liam-linux-account-manager/model/eventdirectory.php

76 lines
3.3 KiB
PHP
Raw Normal View History

2021-11-16 15:11:32 +01:00
<?php
/**
* Class for reading from the list of all *Event objects in the database.
*/
class EventDirectory extends DBDirectory {
/**
* List events of all types stored in the database ordered from most recent.
* @param array $include list of extra data to include in response - currently unused
* @param array $filter list of field/value pairs to filter results on
* @param int|null $limit max results to return
* @return array of *Event objects
*/
public function list_events($include = array(), $filter = array(), $limit = 100) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array(
'server' => array("se.id", "se.server_id", "NULL as `entity_id`", "se.actor_id", "se.date", "se.details"),
'group' => array("ee.id", "NULL AS server_id", "ee.entity_id", "ee.actor_id", "ee.date", "ee.details")
);
$joins = array('server' => array(), 'group' => array());
$where = array('server' => array(), 'group' => array());
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'admin':
// Filter for events from servers that the user is an admin of
$joins['server']['adminsearch'] = "INNER JOIN server_admin AS admin_search ON admin_search.server_id = se.server_id";
$where['server'][] = "admin_search.entity_id = ".intval($value);
// Filter for events from server accounts or groups that the user is an admin of
// (possibly indirectly for the former as a result of being server admin)
$joins['group']['adminsearch'] = "LEFT JOIN entity_admin AS admin_search ON admin_search.entity_id = ee.entity_id";
$joins['group']['account'] = "LEFT JOIN server_account AS sa ON sa.entity_id = ee.entity_id";
$joins['group']['server'] = "LEFT JOIN server AS s ON s.id = sa.server_id";
$joins['group']['parentadminsearch'] = "LEFT JOIN server_admin AS parent_admin_search ON parent_admin_search.server_id = s.id";
$where['group'][] = "admin_search.admin = ".intval($value)." OR parent_admin_search.entity_id = ".intval($value);
break;
}
}
}
$stmt = $this->database->prepare("
(SELECT ".implode(", ", $fields['server']).", 'server' AS event_type
FROM server_event se ".implode(" ", $joins['server'])."
".(count($where['server']) == 0 ? "" : "WHERE (".implode(") AND (", $where['server']).")")."
GROUP BY se.id
ORDER BY se.id DESC)
UNION
(SELECT ".implode(", ", $fields['group']).", e.type AS event_type
FROM entity_event ee ".implode(" ", $joins['group'])."
INNER JOIN entity e ON e.id = ee.entity_id
".(count($where['group']) == 0 ? "" : "WHERE (".implode(") AND (", $where['group']).")")."
GROUP BY ee.id
ORDER BY ee.id DESC)
ORDER BY `date` DESC, id DESC
".(is_null($limit) ? '' : 'LIMIT '.intval($limit))."
");
$stmt->execute();
$result = $stmt->get_result();
$events = array();
while($row = $result->fetch_assoc()) {
if($row['event_type'] == 'server') {
$events[] = new ServerEvent($row['id'], $row);
} elseif($row['event_type'] == 'user') {
$events[] = new UserEvent($row['id'], $row);
} elseif($row['event_type'] == 'server account') {
$events[] = new ServerAccountEvent($row['id'], $row);
} elseif($row['event_type'] == 'group') {
$events[] = new GroupEvent($row['id'], $row);
}
}
$stmt->close();
return $events;
}
}
class EventNotFoundException extends Exception {}