
|
|
$grantAccessAs = 'registered';
|
2020-03-30 13:48:14 +02:00
|
|
|
} elseif ($form['access'] === 'hidden' && ($form['ownerId'] === \OC::$server->getUserSession()->getUser())) {
|
2019-05-14 01:15:45 +02:00
|
|
|
$grantAccessAs = 'hidden';
|
|
|
|
} elseif ($this->checkUserAccess($shares)) {
|
|
|
|
$grantAccessAs = 'userInvitation';
|
|
|
|
} elseif ($this->checkGroupAccess($shares)) {
|
|
|
|
$grantAccessAs = 'groupInvitation';
|
|
|
|
} elseif ($this->groupManager->isAdmin($currentUser)) {
|
|
|
|
$grantAccessAs = 'admin';
|
|
|
|
}
|
|
|
|
|
|
|
|
return $grantAccessAs;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read an entire form based on form id
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @param Integer $formId
|
|
|
|
* @return Array
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
public function getForm($formId) {
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
$data = array();
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$data = $this->formMapper->find($formId)->read();
|
2019-05-14 01:15:45 +02:00
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
// return silently
|
|
|
|
} finally {
|
|
|
|
return $data;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read all shares (users and groups with access) of a form based on the form id
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @param Integer $formId
|
|
|
|
* @return Array
|
|
|
|
*/
|
|
|
|
public function getShares($formId) {
|
|
|
|
|
|
|
|
$accessList = array();
|
|
|
|
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->formMapper->find($formId);
|
2019-05-14 01:15:45 +02:00
|
|
|
if (!strpos('|public|hidden|registered', $form->getAccess())) {
|
|
|
|
$accessList = explode(';', $form->getAccess());
|
|
|
|
$accessList = array_filter($accessList);
|
|
|
|
$accessList = array_map(array($this, 'convertAccessList'), $accessList);
|
|
|
|
}
|
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
// return silently
|
|
|
|
} finally {
|
|
|
|
return $accessList;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
public function getQuestions($formId) : array {
|
|
|
|
$questionList = [];
|
2019-05-14 01:15:45 +02:00
|
|
|
try{
|
2020-03-30 13:48:14 +02:00
|
|
|
$questionEntities = $this->questionMapper->findByForm($formId);
|
|
|
|
foreach ($questionEntities as $questionEntity) {
|
|
|
|
$question = $questionEntity->read();
|
|
|
|
$question['options'] = $this->getOptions($question['id']);
|
|
|
|
$questionList[] = $question;
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
//handle silently
|
|
|
|
}finally{
|
|
|
|
return $questionList;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
public function getOptions($questionId) : array {
|
|
|
|
$optionList = [];
|
2019-05-14 01:15:45 +02:00
|
|
|
try{
|
2020-03-30 13:48:14 +02:00
|
|
|
$optionEntities = $this->optionMapper->findByQuestion($questionId);
|
|
|
|
foreach ($optionEntities as $optionEntity) {
|
|
|
|
$optionList[] = $optionEntity->read();
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
//handle silently
|
|
|
|
}finally{
|
2020-03-30 13:48:14 +02:00
|
|
|
return $optionList;
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read an entire form based on the form id or hash
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @param String $formIdOrHash form id or hash
|
|
|
|
* @return Array
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
public function getFullForm($formIdOrHash) {
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
if (!\OC::$server->getUserSession()->getUser() instanceof IUser) {
|
|
|
|
$currentUser = '';
|
|
|
|
} else {
|
|
|
|
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
|
|
|
}
|
|
|
|
|
|
|
|
$data = array();
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
if (is_numeric($formIdOrHash)) {
|
2020-03-30 13:48:14 +02:00
|
|
|
$formId = $this->formMapper->find(intval($formIdOrHash))->id;
|
2019-05-14 01:15:45 +02:00
|
|
|
$result = 'foundById';
|
|
|
|
} else {
|
2020-03-30 13:48:14 +02:00
|
|
|
$formId = $this->formMapper->findByHash($formIdOrHash)->id;
|
2019-05-14 01:15:45 +02:00
|
|
|
$result = 'foundByHash';
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->getForm($formId);
|
|
|
|
$shares = $this->getShares($form['id']);
|
2019-05-14 01:15:45 +02:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form['ownerId'] !== $currentUser && !$this->groupManager->isAdmin($currentUser)) {
|
2019-05-14 01:15:45 +02:00
|
|
|
$mode = 'create';
|
|
|
|
} else {
|
|
|
|
$mode = 'edit';
|
|
|
|
}
|
|
|
|
|
|
|
|
$data = [
|
2020-03-30 13:48:14 +02:00
|
|
|
'id' => $form['id'],
|
2019-05-14 01:15:45 +02:00
|
|
|
'result' => $result,
|
2020-03-30 13:48:14 +02:00
|
|
|
'grantedAs' => $this->grantAccessAs($form, $shares),
|
2019-05-14 01:15:45 +02:00
|
|
|
'mode' => $mode,
|
2020-03-30 13:48:14 +02:00
|
|
|
'form' => $form,
|
2019-05-14 01:15:45 +02:00
|
|
|
'shares' => $shares,
|
2020-03-30 13:48:14 +02:00
|
|
|
'questions' => $this->getQuestions($form['id']),
|
2019-05-14 01:15:45 +02:00
|
|
|
];
|
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
$data['form'] = ['result' => 'notFound'];
|
|
|
|
} finally {
|
|
|
|
return $data;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get all forms
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @return DataResponse
|
|
|
|
*/
|
|
|
|
|
|
|
|
public function getForms() {
|
|
|
|
if (!\OC::$server->getUserSession()->getUser() instanceof IUser) {
|
|
|
|
return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$forms = $this->formMapper->findAll();
|
2019-05-14 01:15:45 +02:00
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
return new DataResponse($e, Http::STATUS_NOT_FOUND);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$formsList = array();
|
|
|
|
foreach ($forms as $formElement) {
|
|
|
|
$form = $this->getFullForm($formElement->id);
|
|
|
|
//if ($form['grantedAs'] !== 'none') {
|
|
|
|
$formsList[] = $form;
|
2019-05-14 01:15:45 +02:00
|
|
|
//}
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
return new DataResponse($formsList, Http::STATUS_OK);
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @param int $formId
|
|
|
|
* @return DataResponse
|
2020-03-25 17:40:59 +01:00
|
|
|
* TODO: use hash instead of id ?
|
2019-05-14 01:15:45 +02:00
|
|
|
*/
|
2020-03-25 17:40:59 +01:00
|
|
|
public function deleteForm(int $id) {
|
2019-08-30 21:32:47 +02:00
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$formToDelete = $this->formMapper->find($id);
|
2019-08-30 21:32:47 +02:00
|
|
|
} catch (DoesNotExistException $e) {
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_NOT_FOUND);
|
|
|
|
}
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($this->userId !== $formToDelete->getOwnerId() && !$this->groupManager->isAdmin($this->userId)) {
|
2019-05-14 01:15:45 +02:00
|
|
|
return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
|
|
|
|
}
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->submissionMapper->deleteByForm($id);
|
2019-05-14 01:15:45 +02:00
|
|
|
$this->questionMapper->deleteByForm($id);
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->formMapper->delete($formToDelete);
|
2019-05-14 01:15:45 +02:00
|
|
|
return new DataResponse(array(
|
|
|
|
'id' => $id,
|
|
|
|
'action' => 'deleted'
|
|
|
|
), Http::STATUS_OK);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write form (create/update)
|
|
|
|
* @NoAdminRequired
|
2020-03-30 13:48:14 +02:00
|
|
|
* @param Array $form
|
2019-05-14 01:15:45 +02:00
|
|
|
* @param Array $options
|
|
|
|
* @param Array $shares
|
|
|
|
* @param String $mode
|
|
|
|
* @return DataResponse
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
public function writeForm($form, $questions, $shares, $mode) {
|
2019-05-14 01:15:45 +02:00
|
|
|
if (!\OC::$server->getUserSession()->getUser() instanceof IUser) {
|
|
|
|
return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
|
|
|
|
} else {
|
|
|
|
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
2020-03-30 13:48:14 +02:00
|
|
|
$adminAccess = $this->groupManager->isAdmin($currentUser);
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm = new Form();
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
// Set the configuration options entered by the user
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setTitle($form['title']);
|
|
|
|
$newForm->setDescription($form['description']);
|
2019-05-14 01:15:45 +02:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setIsAnonymous($form['isAnonymous']);
|
|
|
|
$newForm->setSubmitOnce($form['submitOnce']);
|
2019-05-14 01:15:45 +02:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form['access'] === 'select') {
|
2019-05-14 01:15:45 +02:00
|
|
|
$shareAccess = '';
|
|
|
|
foreach ($shares as $shareElement) {
|
|
|
|
if ($shareElement['type'] === 'user') {
|
|
|
|
$shareAccess = $shareAccess . 'user_' . $shareElement['id'] . ';';
|
|
|
|
} elseif ($shareElement['type'] === 'group') {
|
|
|
|
$shareAccess = $shareAccess . 'group_' . $shareElement['id'] . ';';
|
|
|
|
}
|
|
|
|
}
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setAccess(rtrim($shareAccess, ';'));
|
2019-05-14 01:15:45 +02:00
|
|
|
} else {
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setAccess($form['access']);
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form['expires']) {
|
|
|
|
$newForm->setExpirationDate(date('Y-m-d H:i:s', strtotime($form['expirationDate'])));
|
2019-05-14 01:15:45 +02:00
|
|
|
} else {
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setExpirationDate(null);
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($mode === 'edit') {
|
|
|
|
// Edit existing form
|
2020-03-30 13:48:14 +02:00
|
|
|
$oldForm = $this->formMapper->findByHash($form['hash']);
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
// Check if current user is allowed to edit existing form
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($oldForm->getOwnerId() !== $currentUser && !$adminAccess) {
|
2019-05-14 01:15:45 +02:00
|
|
|
// If current user is not owner of existing form deny access
|
|
|
|
return new DataResponse(null, Http::STATUS_UNAUTHORIZED);
|
|
|
|
}
|
|
|
|
|
|
|
|
// else take owner, hash and id of existing form
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setOwnerId($oldForm->getOwnerId());
|
|
|
|
$newForm->setHash($oldForm->getHash());
|
|
|
|
$newForm->setId($oldForm->getId());
|
|
|
|
$this->formMapper->update($newForm);
|
2019-05-14 01:15:45 +02:00
|
|
|
|
|
|
|
} elseif ($mode === 'create') {
|
|
|
|
// Create new form
|
|
|
|
// Define current user as owner, set new creation date and create a new hash
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm->setOwnerId($currentUser);
|
|
|
|
$newForm->setCreated(date('Y-m-d H:i:s'));
|
|
|
|
$newForm->setHash(\OC::$server->getSecureRandom()->generate(
|
2019-05-14 01:15:45 +02:00
|
|
|
16,
|
|
|
|
ISecureRandom::CHAR_DIGITS .
|
|
|
|
ISecureRandom::CHAR_LOWER .
|
|
|
|
ISecureRandom::CHAR_UPPER
|
|
|
|
));
|
2020-03-30 13:48:14 +02:00
|
|
|
$newForm = $this->formMapper->insert($newForm);
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return new DataResponse(array(
|
2020-03-30 13:48:14 +02:00
|
|
|
'id' => $newForm->getId(),
|
|
|
|
'hash' => $newForm->getHash()
|
2019-05-14 01:15:45 +02:00
|
|
|
), Http::STATUS_OK);
|
|
|
|
|
|
|
|
}
|
2020-03-23 14:00:22 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
|
|
|
public function newForm(): Http\JSONResponse {
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = new Form();
|
2020-03-23 14:00:22 +01:00
|
|
|
|
|
|
|
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
2020-03-30 13:48:14 +02:00
|
|
|
$form->setOwnerId($currentUser);
|
|
|
|
$form->setCreated(date('Y-m-d H:i:s'));
|
|
|
|
$form->setHash(\OC::$server->getSecureRandom()->generate(
|
2020-03-23 14:00:22 +01:00
|
|
|
16,
|
|
|
|
ISecureRandom::CHAR_HUMAN_READABLE
|
|
|
|
));
|
2020-03-30 13:48:14 +02:00
|
|
|
$form->setTitle('New form');
|
|
|
|
$form->setDescription('');
|
|
|
|
$form->setAccess('public');
|
2020-03-23 14:00:22 +01:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->formMapper->insert($form);
|
2020-03-23 14:00:22 +01:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
return new Http\JSONResponse($this->getFullForm($form->getHash()));
|
2020-03-23 14:00:22 +01:00
|
|
|
}
|
2020-03-27 10:29:30 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
|
|
|
public function newQuestion(int $formId, string $type, string $text): Http\JSONResponse {
|
|
|
|
$this->logger->debug('Adding new question: formId: {formId}, type: {type}, text: {text}', [
|
|
|
|
'formId' => $formId,
|
|
|
|
'type' => $type,
|
|
|
|
'text' => $text,
|
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->formMapper->find($formId);
|
2020-03-27 10:29:30 +01:00
|
|
|
} catch (IMapperException $e) {
|
|
|
|
$this->logger->debug('Could not find form');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->logger->debug('This form is not owned by the current user');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
$question = new Question();
|
|
|
|
|
|
|
|
$question->setFormId($formId);
|
2020-03-30 13:48:14 +02:00
|
|
|
$question->setType($type);
|
|
|
|
$question->setText($text);
|
2020-03-27 10:29:30 +01:00
|
|
|
|
|
|
|
$question = $this->questionMapper->insert($question);
|
|
|
|
|
|
|
|
return new Http\JSONResponse($question->getId());
|
|
|
|
}
|
|
|
|
|
2020-04-04 00:00:04 +02:00
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
* @param int $id QuestionId of question to update
|
|
|
|
* @param array $keyvalues Array of key=>value pairs to update.
|
|
|
|
*/
|
|
|
|
public function updateQuestion(int $id, array $keyvalues): Http\JSONResponse {
|
|
|
|
$this->logger->debug('Updating question: questionId: {id}, values: {keyvalues}', [
|
|
|
|
'id' => $id,
|
|
|
|
'keyvalues' => $keyvalues
|
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
|
|
|
$question = $this->questionMapper->findById($id);
|
|
|
|
$form = $this->formMapper->find($question->getFormId());
|
|
|
|
} catch (IMapperException $e) {
|
|
|
|
$this->logger->debug('Could not find question or form');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
|
|
|
$this->logger->debug('This form is not owned by the current user');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
$question = Question::fromParams($keyvalues);
|
|
|
|
$question->setId($id);
|
|
|
|
|
|
|
|
$this->questionMapper->update($question);
|
|
|
|
|
|
|
|
return new Http\JSONResponse($question->getId());
|
|
|
|
}
|
|
|
|
|
2020-03-27 10:29:30 +01:00
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
|
|
|
public function deleteQuestion(int $id): Http\JSONResponse {
|
|
|
|
$this->logger->debug('Delete question: {id}', [
|
|
|
|
'id' => $id,
|
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
|
|
|
$question = $this->questionMapper->findById($id);
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->formMapper->find($question->getFormId());
|
2020-03-27 10:29:30 +01:00
|
|
|
} catch (IMapperException $e) {
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->logger->debug('Could not find form or question');
|
2020-03-27 10:29:30 +01:00
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->logger->debug('This form is not owned by the current user');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->optionMapper->deleteByQuestion($id);
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->questionMapper->delete($question);
|
|
|
|
|
|
|
|
return new Http\JSONResponse($id);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
public function newOption(int $formId, int $questionId, string $text): Http\JSONResponse {
|
|
|
|
$this->logger->debug('Adding new option: formId: {formId}, questionId: {questionId}, text: {text}', [
|
2020-03-27 10:29:30 +01:00
|
|
|
'formId' => $formId,
|
|
|
|
'questionId' => $questionId,
|
|
|
|
'text' => $text,
|
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->formMapper->find($formId);
|
2020-03-27 10:29:30 +01:00
|
|
|
$question = $this->questionMapper->findById($questionId);
|
|
|
|
} catch (IMapperException $e) {
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->logger->debug('Could not find form or question so option can\'t be added');
|
2020-03-27 10:29:30 +01:00
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->logger->debug('This form is not owned by the current user');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($question->getFormId() !== $formId) {
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->logger->debug('This question is not part of the current form');
|
2020-03-27 10:29:30 +01:00
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$option = new Option();
|
2020-03-27 10:29:30 +01:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$option->setQuestionId($questionId);
|
|
|
|
$option->setText($text);
|
2020-03-27 10:29:30 +01:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$option = $this->optionMapper->insert($option);
|
2020-03-27 10:29:30 +01:00
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
return new Http\JSONResponse($option->getId());
|
2020-03-27 10:29:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
2020-03-30 13:48:14 +02:00
|
|
|
public function deleteOption(int $id): Http\JSONResponse {
|
|
|
|
$this->logger->debug('Deleting option: {id}', [
|
2020-03-27 10:29:30 +01:00
|
|
|
'id' => $id
|
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$option = $this->optionMapper->findById($id);
|
|
|
|
$question = $this->questionMapper->findById($option->getQuestionId());
|
|
|
|
$form = $this->formMapper->find($question->getFormId());
|
2020-03-27 10:29:30 +01:00
|
|
|
} catch (IMapperException $e) {
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->logger->debug('Could not find form or option');
|
2020-03-27 10:29:30 +01:00
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
2020-03-27 10:29:30 +01:00
|
|
|
$this->logger->debug('This form is not owned by the current user');
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
$this->optionMapper->delete($option);
|
2020-03-27 10:29:30 +01:00
|
|
|
|
|
|
|
//TODO useful response
|
|
|
|
return new Http\JSONResponse($id);
|
|
|
|
}
|
2020-03-28 11:16:14 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @NoAdminRequired
|
|
|
|
*/
|
|
|
|
public function getSubmissions(string $hash): Http\JSONResponse {
|
|
|
|
try {
|
2020-03-30 13:48:14 +02:00
|
|
|
$form = $this->formMapper->findByHash($hash);
|
2020-03-28 11:16:14 +01:00
|
|
|
} catch (IMapperException $e) {
|
|
|
|
return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
|
2020-03-30 13:48:14 +02:00
|
|
|
if ($form->getOwnerId() !== $this->userId) {
|
2020-03-28 11:16:14 +01:00
|
|
|
return new Http\JSONResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
$result = [];
|
2020-03-30 13:48:14 +02:00
|
|
|
$submissionList = $this->submissionMapper->findByForm($form->getId());
|
|
|
|
foreach ($submissionList as $submissionEntity) {
|
|
|
|
$answerList = $this->answerMapper->findBySubmission($submissionEntity->id);
|
|
|
|
foreach ($answerList as $answerEntity) {
|
|
|
|
$answer = $answerEntity->read();
|
|
|
|
//Temporary Adapt Data to be usable by old Results-View
|
|
|
|
$answer['userId'] = $submissionEntity->getUserId();
|
|
|
|
|
|
|
|
$question = $this->questionMapper->findById($answer['questionId']);
|
|
|
|
$answer['questionText'] = $question->getText();
|
|
|
|
$answer['questionType'] = $question->getType();
|
|
|
|
|
|
|
|
$result[] = $answer;
|
|
|
|
}
|
2020-03-28 11:16:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return new Http\JSONResponse($result);
|
|
|
|
}
|
2019-05-14 01:15:45 +02:00
|
|
|
}
|