UserApiHandler.inc.php

<?php
// import the base Handler
import('lib.pkp.classes.handler.PKPHandler');
 
// import JSON class for API responses
import('lib.pkp.classes.core.JSONMessage');
 
class UserApiHandler extends PKPHandler {
 
   //
   // Implement template methods from PKPHandler
   //
   function authorize($request, &$args, $roleAssignments) {
      import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy');
      $this->addPolicy(new PKPSiteAccessPolicy(
         $request,
         array('updateUserMessageState', 'suggestUsername'),
         SITE_ACCESS_ALL_ROLES
      ));
      return parent::authorize($request, $args, $roleAssignments);
   }
 
 
   //
   // Public handler methods
   //
   function updateUserMessageState($args, $request) {
      // Exit with a fatal error if request parameters are missing.
      if (!(isset($args['setting-name'])) && isset($args['setting-value'])) {
         fatalError('Required request parameter "setting-name" or "setting-value" missing!');
      }
 
      // Retrieve the user from the session.
      $user = $request->getUser();
      assert(is_a($user, 'User'));
 
      // Validate the setting.
      // FIXME: We don't have to retrieve the setting type (which is always bool
      // for user messages) but only whether the setting name is valid and the
      // value is boolean.
      $settingName = $args['setting-name'];
      $settingValue = $args['setting-value'];
      $settingType = $this->_settingType($settingName);
      switch($settingType) {
         case 'bool':
            if (!($settingValue === 'false' || $settingValue === 'true')) {
               // Exit with a fatal error when the setting value is invalid.
               fatalError('Invalid setting value! Must be "true" or "false".');
            }
            $settingValue = ($settingValue === 'true' ? true : false);
            break;
 
         default:
            // Exit with a fatal error when an unknown setting is found.
            fatalError('Unknown setting!');
      }
 
      // Persist the validated setting.
      $userSettingsDao = DAORegistry::getDAO('UserSettingsDAO'); /* @var $userSettingsDao UserSettingsDAO */
      $userSettingsDao->updateSetting($user->getId(), $settingName, $settingValue, $settingType);
 
      // Return a success message.
      return new JSONMessage(true);
   }
 
 
   function suggestUsername($args, $request) {
      $suggestion = Validation::suggestUsername(
         $request->getUserVar('givenName'),
         $request->getUserVar('familyName')
      );
 
      return new JSONMessage(true, $suggestion);
   }
 
   function _settingType($settingName) {
      // Settings whitelist.
      static $allowedSettings = array(
         'citation-editor-hide-intro' => 'bool',
         'citation-editor-hide-raw-editing-warning' => 'bool'
      );
 
      // Identify the setting type.
      if (isset($allowedSettings[$settingName])) {
         return $allowedSettings[$settingName];
      } else {
         return null;
      }
   }
}