Merge pull request #3577 from aaronschachter/signup_endpoint

aaronschachter · aaronschachter · commit 23ef5fdadaec · 2014-12-02T09:20:10.000-05:00
Signup API endpoint
diff --git a/lib/modules/dosomething/dosomething_api/dosomething_api.info b/lib/modules/dosomething/dosomething_api/dosomething_api.info
@@ -6,4 +6,4 @@ dependencies[] = services
 features[ctools][] = services:services:3
 features[features_api][] = api:2
 features[services_endpoint][] = drupalapi
-mtime = 1416603771
+mtime = 1417467369
diff --git a/lib/modules/dosomething/dosomething_api/dosomething_api.services.inc b/lib/modules/dosomething/dosomething_api/dosomething_api.services.inc
@@ -60,6 +60,9 @@ function dosomething_api_default_services_endpoint() {
         ),
       ),
       'targeted_actions' => array(
+        'signup' => array(
+          'enabled' => '1',
+        ),
         'reportback' => array(
           'enabled' => '1',
         ),
diff --git a/lib/modules/dosomething/dosomething_api/resources/campaign_resource.inc b/lib/modules/dosomething/dosomething_api/resources/campaign_resource.inc
@@ -38,14 +38,13 @@ function _campaign_resource_defintion() {
             'type' => 'int',
             'description' => 'The nid of the Campaign node to signup for.',
           ),
-          // @todo: We'll want this for SMS campaigns where uid doesn't exist?
-          // array(
-          //   'name' => 'uid',
-          //   'optional' => TRUE,
-          //   'source' => array('data' => 'uid'),
-          //   'description' => 'The User uid to signup',
-          //   'type' => 'int',
-          // ),
+          array(
+            'name' => 'values',
+            'optional' => FALSE,
+            'source' => 'data',
+            'description' => 'The Signup data',
+            'type' => 'array',
+          ),
         ),
       ),
       'reportback' => array(
@@ -155,12 +154,29 @@ function _campaign_resource_index($parameters) {
 
 /**
  * Callback for Campaigns Signup targeted action.
+ *
+ * @param int $nid
+ *   The Node nid to post the signup to.
+ * @param array $values
+ *   The signup data to post. Expected keys:
+ *   - uid: The user uid (int).  Optional, uses global $user if not set.
+ *   - source (string).
  */
-function _campaign_resource_signup($nid) {
+function _campaign_resource_signup($nid, $values) {
+  global $user;
+  if (!isset($values['uid'])) {
+    $values['uid'] = $user->uid;
+  }
+  if (!isset($values['source'])) {
+    $values['source'] = NULL;
+  }
+  if (DOSOMETHING_SIGNUP_LOG_SIGNUPS) {
+    watchdog('dosomething_api', '_campaign_resource_signup values:' . json_encode($values));
+  }
   // @todo: Pass parameter into signup_create whether or not to send SMS.
   // Since SMS campaign signups would hit this endpoint, would not want 
   // to send an additional "You've signed up text".
-  return dosomething_signup_create($nid);
+  return dosomething_signup_create($nid, $values['uid'], $values['source']);
 }
 
 /**
diff --git a/lib/modules/dosomething/dosomething_signup/dosomething_signup.features.user_permission.inc b/lib/modules/dosomething/dosomething_signup/dosomething_signup.features.user_permission.inc
@@ -20,6 +20,15 @@ function dosomething_signup_user_default_permissions() {
     'module' => 'dosomething_signup',
   );
 
+  // Exported permission: 'edit any signup'.
+  $permissions['edit any signup'] = array(
+    'name' => 'edit any signup',
+    'roles' => array(
+      'administrator' => 'administrator',
+    ),
+    'module' => 'dosomething_signup',
+  );
+
   // Exported permission: 'view any signup'.
   $permissions['view any signup'] = array(
     'name' => 'view any signup',
diff --git a/lib/modules/dosomething/dosomething_signup/dosomething_signup.info b/lib/modules/dosomething/dosomething_signup/dosomething_signup.info
@@ -9,7 +9,9 @@ dependencies[] = views
 features[ctools][] = views:views_default:3.0
 features[features_api][] = api:2
 features[user_permission][] = administer third party communication
+features[user_permission][] = edit any signup
 features[user_permission][] = view any signup
 features[views_view][] = node_signups
 files[] = dosomething_signup.test
 files[] = includes/dosomething_signup.inc
+mtime = 1416603772
diff --git a/lib/modules/dosomething/dosomething_signup/dosomething_signup.module b/lib/modules/dosomething/dosomething_signup/dosomething_signup.module
@@ -3,6 +3,8 @@
  * @file
  * Code for the dosomething_signup feature.
  */
+define('DOSOMETHING_SIGNUP_LOG_MOBILECOMMONS', variable_get('dosomething_signup_log_mobilecommons') ? TRUE : FALSE);
+define('DOSOMETHING_SIGNUP_LOG_SIGNUPS', variable_get('dosomething_signup_log_signups') ? TRUE : FALSE);
 
 include_once 'dosomething_signup.features.inc';
 include_once 'dosomething_signup.forms.inc';
@@ -11,9 +13,6 @@ include_once 'dosomething_signup.theme.inc';
 include_once 'includes/dosomething_signup.mobilecommons.inc';
 include_once 'includes/dosomething_signup.variable.inc';
 
-DEFINE('DOSOMETHING_SIGNUP_LOG_MOBILECOMMONS', variable_get('dosomething_signup_log_mobilecommons') ? TRUE : FALSE);
-DEFINE('DOSOMETHING_SIGNUP_LOG_SIGNUPS', variable_get('dosomething_signup_log_signups') ? TRUE : FALSE);
-
 /**
  * Implements hook_menu().
  */
@@ -86,6 +85,10 @@ function dosomething_signup_permission() {
       'title' => t('Administer Third Party Communications'),
       'description' => t('Manage Mobile Commons/MailChimp Opt-in IDs.'),
     ),
+    'edit any signup' =>  array(
+      'title' => t('Edit any signup'),
+      'description' => t('Edit any signup.'),
+    ),
     'view any signup' =>  array(
       'title' => t('View any signup'),
       'description' => t('View any signup.'),
@@ -167,7 +170,10 @@ function dosomething_signup_create($nid, $uid = NULL, $source = NULL, $timestamp
     $entity = entity_create('signup', $values);
     // The SignupEntityController save method handles any NULL values.
     $entity->save();
-    return $entity->sid;
+    if (isset($entity->sid)) {
+      return $entity->sid;
+    }
+    return FALSE;
   }
   catch (Exception $e) {
     // Keep message general in case a user ever sees it.
diff --git a/lib/modules/dosomething/dosomething_signup/includes/dosomething_signup.inc b/lib/modules/dosomething/dosomething_signup/includes/dosomething_signup.inc
@@ -78,6 +78,7 @@ class SignupEntityController extends EntityAPIController {
    * Populates timestamp and uid automatically.
    */
   public function save($entity, DatabaseTransaction $transaction = NULL) {
+    global $user;
     if (isset($entity->is_new)) {
       if (!isset($entity->timestamp)) {
         $entity->timestamp = REQUEST_TIME;
@@ -87,6 +88,22 @@ class SignupEntityController extends EntityAPIController {
         $entity->uid = $user->uid;
       }
     }
+    // Make sure a uid exists.
+    if (!isset($entity->uid)) {
+      return FALSE;
+    }
+    // If the entity uid doesnt belong to current user:
+    if ($entity->uid != $user->uid) {
+      // And current user can't edit any reportback:
+      if (!user_access('edit any signup')) {
+        watchdog('dosomething_signup', "Attempted uid override for @entity by User @uid", 
+          array(
+            '@entity' => json_encode($entity),
+            '@uid' => $user->uid,
+          ), WATCHDOG_WARNING);
+        return FALSE;
+      }
+    }
     parent::save($entity, $transaction);
     if (DOSOMETHING_SIGNUP_LOG_SIGNUPS) {
       watchdog('dosomething_signup', json_encode($entity));
