lull/Generic.controller.php at master · altef/lull · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
<?php
/**
 * An generic table updater API endpoint controller.
 * Only works on tables with a primary key on a single field.
 * Written by Bradley Gill
 * altered effect (http://alteredeffect.com)
 * bradgill@gmail.com
 */
class Generic extends Controller {

	private $tables = array('test'); // A white-list of tables generic can update

	/**
	 * Return a row, or all rows.
	 * ex: GET generic/tablename
	 * ex: GET generic/tablename/keyvalue
	 */
	public function get( $chunks ) {
		global $database;

		$table = $this->getTable( $chunks );
		$pri = $this->pri( $this->fields( $table ) );

		// Return all, or if a key is specified return that
		$data = array();
		$id = array_shift( $chunks );

		if ( isEmpty( $id ) ) {
			// Get all
			$stmt = $database->query( 'SELECT * FROM `' . $table.'`' );
			return $stmt->fetchAll(PDO::FETCH_ASSOC);
		} else {

			// Get one
			$stmt = $database->prepare( 'SELECT * FROM `' . $table . '` WHERE `'.$pri['Field'].'`=:value' );
			$stmt->execute( array('value'=>$id) );
			return $stmt->fetchAll(PDO::FETCH_ASSOC);
		}
	}


	/**
	 * Update an entry.
	 * ex: PUT generic/tablename/keyvalue, updates any fields passed in the JSON encoded payload
	 * ex: PUT generic/tablename/keyvalue/fieldname, only updates fieldname
	 */
	public function put( $chunks ) {
		global $database;

		$table = $this->getTable( $chunks );
		$fields = $this->fields( $table );
		$pri = $this->pri( $fields );
		$id = array_shift( $chunks );
		if ( isEmpty( $id ) ) {
			Controller::error(400, 'Row unspecified.');
		}

		$data = Controller::getData('put');
		$in = array();

		// Check for field;
		$field = array_shift( $chunks );
		if ( !isEmpty( $field ) ) {
			if ( $field == $pri['Field'] ) {
				Controller::error(406, 'Can\'t update the primary key');
			}
			$fields = array( array('Field'=>$field,'Key'=>'')); // Only update one
		}

		$q = 'UPDATE `'.$table.'` SET ';
		foreach( $fields as $f ) {
			if ( $f['Key'] != 'PRI' and array_key_exists( $f['Field'], $data )) {
				$q .= '`'.$f['Field'].'`=:'.$f['Field'].',';
				$in[$f['Field']] = $data[$f['Field']];
			}
		}
		$q = trim( $q,',' );
		$q .= ' WHERE `' . $pri['Field'].'`=:key';
		$in['key'] = $id;

		try {
			$stmt = $database->prepare( $q );
			$stmt->execute( $in );
		} catch (PDOException $e) {
			echo $q;
			Controller::error(400,'Bad query');
		}
		return $stmt->errorCode() == 0;
	}


	/**
	 * Adds a new row.
	 * ex: POST generic/tablename
	 */
	public function post( $chunks ) {
		// Add an entry
		global $database;

		$table = $this->getTable( $chunks );
		$fields = $this->fields( $table );


		$data = Controller::getData('post');
		$in = array();

		$q = 'INSERT INTO `'.$table.'` SET ';
		foreach( $fields as $f ) {
			if ( array_key_exists( $f['Field'], $data )) {
				$q .= '`'.$f['Field'].'`=:'.$f['Field'].',';
				$in[$f['Field']] = $data[$f['Field']];
			}
		}
		$q = trim( $q,',' );

		try {
			$stmt = $database->prepare( $q );
			$stmt->execute( $in );
		} catch (PDOException $e) {
			Controller::error(400,'Bad query');
		}
		return $stmt->errorCode() == 0;
	}


	/**
	 * Deletes a row.
	 * ex: DELETE generic/tablename/keyvalue
	 */
	public function delete( $chunks ) {
		// Delete an entry
		global $database;

		$table = $this->getTable( $chunks );
		$pri = $this->pri( $this->fields( $table ) );
		$id = array_shift( $chunks );
		if ( isEmpty( $id ) ) {
			Controller::error(400, 'Row unspecified.');
		}

		$data = Controller::getData('delete');
		$in = array();


		$q = 'DELETE FROM `'.$table.'` WHERE `' . $pri['Field'].'`=:key';
		$in['key'] = $id;

		try {
			$stmt = $database->prepare( $q );
			$stmt->execute( $in );
		} catch (PDOException $e) {
			Controller::error(400,'Bad query');
		}
		return $stmt->errorCode() == 0;
	}


	/**
	 * Figures out the table name.
	 */
	private function getTable( &$chunks ) {
		$table = array_shift( $chunks );
		if ( $table == null || !in_array( $table, $this->tables )) {
			Controller::error( 400, 'Specify a valid table.' );
		}
		return $table;
	}


	/**
	 * Returns the field entry for the primary key
	 * @param $fields list (from $this->fields(...))
	 */
	private function pri( $fields ) {
		$pri = null;
		foreach( $fields as $f ) {
			if ( $f['Key'] == 'PRI' ) {
				if ( $pri != null ) {
					Controller::error( 501, 'Invalid table - must have one primary key.' );
				}
				$pri = $f;
			}
		}
		return $pri;
	}


	/**
	 * Returns a list of field objects.
	 * @param $table name.
	 */
	private function fields( $table ) {
		global $database;
		$stmt = $database->prepare( 'SHOW COLUMNS FROM `'.$table.'`' );
		try {
			$stmt->execute(  );
		} catch( PDOException $e ) {
			Controller::error( 503, 'Cannot access table '. $table );
		}

		$desc = $stmt->fetchAll(PDO::FETCH_ASSOC);
		return $desc;
	}
}


?>