Browse Source

API: Check for user permission

master
Skylar Ittner 6 months ago
parent
commit
c97e058786
2 changed files with 12 additions and 1 deletions
  1. 8
    1
      api/functions.php
  2. 4
    0
      settings.template.php

+ 8
- 1
api/functions.php View File

@@ -52,7 +52,7 @@ function getCensoredKey() {
* @return bool true if the request should continue, false if the request is bad
*/
function authenticate(): bool {
global $VARS;
global $VARS, $SETTINGS;
// HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
@@ -68,6 +68,13 @@ function authenticate(): bool {
return false;
}
if ($user->checkPassword($password, true)) {
// Check that the user has permission to access the app
$perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
foreach ($perms as $perm) {
if (!$user->hasPermission($perm)) {
return false;
}
}
return true;
}
return false;

+ 4
- 0
settings.template.php View File

@@ -39,6 +39,10 @@ $SETTINGS = [
// List of required user permissions to access this app.
"permissions" => [
],
// List of permissions required for API access. Remove to use the value of
// "permissions" instead.
"api_permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver",
// Language to use for localization. See langs folder to add a language.

Loading…
Cancel
Save