API: Check for user permission

master
Skylar Ittner преди 5 години
родител 26a662c399
ревизия c97e058786

@ -52,7 +52,7 @@ function getCensoredKey() {
* @return bool true if the request should continue, false if the request is bad
*/
function authenticate(): bool {
global $VARS;
global $VARS, $SETTINGS;
// HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
@ -68,6 +68,13 @@ function authenticate(): bool {
return false;
}
if ($user->checkPassword($password, true)) {
// Check that the user has permission to access the app
$perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
foreach ($perms as $perm) {
if (!$user->hasPermission($perm)) {
return false;
}
}
return true;
}
return false;

@ -39,6 +39,10 @@ $SETTINGS = [
// List of required user permissions to access this app.
"permissions" => [
],
// List of permissions required for API access. Remove to use the value of
// "permissions" instead.
"api_permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver",
// Language to use for localization. See langs folder to add a language.

Зареждане…
Отказ
Запис