Browse Source

Add permissions tables and API function

tags/1.0beta
Skylar Ittner 2 years ago
parent
commit
1a11f365f8
3 changed files with 44 additions and 0 deletions
  1. 25
    0
      api.php
  2. BIN
      database.mwb
  3. 19
    0
      lib/login.php

+ 25
- 0
api.php View File

@@ -228,6 +228,31 @@ switch ($VARS['action']) {
$data = $database->select('accounts', ['uid', 'username', 'realname (name)'], ["OR" => ['username[~]' => $VARS['search'], 'realname[~]' => $VARS['search']], "LIMIT" => 10]);
exit(json_encode(["status" => "OK", "result" => $data]));
break;
case "permission":
if (is_empty($VARS['code'])) {
header("HTTP/1.1 400 Bad Request");
die("\"400 Bad Request\"");
}
$perm = $VARS['code'];
if ($VARS['uid']) {
if ($database->has("accounts", ['uid' => $VARS['uid']])) {
$user = $database->select('accounts', ['username'], ['uid' => $VARS['uid']])[0]['username'];
} else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
}
} else if ($VARS['username']) {
if ($database->has("accounts", ['username' => $VARS['username']])) {
$user = $VARS['username'];
} else {
exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
}
} else {
header("HTTP/1.1 400 Bad Request");
die("\"400 Bad Request\"");
}
$hasperm = account_has_permission($user, $perm);
exit(json_encode(["status" => "OK", "has_permission" => $hasperm]));
break;
default:
header("HTTP/1.1 400 Bad Request");
die("\"400 Bad Request\"");

BIN
database.mwb View File


+ 19
- 0
lib/login.php View File

@@ -236,6 +236,25 @@ function get_account_status($username, &$error) {
}
}

/**
* Check if the given username has the given permission (or admin access)
* @global $database $database
* @param string $username
* @param string $permcode
* @return boolean TRUE if the user has the permission (or admin access), else FALSE
*/
function account_has_permission($username, $permcode) {
global $database;
return $database->has('assigned_permissions', [
'[>]accounts' => [
'uid' => 'uid'
],
'[>]permissions' => [
'permid' => 'permid'
]
], ['AND' => ['OR' => ['permcode' => $permcode, 'permcode' => 'ADMIN'], 'username' => $username]]) === TRUE;
}

////////////////////////////////////////////////////////////////////////////////
// Login handling //
////////////////////////////////////////////////////////////////////////////////

Loading…
Cancel
Save