fix api for navigation, usermodel, usersearch

content/00-welcome/05-todos.md

@@ -92,34 +92,34 @@
 * DONE: Backend form builder
 * DONE: Image generation on the fly
 * DONE: Delete folder in base level
-* Make folder delete easier with glob or scandir
-* Handle formdata centrally ???
-* Markdown secure rendering
+* DONE: Make folder delete easier with glob or scandir
+* DONE: fix error messages (check models)
+* DONE: error status codes (check middleware)
+* DONE: Warn if open another block
+* DONE: Customfields not styled yet
+* DOING: Fix error api systemnavi + validate
 * Responsive design
 * Captcha integration
-* Fix error api systemnavi
 * Reference feature
 * Typemill Utilities
+* Handle formdata centrally ???
+* Markdown secure rendering
+* Wrong frontend navigation if unpublished pages
+* finish youtube component
+* Solution for logo and favicon
+
+## later
+
 * Clear cache
 * Show security Log
 * User search only for +10 users
-* DONE: fix error messages (check models)
-* DONE: error status codes (check middleware)
-* Wrong frontend navigation if unpublished pages
-* Customfields not styled yet.
-* Warn if open another block
-* finish youtube component
-* Solution for logo and favicon
 * For api translations should be done completely in backoffice
 
 ## Cleanups:
 
 * DONE: Events
 * DONE: Error messages
-* Translations
-* https://stackoverflow.com/questions/15041608/searching-all-files-in-folder-for-strings
-* https://github.com/skfaisal93/AnyWhereInFiles/blob/master/anywhereinfiles-1.4.php
-* https://github.com/stephenhodgkiss/extract-translation-text-from-php-js
+* DONE: Translations
 
 ## Info: Select userroles
 

content/00-welcome/05-todos.txt

@@ -1 +0,0 @@
-["# ToDos Version 2","[TOC]","## System settings","* DONE: Migrate from backend to frontend with vue and api\n* DONE: Redesign\n* DONE: License feature\n* DONE: Enhance with plugins","## Visual Editor","* DONE: Refactor and redesign\n* DONE: Fix toc component in new block\n* DONE: Fix hr component in new block\n* DONE: finish shortcode component\n* DONE: Fix inline formats\n* DONE: fix lenght of page\n* DONE: Fix design of new block at the end (background color)\n* DONE: Move Block\n* DONE: Fix headline design\n* DONE: Fix save on two enter\n* DONE:  fix quote design\n* DONE: Fix toc preview\n* DONE: disable enable \n* DONE: Add load sign (from navigation)\n* DONE: File is not published from tmp to media\/files if you save the block.","## Raw Editor","* DONE: Refactor and redesign\n* DONE: Integrate highlighting","## Navigation","* DONE: Refactor and redesign\n* DONE: fix status in navigation\n* DONE: refresh navigation after changes","## Publish Controller","* DONE: Refactor and redesign\n* DONE: Create \n* DONE: publish\n* DONE: unpublish\n* DONE: discard\n* DONE: delete\n* DONE: save draft\n* DONE: switch to raw","## Meta Tabs","* DONE: Refactor and redesign\n* DONE: Enhance with plugins","## Medialib","* DONE: Refactor and redesign","## Posts","* DONE: Refactor and redesign","## Plugins","* Asset Class in progress","## Frontend","* DONE: Refactor\n* DONE: Test restrictions","## Other big tasks","* DONE: System setup\n* DONE: Recover Password","## Medium tasks","* DONE: Merge processAssets modell\n* DONE: Table of content duplicated for published pages\n* DONE: Session handling: csrf fail and session start error if restrictions are active\n* DONE: Image and files for meta","## Open tasks","* DONE: Sitemap and ping\n* DONE: Version check\n* DONE: Proxy support\n* DONE: SVG checker: https:\/\/github.com\/TribalSystems\/SVG-Sanitizer\n* DONE: Backend form builder\n* DONE: Image generation on the fly\n* DONE: Delete folder in base level\n* DONE: Make folder delete easier with glob or scandir\n* DONE: fix error messages (check models)\n* DONE: error status codes (check middleware)\n* DONE: Warn if open another block\n* DONE: Customfields not styled yet\n* Responsive design\n* Fix error api systemnavi\n* Captcha integration\n* Reference feature\n* Typemill Utilities\n* Clear cache\n* Show security Log\n* User search only for +10 users\n* Handle formdata centrally ???\n* Markdown secure rendering\n* Wrong frontend navigation if unpublished pages\n* finish youtube component\n* Solution for logo and favicon\n* For api translations should be done completely in backoffice","## Cleanups:","* DONE: Events\n* DONE: Error messages\n* Translations\n* https:\/\/stackoverflow.com\/questions\/15041608\/searching-all-files-in-folder-for-strings\n* https:\/\/github.com\/skfaisal93\/AnyWhereInFiles\/blob\/master\/anywhereinfiles-1.4.php\n* https:\/\/github.com\/stephenhodgkiss\/extract-translation-text-from-php-js","## Info: Select userroles","* Userroles for file restriction: in vue-blox-components loaded via api\n* Userroles for userfields: in php model user getUserFields()\n* Userroles for meta: in php controller apiAuthorMeta getMeta()\n* Plugins and themes: in php model extension getThemeDefinitions()","## Info: License Check","* On activation in apiControllerExtension. It checks the license in yaml.\n* In plugin php code with setPremiumLicense\n* In static plugins, it checks manual premium list and method setPremiumLicense and more ","## Plugins","* MAKER: Rebuild search\n* MAKER: Rebuild contactform with shortcode","## Status codes","| Status code | Description | \n|---|---|\n| 200 ok | cell | \n| 400 bad request | The request was unacceptable due to missing or invalid parameter. | \n| 401 unauthorized | The request requires an authorization. | \n| (402 request failed) | The parameters where there but the request failed for other reasons. | \n| 403 forbidden | The user is authenticated but he has not enough rights. | \n| 404 not found | new | \n| 500 internal server error | new |"]

data/navigation/navi-extended.txt

@@ -38,7 +38,7 @@
     navtitle: 'To Dos'
     hide: false
     noindex: false
-    path: /00-welcome/05-todos.txtmd
+    path: /00-welcome/05-todos.md
     keyPath: '0.5'
 /cyanine-theme:
     navtitle: 'cyanine theme'

system/typemill/Controllers/ControllerApiGlobals.php

@@ -14,7 +14,8 @@ class ControllerApiGlobals extends Controller
 		$systemNavigation	= $navigation->getSystemNavigation(
 									$userrole 	= $request->getAttribute('c_userrole'),
 									$acl 		= $this->c->get('acl'),
-									$urlinfo 	= $this->c->get('urlinfo')
+									$urlinfo 	= $this->c->get('urlinfo'),
+									$dispatcher = $this->c->get('dispatcher')
 								);
 
 		# won't work because api has no session, instead you have to pass user

system/typemill/Controllers/ControllerApiSystemUsers.php

@@ -10,24 +10,26 @@ use Typemill\Static\Translations;
 
 class ControllerApiSystemUsers extends Controller
 {
-	# getCurrentUser
-	# getUserByName
-
-	#returns userdata
+	#returns userdata no in use???
 	public function getUsersByNames(Request $request, Response $response, $args)
 	{
 		$usernames 		= $request->getQueryParams()['usernames'] ?? false;
 		$user			= new User();
 		$userdata 		= [];
 
-		if($usernames)
+		$validate		= new Validation();		
+
+		if($usernames && is_array($usernames))
 		{
 			foreach($usernames as $username)
 			{
-				$existinguser = $user->setUser($username);
-				if($existinguser)
+				if($validate->username(['username' => $username]))
 				{
-					$userdata[] = $user->getUserData();
+					$existinguser = $user->setUser($username);
+					if($existinguser)
+					{
+						$userdata[] = $user->getUserData();
+					}
 				}
 			}
 		}
@@ -46,14 +48,20 @@ class ControllerApiSystemUsers extends Controller
 		$user			= new User();
 		$userdata 		= [];
 
-		$usernames 		= $user->findUsersByEmail($email);
+		$validate		= new Validation();
+		$valresult 		= $validate->emailsearch(['email' => $email]);
 
-		if($usernames)
+		if($valresult)
 		{
-			foreach($usernames as $username)
+			$usernames 		= $user->findUsersByEmail($email);
+
+			if($usernames)
 			{
-				$user->setUser($username);
-				$userdata[] = $user->getUserData();
+				foreach($usernames as $username)
+				{
+					$user->setUser($username);
+					$userdata[] = $user->getUserData();
+				}
 			}
 		}
 
@@ -71,14 +79,21 @@ class ControllerApiSystemUsers extends Controller
 		$user			= new User();
 		$userdata 		= [];
 
-		$usernames 		= $user->findUsersByRole($role);
+		$userroles 		= $this->c->get('acl')->getRoles();
 
-		if($usernames)
+		if($role && in_array($role, $userroles))
 		{
-			foreach($usernames as $username)
+			$usernames 		= $user->findUsersByRole($role);
+
+			if($usernames)
 			{
-				$user->setUser($username);
-				$userdata[] = $user->getUserData();
+				foreach($usernames as $username)
+				{
+					if($user->setUser($username))
+					{
+						$userdata[] = $user->getUserData();
+					}
+				}
 			}
 		}
 

system/typemill/Middleware/ApiAuthentication.php

@@ -119,8 +119,10 @@ class ApiAuthentication
 
 		$response = new Response();
 
-		$response->getBody()->write('Access not allowed.');
-
+		$response->getBody()->write(json_encode([
+			'message' => 'Authentication required.'
+		]));
+		
 		return $response->withStatus(401);
 	}
 }

system/typemill/Models/User.php

@@ -217,7 +217,7 @@ class User
 		}
 	}
 	
-	public function generatePassword($password)
+	public function generatePassword(string $password)
 	{
 		return \password_hash($password, PASSWORD_DEFAULT, ['cost' => 10]);
 	}
@@ -232,7 +232,7 @@ class User
 */
 
 	# accepts email with or without asterix and returns userdata
-	public function findUsersByEmail($email)
+	public function findUsersByEmail(string $email)
 	{
 		$usernames = [];
 
@@ -269,7 +269,7 @@ class User
 		}
 	}
 
-	private function searchEmailSimple($usernames, $email)
+	private function searchEmailSimple(array $usernames, string $email)
 	{
 		foreach($usernames as $username)
 		{
@@ -284,7 +284,7 @@ class User
 		return false;
 	}
 
-	private function searchEmailByIndex($email)
+	private function searchEmailByIndex(string $email)
 	{
 		# if there are more than 10 users, search with an index
 		$usermails 	= $this->getUserMailIndex();
@@ -388,7 +388,9 @@ class User
 
 		foreach($usernames as $username)
 		{
-			$userdata = $this->getSecureUser($username);
+
+			$this->setUser($username);
+			$userdata = $this->getUserData();
 
 			$userroleindex[$userdata['userrole']][] = $username;
 		}
@@ -400,12 +402,15 @@ class User
 
 	protected function deleteUserIndex()
 	{
-		$userDir = __DIR__ . '/../../settings/users';
-				
-		if(file_exists($userDir . DIRECTORY_SEPARATOR . 'tmuserindex-mail.txt'))
+
+		if(file_exists($this->userDir . DIRECTORY_SEPARATOR . 'tmuserindex-mail.txt'))
 		{
-			# read and return the file
-			unlink($userDir . DIRECTORY_SEPARATOR . 'tmuserindex-mail.txt');
+			unlink($this->userDir . DIRECTORY_SEPARATOR . 'tmuserindex-mail.txt');
+		}
+
+		if(file_exists($this->userDir . DIRECTORY_SEPARATOR . 'tmuserindex-role.txt'))
+		{
+			unlink($this->userDir . DIRECTORY_SEPARATOR . 'tmuserindex-role.txt');
 		}
 	}
 }

system/typemill/Models/Validation.php

@@ -303,7 +303,7 @@ class Validation
 		$v->rule('noHTML', 'firstname')->message(" contains HTML");
 		$v->rule('lengthBetween', 'firstname', 2, 40);
 		$v->rule('noHTML', 'lastname')->message(" contains HTML");
-		$v->rule('lengthBetween', 'lastname', 2, 40);		
+		$v->rule('lengthBetween', 'lastname', 2, 40);
 		$v->rule('email', 'email')->message("e-mail is invalid");
 		$v->rule('emailChanged', 'email')->message("Email already taken");
 		$v->rule('in', 'userrole', $userroles);
@@ -316,6 +316,33 @@ class Validation
 		return $v->errors();
 	}
 
+	public function username(array $params)
+	{
+		$v = new Validator($params);
+		$v->rule('required', ['username'])->message("required");
+		$v->rule('alphaNum', 'username')->message("invalid");
+		$v->rule('lengthBetween', 'username', 3, 20)->message("Length between 3 - 20");
+		if($v->validate()) 
+		{
+			return true;
+		}
+		return false;
+	}
+
+	public function emailsearch(array $params)
+	{
+		# param can be "trend*"
+		$v = new Validator($params);
+		$v->rule('required', ['email'])->message("required");
+		$v->rule('noHTML', 'email')->message(" contains HTML");
+		$v->rule('lengthBetween', 'email', 3, 50)->message("Length between 3 - 50");
+		if($v->validate()) 
+		{
+			return true;
+		}
+		return false;
+	}
+
 	public function newLicense(array $params)
 	{
 		$v = new Validator($params);