You are here

services_entity_resource_clean.inc in Services Entity API 7.2

File

plugins/services_entity_resource_clean.inc
View source
<?php

/**
 * This class is designed to create a very clean API that integrates with
 * the services and entity modules. We want to strip all "drupalisms" out
 * of the API. For example, there should be no [LANGUAGE_NONE][0][value] or
 * field_ in the API.
 *
 * It should be possible to create an API that is easily replicated on another
 * system.
 *
 * Much of this code is borrowed from restws module.
 */
class ServicesEntityResourceControllerClean extends ServicesEntityResourceController {

  /**
   * @see ServicesEntityResourceController::access()
   */
  public function access($op, $args) {
    if ($op == 'create') {
      list($entity_type, $data) = $args;

      // Workaround for bug in Entity API node access.
      // @todo remove once https://drupal.org/node/1780646 lands.
      if ($entity_type == 'node') {
        return isset($data['type']) ? node_access('create', $data['type']) : FALSE;
      }

      // Create a wrapper from the entity so we can call its access() method.
      $wrapper = $this
        ->createWrapperFromValues($entity_type, $data);
      return $wrapper
        ->entityAccess('create');
    }
    else {
      return parent::access($op, $args);
    }
  }
  public function create($entity_type, array $values) {
    $wrapper = $this
      ->createWrapperFromValues($entity_type, $values);

    // Check write access on each property.
    foreach (array_keys($values) as $name) {
      if (!$this
        ->propertyAccess($wrapper, $name, 'create')) {
        services_error(t("Not authorized to set property '@p'", array(
          '@p' => $name,
        )), 403);
      }
    }

    // Make sure that bundle information is present on entities that have
    // bundles. We have to do this after creating the wrapper, because the
    // name of the bundle key may differ from that of the corresponding
    // metadata property (e.g. for taxonomy terms, the bundle key is
    // 'vocabulary_machine_name', while the property is 'vocabulary').
    if ($bundle_key = $wrapper
      ->entityKey('bundle')) {
      $entity = $wrapper
        ->value();
      if (empty($entity->{$bundle_key})) {
        $entity_info = $wrapper
          ->entityInfo();
        if (isset($entity_info['bundles']) && count($entity_info['bundles']) === 1) {

          // If the entity supports only a single bundle, then use that as a
          // default. This allows creation of such entities if (as with ECK)
          // they still use a bundle key.
          $entity->{$bundle_key} = reset($entity_info['bundles']);
        }
        else {
          services_error('Missing bundle: ' . $bundle_key, 406);
        }
      }
    }
    $properties = $wrapper
      ->getPropertyInfo();
    $diff = array_diff_key($values, $properties);
    if (!empty($diff)) {
      services_error('Unknown data properties: ' . implode(' ', array_keys($diff)) . '.', 406);
    }
    $wrapper
      ->save();
    return $this
      ->get_data($wrapper, '*');
  }
  public function retrieve($entity_type, $entity_id, $fields, $revision) {
    $entity = parent::retrieve($entity_type, $entity_id, '*', $revision);
    return $this
      ->get_data(entity_metadata_wrapper($entity_type, $entity), $fields);
  }
  public function update($entity_type, $entity_id, array $values) {
    $property_info = entity_get_all_property_info($entity_type);
    $values = $this
      ->transform_values($entity_type, $property_info, $values);
    try {
      $wrapper = entity_metadata_wrapper($entity_type, $entity_id);
      foreach ($values as $name => $value) {

        // Only attempt to set properties when the new value differs from that
        // on the existing entity; otherwise, requests will fail for read-only
        // and unauthorized properties, even if they are not being changed. This
        // allows us to UPDATE a previously retrieved entity without removing
        // such properties from the payload, as long as they are unchanged.
        if (!$this
          ->propertyHasValue($wrapper, $name, $value)) {

          // We set the property before checking access so the new value
          // will be passed to the access callback. This is necesssary in
          // some cases (e.g. text-format fields) where access permissions
          // depend on the value that is being set.
          $wrapper->{$name}
            ->set($value);
          if (!$this
            ->propertyAccess($wrapper, $name, 'update')) {
            services_error(t("Not authorized to set property '@property-name'.", array(
              '@property-name' => $name,
            )), 403);
          }
        }
      }
    } catch (EntityMetadataWrapperException $e) {
      services_error($e
        ->getMessage(), 406);
    }
    $wrapper
      ->save();
    return $this
      ->get_data($wrapper, '*');
  }
  public function index($entity_type, $fields, $parameters, $page, $pagesize, $sort, $direction) {
    $property_info = entity_get_all_property_info($entity_type);
    $parameters = $this
      ->transform_values($entity_type, $property_info, $parameters);
    $sort = isset($property_info['field_' . $sort]) ? 'field_' . $sort : $sort;

    // Call the parent method, which takes care of access control.
    $entities = parent::index($entity_type, '*', $parameters, $page, $pagesize, $sort, $direction);
    foreach ($entities as $entity) {
      $return[] = $this
        ->get_data(entity_metadata_wrapper($entity_type, $entity), $fields);
    }
    return $return;
  }

  /**
   * Implements ServicesResourceControllerInterface::field().
   */
  public function field($entity_type, $entity_id, $field_name, $fields = '*', $raw = FALSE) {
    $entity = entity_load_single($entity_type, $entity_id);
    if (!$entity) {
      services_error('Entity not found', 404);
    }
    $field_name = preg_replace('/^field_/', '', $field_name);

    // The metadata wrapper checks entity_access() on each entity in the field.
    $return = $this
      ->get_data(entity_metadata_wrapper($entity_type, $entity), $field_name);
    return $return;
  }

  /**
   * Return the data structure for an entity stripped of all "drupalisms" such as
   * field_ and complex data arrays.
   *
   * @param type $wrapper
   * @return type
   */
  protected function get_data($wrapper, $fields = '*') {
    if ($fields != '*') {
      $fields_array = explode(',', $fields);
    }
    $data = array();
    $filtered = $this
      ->property_access_filter($wrapper);
    foreach ($filtered as $name => $property) {

      // We don't want 'field_' at the beginning of fields. This is a drupalism and shouldn't be in the api.
      $name = preg_replace('/^field_/', '', $name);

      // If fields is set and it isn't one of them, go to the next.
      if ($fields != '*' && !in_array($name, $fields_array)) {
        continue;
      }
      try {
        if ($property instanceof EntityDrupalWrapper) {

          // For referenced entities only return the URI.
          if ($id = $property
            ->getIdentifier()) {
            $data[$name] = $this
              ->get_resource_reference($property
              ->type(), $id);
          }
        }
        elseif ($property instanceof EntityValueWrapper) {
          $data[$name] = $property
            ->value();
        }
        elseif ($property instanceof EntityListWrapper || $property instanceof EntityStructureWrapper) {
          $data[$name] = $this
            ->get_data($property);
        }
      } catch (EntityMetadataWrapperException $e) {

        // A property causes problems - ignore that.
      }
    }

    // If bundle = entity_type, don't send it.
    if (method_exists($wrapper, 'entityInfo')) {
      $entity_info = $wrapper
        ->entityInfo();
      if (isset($entity_info['bundle keys'])) {
        foreach ($entity_info['bundle keys'] as $bundle_key) {
          if (array_key_exists($bundle_key, $data) && $data[$bundle_key] == $wrapper
            ->type()) {
            unset($data[$bundle_key]);
          }
        }
      }
    }
    return $data;
  }

  /**
   * Return a resource reference array.
   *
   * @param type $resource
   * @param type $id
   * @return type
   */
  protected function get_resource_reference($resource, $id) {
    $return = array(
      'uri' => services_resource_uri(array(
        'entity_' . $resource,
        $id,
      )),
      'id' => $id,
      'resource' => $resource,
    );
    if (module_exists('uuid') && entity_get_info($resource)) {
      $ids = entity_get_uuid_by_id($resource, array(
        $id,
      ));
      if ($id = reset($ids)) {
        $return['uuid'] = $id;
      }
    }
    return $return;
  }

  /**
   * Filters out properties where view access is not allowed for the current user.
   *
   * @param EntityMetadataWrapper $wrapper
   *   EntityMetadataWrapper that should be checked.
   *
   * @return
   *   An array of properties where access is allowed, keyed by their property
   *   name.
   */
  protected function property_access_filter($wrapper) {
    $filtered = array();
    foreach ($wrapper as $name => $property) {
      try {
        if ($property
          ->access('view')) {
          $filtered[$name] = $property;
        }
      } catch (EntityMetaDataWrapperException $e) {

        // Log the exception and ignore the property. This is known to happen
        // when attempting to access the 'book' property of a non-book node.
        // In such cases Entity API erroneously throws an exception.
        // @see https://drupal.org/node/2051087 and linked issues.
        watchdog('services_entity', 'Exception testing access to property @p: @e', array(
          '@p' => $name,
          '@e' => $e
            ->getMessage(),
        ), WATCHDOG_WARNING);
      }
    }
    return $filtered;
  }

  /**
   * Checks for field_ prefix for each field and adds it if necessary.
   *
   * @param type $values
   * @return type
   */
  protected function transform_values($entity_type, $property_info, $values) {
    foreach ($values as $key => $value) {

      // Handle Resource references so we can pass pack the object.
      if (is_array($value) && isset($value['id'])) {
        $values[$key] = $value['id'];
      }

      // Check if this is actually a field_ value
      if (isset($property_info['field_' . $key])) {
        $values['field_' . $key] = $values[$key];
        unset($values[$key]);
      }
    }
    return $values;
  }

  /**
   * Overridden to translate metadata property name to schema field.
   *
   * @see ServicesEntityResourceController::propertyQueryOperation()
   */
  protected function propertyQueryOperation($entity_type, EntityFieldQuery $query, $operation, $property, $value) {
    $info = entity_get_all_property_info($entity_type);
    $field = isset($info[$property]['schema field']) ? $info[$property]['schema field'] : $property;
    try {
      parent::propertyQueryOperation($entity_type, $query, $operation, $field, $value);
    } catch (ServicesException $e) {

      // Intercept a services exception and correct the property name.
      services_error(t('Parameter @prop does not exist', array(
        '@p' => $property,
      )), 406);
    }
  }

  /**
   * Helper function to create a wrapped entity from provided data values.
   *
   * @param $entity_type
   *   The type of entity to be created.
   * @param $values
   *   Array of data property values.
   * @return EntityDrupalWrapper
   *   The wrapped entity.
   * @todo the created wrapper should probably be statically cached, so we
   * don't have to build it twice (first on access() and again on create()).
   */
  protected function createWrapperFromValues($entity_type, array &$values) {
    $property_info = entity_get_all_property_info($entity_type);
    $values = $this
      ->transform_values($entity_type, $property_info, $values);
    try {
      $wrapper = entity_property_values_create_entity($entity_type, $values);
    } catch (EntityMetadataWrapperException $e) {
      services_error($e
        ->getMessage(), 406);
    }
    return $wrapper;
  }

  /**
   * Determine whether a wrapper property has a specified value.
   *
   * @param \EntityMetadataWrapper $wrapper
   *   The wrapper whose property is to be checked.
   * @param $name
   *   The name of the property to check.
   * @param mixed $value
   *   The value to compare it to. May be a wrapper, identifier or raw value.
   *
   * @return boolean
   *   TRUE if the property's current value is equal to the given value. FALSE
   *   if they are different.
   */
  protected function propertyHasValue(EntityMetadataWrapper $wrapper, $name, $value) {
    $property = $wrapper->{$name};
    if ($property instanceof EntityDrupalWrapper) {
      if ($value instanceof EntityDrupalWrapper) {
        return $value
          ->getIdentifier() == $property
          ->getIdentifier();
      }
      elseif (is_numeric($value)) {
        return $value == $property
          ->getIdentifier();
      }
    }
    return $value == $property
      ->value();
  }

  /**
   * Check access on an entity metadata property.
   *
   * This is a wrapper around EntityMetadataWrapper::access() because that
   * makes no distinction between 'create' and 'update' operations.
   *
   * @param EntityDrupalWrapper $wrapper
   *   The wrapped entity for which the property access is to be checked.
   * @param string $name
   *   The wrapper name of the property whose access is to be checked.
   * @param string $op
   *   One of 'create', 'update' or 'view'.
   *
   * @return bool
   *   TRUE if the current user has access to set the property, FALSE otherwise.
   */
  protected function propertyAccess($wrapper, $name, $op) {
    $property = $wrapper->{$name};
    $info = $property
      ->info();
    switch ($op) {
      case 'create':

        // Don't check access on bundle for new entities. Otherwise,
        // property access checks will fail for, e.g., node type, which
        // requires the 'administer nodes' permission to set.
        // @see entity_metadata_node_entity_property_info().
        if (isset($info['schema field']) && $info['schema field'] == $wrapper
          ->entityKey('bundle')) {
          return TRUE;
        }

        // Don't check access on node author if set to the current user.
        if ($wrapper
          ->type() == 'node' && $name == 'author' && $wrapper
          ->value()->uid == $GLOBALS['user']->uid) {
          return TRUE;
        }

      // No break: no special cases apply, so contine as for 'update'.
      case 'update':

        // This is a hack to check format access for text fields.
        // @todo remove once this is handled properly by core or Entity API.
        // @see https://drupal.org/node/2065021
        if ($property
          ->type() == 'text_formatted' && $property->format
          ->value()) {
          $format = (object) array(
            'format' => $property->format
              ->value(),
          );
          if (!filter_access($format)) {
            return FALSE;
          }
        }

        // Entity API create access is currently broken for nodes.
        // @todo remove this check once https://drupal.org/node/1780646 is fixed.
        // @see also https://drupal.org/node/1865102
        if ($op == 'create' && $wrapper
          ->type() == 'node') {
          return TRUE;
        }

        // Finally, use the property access.
        return $property
          ->access('edit');
      case 'view':
        return $property
          ->access('view');
    }
  }

}

Classes

Namesort descending Description
ServicesEntityResourceControllerClean This class is designed to create a very clean API that integrates with the services and entity modules. We want to strip all "drupalisms" out of the API. For example, there should be no [LANGUAGE_NONE][0][value] or field_ in the API.