Add UserPrivilege enum, provide better 404 information

2017-03-12 15:37:23 -04:00 · 2017-03-12 15:37:23 -04:00 · d0475b22c1
commit d0475b22c1
parent 25929d82f4
3 changed files with 30 additions and 19 deletions
--- a/api/BusinessLogic/Security/UserPrivilege.php
+++ b/api/BusinessLogic/Security/UserPrivilege.php
@ -0,0 +1,15 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: mkoch
+ * Date: 3/12/2017
+ * Time: 12:11 PM
+ */
+
+namespace BusinessLogic\Security;
+
+
+class UserPrivilege {
+    const CAN_VIEW_TICKETS = 'can_view_tickets';
+    const CAN_REPLY_TO_TICKETS = 'can_reply_tickets';
+}
--- a/api/BusinessLogic/Tickets/Autoassigner.php
+++ b/api/BusinessLogic/Tickets/Autoassigner.php
@ -4,6 +4,7 @@ namespace BusinessLogic\Tickets;


 use BusinessLogic\Security\UserContext;
+use BusinessLogic\Security\UserPrivilege;
 use DataAccess\Categories\CategoryGateway;
 use DataAccess\Security\UserGateway;

@ -34,8 +35,8 @@ class Autoassigner {
        foreach ($potentialUsers as $potentialUser) {
            if ($potentialUser->admin ||
                (in_array($categoryId, $potentialUser->categories) &&
-                    in_array('can_view_tickets', $potentialUser->permissions) &&
-                    in_array('can_reply_tickets', $potentialUser->permissions))) {
+                    in_array(UserPrivilege::CAN_VIEW_TICKETS, $potentialUser->permissions) &&
+                    in_array(UserPrivilege::CAN_REPLY_TO_TICKETS, $potentialUser->permissions))) {
                return $potentialUser;
            }
        }
--- a/api/index.php
+++ b/api/index.php
@ -9,8 +9,10 @@ register_shutdown_function('fatalErrorShutdownHandler');
 $userContext = null;

 function handle404() {
-    http_response_code(404);
-    print json_encode('404 found');
+    print output(array(
+        'message' => "The endpoint '{$_SERVER['REQUEST_URI']}' was not found. Double-check your request and submit again.",
+        'uri' => $_SERVER['REQUEST_URI']
+    ), 404);
 }

 function before() {
@ -21,6 +23,8 @@ function before() {
 }

 function assertApiIsEnabled() {
+    global $applicationContext;
+
    return true;
 }

@ -34,14 +38,8 @@ function buildUserContext($xAuthToken) {
 }

 function errorHandler($errorNumber, $errorMessage, $errorFile, $errorLine) {
-    if ($errorNumber === E_WARNING) {
-        //-- TODO log a warning
-    } elseif ($errorNumber === E_NOTICE || $errorNumber === E_USER_NOTICE) {
-        //-- TODO log an info
-    } else {
    exceptionHandler(new Exception(sprintf("%s:%d\n\n%s", $errorFile, $errorLine, $errorMessage)));
 }
-}

 /**
 * @param $exception Exception
@ -53,16 +51,13 @@ function exceptionHandler($exception) {
        $castedException = $exception;

        print_error($castedException->title, $castedException->getMessage(), $castedException->httpResponseCode);
-    } else {
-        if (exceptionIsOfType($exception, \Core\Exceptions\SQLException::class)) {
+    } elseif (exceptionIsOfType($exception, \Core\Exceptions\SQLException::class)) {
        /* @var $castedException \Core\Exceptions\SQLException */
        $castedException = $exception;
-            print_error("Fought an uncaught exception", sprintf("%s\n\n%s", $castedException->failingQuery, $exception->getTraceAsString()));
+        print_error("Fought an uncaught SQL exception", sprintf("%s\n\n%s", $castedException->failingQuery, $exception->getTraceAsString()));
    } else {
        print_error("Fought an uncaught exception of type " . get_class($exception), sprintf("%s\n\n%s", $exception->getMessage(), $exception->getTraceAsString()));
    }
-
-    }
    // Log more stuff to logging table if possible; we'll catch any exceptions from this
    die();
 }