plugin.image.photostation/PhotoStation API/webapi/dsm_share.php

<?php
require_once('dsm_share.inc.php');

class DsmShareAPI extends WebAPI {
	private $operationPemission = "dsm_account";
	protected $idPrefix = 'dsmshare_';

	function __construct() {
		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
	}

	protected function Process()
	{
		if (!strcasecmp($this->method, "list")) {
			$this->ShareList();
		} else if (!strcasecmp($this->method, "copy")) {
			$this->ShareCopy();
		} else if (!strcasecmp($this->method, "copymusic")) {
			$this->ShareCopyMusic();
		}
	}

	private function ShareList()
	{
		$resp = array();

		$params = $this->GetParams_List();
		if (!$params) {
			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
			goto End;
		}

		$data = DsmShare::ListItem($params['user'], $params['id'], $params['type'], $params['offset'], $params['limit']);
		$items = array();

		foreach ($data['data'] as $k => $v) {
			$v['id'] = $this->EncodeItemId($v['id']);
			$items[] = $v;
		}
		$resp['items'] = $items;
		$resp['total'] = $data['total'];
		$offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
		$resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;

		$this->SetResponse($resp);
	End:
		return;
	}

	private function ShareCopy()
	{
		$params = $this->GetParams_Copy();
		if (!$params) {
			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
			goto End;
		}

		$res = DsmShare::CopyItem($params['user'], $params['id'], $params['sharepath'], $params['duplicate']);

		if (!$res) {
			$this->SetError(PHOTOSTATION_DSMSHARE_UPLOAD_ERROR);
			goto End;
		}
	End:
		return;
	}

	private function ShareCopyMusic()
	{
		$params = $this->GetParams_CopyMusic();
		if (!$params) {
			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
			goto End;
		}

		if (SlideshowMusic::LIMIT < SlideshowMusic::GetCount() + count($params['id'])) {
			$this->SetError(array(PHOTOSTATION_SLIDESHOWMUSIC_EXCEED_LIMIT, SlideshowMusic::LIMIT));
			goto End;
		}

		foreach ($params['id'] as $id) {
			if (!SlideshowMusic::Add(basename($id), $id, '', $params['user'])) {
				$this->SetError(PHOTOSTATION_DSMSHARE_UPLOAD_ERROR);
				goto End;
			}
		}

	End:
		return;
	}

	private function GetParams_List()
	{
		$id = !$_REQUEST['id'] || 'fm_root' === $_REQUEST['id'] ? '' : $this->DecodeItemId($_REQUEST['id']);

		if (false === $id) {
			return false;
		}

		$types = explode(',', preg_replace('/\s/', '', $_REQUEST['type']));

		foreach ($types as $type) {
			if (!in_array($type, DsmShare::$allowTypes)) {
				return false;
			}
		}

		$user = $this->GetUser();

		if (!$user) {
			return false;
		}

		// $variable + 0 => convert to integer
		$params = array(
			'id' => $id,
			'user' => $user,
			'type' => $types,
			'offset' => !isset($_REQUEST['offset']) || $_REQUEST['offset'] < 0 ? 0 : $_REQUEST['offset'] + 0,
			'limit' => !isset($_REQUEST['limit']) || $_REQUEST['limit'] < 0 ? NULL : $_REQUEST['limit'] + 0,
		);
		return $params;
	}

	private function GetUser()
	{
		$user = false;

		if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) {
			$user = $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
		} else if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
			$user = ("root" === SYNOPHOTO_ADMIN_USER)? "admin" : SYNOPHOTO_ADMIN_NAME;
		}
		return $user;
	}

	private function GetParams_Copy()
	{
		if(!isset($_REQUEST['id']) || !isset($_REQUEST['sharepath'])) {
			return false;
		}

		$idWithPrefix = explode(',', $_REQUEST['id']);

		$ids = array();

		$sharepath = trim($_REQUEST['sharepath'], "/");

		$dbPath = $sharepath ? $sharepath : '/';

		foreach ($idWithPrefix as $k) {
			$decodeId = $this->DecodeItemId($k);
			if (false === $decodeId) {
				return false;
			}
			if (dirname($decodeId) === SYNOPHOTO_SERVICE_REAL_DIR."/".$sharepath) {
				return false;
			}
			$ids[$decodeId] = 1;
		}

		if (!csSYNOPhotoMisc::CheckPathValid($sharepath) || !csSYNOPhotoMisc::CheckAlbumUploadable($dbPath)) {
			return false;
		}

		$duplicate = $_REQUEST['duplicate'] ? $_REQUEST['duplicate'] : DsmShare::IGNORE;

		if (!in_array($duplicate, array(DsmShare::OVERWRITE, DsmShare::IGNORE))) {
			return false;
		}

		$user = $this->GetUser();

		if (!$user) {
			return false;
		}

		// $variable + 0 => convert to integer
		$params = array(
			'id' => array_keys($ids),
			'user' => $user,
			'sharepath' => $sharepath,
			'duplicate' => $duplicate
		);
		return $params;
	}

	private function GetParams_CopyMusic()
	{
		if(!isset($_REQUEST['id'])) {
			return false;
		}

		$idWithPrefix = explode(',', $_REQUEST['id']);

		$ids = array();

		foreach ($idWithPrefix as $k) {
			$decodeId = $this->DecodeItemId($k);
			if (false === $decodeId) {
				return false;
			}
			$ids[$decodeId] = 1;
		}

		$user = $this->GetUser();

		if (!$user) {
			return false;
		}

		$params = array(
			'id' => array_keys($ids),
			'user' => $user
		);
		return $params;
	}

	protected function CheckPermission()
	{
		$res = true;
		$check = array(
			"list" => $this->operationPemission,
			"copy" => $this->operationPemission,
			"copymusic" => $this->operationPemission
		);
		if (!array_key_exists($this->method, $check)) {
			goto End;
		}

		$funcName = "check_".$check[$this->method];

		if (!method_exists($this, $funcName)) {
			$res = false;
			goto End;
		}

		$res = $this->$funcName();

	End:
		if (!$res) {
			$this->SetError(PHOTOSTATION_DSMSHARE_ACCESS_DENY);
		}
		return $res;
	}

	private function check_dsm_account()
	{
		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
		csSYNOPhotoMisc::CheckSessionTimeOut(true);
		return "1" === csSYNOPhotoMisc::GetConfigDB("global", "account_system", "photo_config") || isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
	}
}
$api = new DsmShareAPI();
$api->Run();

?>