Ver código fonte

API: Check for user permission

master
Skylar Ittner 5 meses atrás
pai
commit
c97e058786
2 arquivos alterados com 12 adições e 1 exclusões
  1. 8
    1
      api/functions.php
  2. 4
    0
      settings.template.php

+ 8
- 1
api/functions.php Ver arquivo

@@ -52,7 +52,7 @@ function getCensoredKey() {
52 52
  * @return bool true if the request should continue, false if the request is bad
53 53
  */
54 54
 function authenticate(): bool {
55
-    global $VARS;
55
+    global $VARS, $SETTINGS;
56 56
     // HTTP basic auth
57 57
     if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
58 58
         $username = $_SERVER['PHP_AUTH_USER'];
@@ -68,6 +68,13 @@ function authenticate(): bool {
68 68
         return false;
69 69
     }
70 70
     if ($user->checkPassword($password, true)) {
71
+        // Check that the user has permission to access the app
72
+        $perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
73
+        foreach ($perms as $perm) {
74
+            if (!$user->hasPermission($perm)) {
75
+                return false;
76
+            }
77
+        }
71 78
         return true;
72 79
     }
73 80
     return false;

+ 4
- 0
settings.template.php Ver arquivo

@@ -39,6 +39,10 @@ $SETTINGS = [
39 39
     // List of required user permissions to access this app.
40 40
     "permissions" => [
41 41
     ],
42
+    // List of permissions required for API access. Remove to use the value of
43
+    // "permissions" instead.
44
+    "api_permissions" => [
45
+    ],
42 46
     // For supported values, see http://php.net/manual/en/timezones.php
43 47
     "timezone" => "America/Denver",
44 48
     // Language to use for localization. See langs folder to add a language.

Carregando…
Cancelar
Salvar