SimpleNews Service

Just wondering, would this work for Drupal 6.15 as well? I can't see anything in the module function that
would deny the use but I could be wrong.

Thank you in advance

Anyone care to check/revise this code for 6.x-2.x-dev?

Duplicate request in #674710: Adding Subscribers via Service/Webform

I revised the code for 6.x it now works with latest core (as now 6.17). Hope this will be useful to somebody else.

Hello, I'm running 6.17 and I've been able to subscribe to the SimpleNews Module successfully. I would like to allow users to subscribe via a .swf, however, and when I test the service from admin/build/services/browse/simplenews.subscribe I am receiving this error:

* warning: array_fill() [function.array-fill]: Number of elements must be positive in /home/ktq_modea/dev.invisibleseasons.kartemquin.com/includes/database.inc on line 253.
* warning: implode() [function.implode]: Invalid arguments passed in /home/ktq_modea/dev.invisibleseasons.kartemquin.com/includes/database.inc on line 253.
* warning: array_keys() [function.array-keys]: The first argument should be an array in /home/ktq_modea/dev.invisibleseasons.kartemquin.com/modules/user/user.module on line 520.
* user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in /home/ktq_modea/dev.invisibleseasons.kartemquin.com/modules/user/user.module on line 520.

Any ideas on what I have set up incorrectly? Is this a permissions issue?

Any help that you could provide would be greatly appreciated. Thank you.

I'd be still open to add this to the 6.x-2.x branch.
However we need a cleanly implemented and well tested service interface.

In addition please provide some docs to make it explained well.

I'm interested, I hope i get enough time to work on it.

Great, nod_. Looking forward to hear from you soon again. :-)

After checking services and its submodules i see that there's some things ToDo.
Currently permissions are not checked. We need a check callback. I won't introduce something vulnerable.
Also it is unusual to expose the original functions. We should create wrappers.

Finally we'll add it as additional submodule, not as a patch.

We should not only expose subscription but much more also unsubscription for custom apps. There might be many more functions like get_subscriptions that make sense. Will someone improve this?

Cross-referencing #192168: exposing Simplenews module API.

Note that unsubscribe is implemented in #192168 - although this feature is trivial.
Please don't forget to add some documentation to the functions - currently absolutely missing.

Providing you something more appropriate as a template.

Will someone complete this work with implementation and testing?

Hi,

Please find attached an implementation using xmlrpc from core Drupal of a Simplenews service, allowing to :
- get the list of all newsletters in the website
- subscribing an email to one newsletter
- unsubscribing an email from one newsletter.

The security is handled using simplenews_private_key(), don't hesitate to comment if you have other ideas.

A test page is included, so basically, you need to apply the patch, enable the new module, and click on links to see if it works.

Best regards,

As of my understanding a service may also authenticate (has a user / pass / key) and get regular permissions and roles of membership.

Thus i'd not expect new keys but much more simple user_access() checks for the defined actions in the permission system - possibly new service specific permissions.
Is this wrong?

E.G. if you use xmlrpc by a flash, a user also might authenticate with his account data and the service callbacks represent his permissions. We won't integrate any pseudo-secret keys in the flashfile (since users will be able to extract them).

Can you show me any other service module and what's their approach to permission differentiation?

Ok, I think the best example of xmlrpc calls if the core one, blogapi, for example, the Delete post function.
Is it this kind of user / validation password you want ? If yes, I'll add it to my patch right away.

Your example is the blogger api that needs custom integration. This has nothing to do how regular authentication processes work.
As of my understanding services provides its own possibility to authenticate.
Thus we absolutely don't need to add any authentication part but only need to check permissions for current user state with user_access() in our service wrapper functions.

Please talk to irc #drupal-services guys to get some qualified opinions in. I've added the topic there, hoping to get some response soon.

subscribing

Too much work remaining here from our point of view.

Someone to take this project to a D7 port?
Anyone working on this? If you'll provide a 6.x version asap, please switch version back.