hotcrp/api.php at master · dubeyko/hotcrp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
// api.php -- HotCRP JSON API access page
// Copyright (c) 2006-2019 Eddie Kohler; see LICENSE.

// argument cleaning
require_once("lib/navigation.php");
if (!isset($_GET["fn"])) {
    $fn = Navigation::path_component(0, true);
    if ($fn && ctype_digit($fn)) {
        if (!isset($_GET["p"]))
            $_GET["p"] = $fn;
        $fn = Navigation::path_component(1, true);
    }
    if ($fn) {
        $_GET["fn"] = $fn;
    } else if (isset($_GET["track"])) {
        $_GET["fn"] = "track";
    } else {
        http_response_code(404);
        header("Content-Type: text/plain; charset=utf-8");
        echo json_encode(["ok" => false, "error" => "API function missing"]);
        exit;
    }
}
if ($_GET["fn"] === "deadlines") {
    $_GET["fn"] = "status";
}
if (!isset($_GET["p"])
    && ($p = Navigation::path_component(1, true))
    && ctype_digit($p)) {
    $_GET["p"] = $p;
}

// trackerstatus is a special case: prevent session creation
global $Me;
if ($_GET["fn"] === "trackerstatus") {
    $Me = false;
    require_once("src/initweb.php");
    MeetingTracker::trackerstatus_api(new Contact(null, $Conf));
    exit;
}

// initialization
require_once("src/initweb.php");

if ($Qreq->base !== null) {
    $Conf->set_siteurl($Qreq->base);
}
if (!$Me->has_account_here()
    && ($key = $Me->capability("tracker_kiosk"))) {
    $kiosks = $Conf->setting_json("__tracker_kiosk") ? : (object) array();
    if (isset($kiosks->$key) && $kiosks->$key->update_at >= $Now - 172800) {
        if ($kiosks->$key->update_at < $Now - 3600) {
            $kiosks->$key->update_at = $Now;
            $Conf->save_setting("__tracker_kiosk", 1, $kiosks);
        }
        $Me->tracker_kiosk_state = $kiosks->$key->show_papers ? 2 : 1;
    }
}
if ($Qreq->p) {
    $Conf->set_paper_request($Qreq, $Me);
}

// requests
if ($Conf->has_api($Qreq->fn)) {
    $Conf->call_api_exit($Qreq->fn, $Me, $Qreq, $Conf->paper);
}

if ($Qreq->fn === "events") {
    if (!$Me->is_reviewer())
        json_exit(403, ["ok" => false]);
    $from = $Qreq->from;
    if (!$from || !ctype_digit($from))
        $from = $Now;
    $when = $from;
    $rf = $Conf->review_form();
    $events = new PaperEvents($Me);
    $rows = [];
    $more = false;
    foreach ($events->events($when, 11) as $xr) {
        if (count($rows) == 10)
            $more = true;
        else {
            if ($xr->crow)
                $rows[] = $xr->crow->unparse_flow_entry($Me);
            else
                $rows[] = $rf->unparse_flow_entry($xr->prow, $xr->rrow, $Me);
            $when = $xr->eventTime;
        }
    }
    json_exit(["ok" => true, "from" => (int) $from, "to" => (int) $when - 1,
               "rows" => $rows, "more" => $more]);
}

if ($Qreq->fn === "searchcompletion") {
    $s = new PaperSearch($Me, "");
    json_exit(["ok" => true, "searchcompletion" => $s->search_completion()]);
}

// from here on: `status` and `track` requests
$is_track = $Qreq->fn === "track";
if ($is_track) {
    MeetingTracker::track_api($Me, $Qreq); // may fall through to act like `status`
} else if ($Qreq->fn !== "status") {
    json_exit(404, "Unknown request “" . $Qreq->fn . "”");
}

$j = $Me->my_deadlines($Conf->paper);

if ($Conf->paper && $Me->can_view_tags($Conf->paper)) {
    $pj = (object) ["pid" => $Conf->paper->paperId];
    $Conf->paper->add_tag_info_json($pj, $Me);
    if (count((array) $pj) > 1)
        $j->p = [$Conf->paper->paperId => $pj];
}

if ($is_track && ($new_trackerid = $Qreq->annex("new_trackerid"))) {
    $j->new_trackerid = $new_trackerid;
}
$j->ok = true;
json_exit($j);