浏览代码

API: Check for user permission

master
父节点
当前提交
c97e058786
共有 2 个文件被更改,包括 12 次插入1 次删除
  1. +8
    -1
      api/functions.php
  2. +4
    -0
      settings.template.php

+ 8
- 1
api/functions.php 查看文件

@@ -52,7 +52,7 @@ function getCensoredKey() {
* @return bool true if the request should continue, false if the request is bad
*/
function authenticate(): bool {
global $VARS;
global $VARS, $SETTINGS;
// HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
@@ -68,6 +68,13 @@ function authenticate(): bool {
return false;
}
if ($user->checkPassword($password, true)) {
// Check that the user has permission to access the app
$perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
foreach ($perms as $perm) {
if (!$user->hasPermission($perm)) {
return false;
}
}
return true;
}
return false;


+ 4
- 0
settings.template.php 查看文件

@@ -39,6 +39,10 @@ $SETTINGS = [
// List of required user permissions to access this app.
"permissions" => [
],
// List of permissions required for API access. Remove to use the value of
// "permissions" instead.
"api_permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver",
// Language to use for localization. See langs folder to add a language.


正在加载...
取消
保存