Netsyms
/
PCInfo
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add roles/permissions for API keys, add "os" column to machines

Browse Source
master
Skylar Ittner 6 years ago
parent 71f109470c
commit 9aac47f516
5 changed files with 88 additions and 7 deletions
Show Stats Download Patch File Download Diff File

46
api/index.php
Unescape Escape View File

@ -5,6 +5,7 @@ header('Content-Type: application/json');
require_once __DIR__ . "/../required.php";
require_once __DIR__ . "/../machine.php";
require_once __DIR__ . "/../roles.php";
$VARS;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
@ -13,14 +14,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$VARS = $_GET;
}
if (!$database->has('apikeys', ['key' => $VARS['key']])) {
http_response_code(403);
die('{"status": "ERROR", "message": "Invalid API key. Access denied."}');
}
function sendError($type, $msg = "An error occurred.") {
$code = 404;
switch ($type) {
case "invalidapikey":
$code = 403;
$msg = "Invalid API key. Access denied.";
break;
case "nopermission":
$code = 403;
$msg = "You don't have permission to do that.";
break;
case "nomachineid":
$code = 400;
$msg = "No machine ID sent.";
@ -36,9 +40,33 @@ function sendError($type, $msg = "An error occurred.") {
]));
}
if (!$database->has('apikeys', ['key' => $VARS['key']])) {
sendError("invalidapikey");
}
function dieWithoutRole($roleid) {
global $VARS;
$roles = [];
if (is_array($roleid)) {
$roles = $roleid;
} else {
$roles = [$roleid];
}
$hasrole = false;
foreach ($roles as $r) {
if (Roles::has($VARS['key'], $r)) {
$hasrole = true;
}
}
if (!$hasrole) {
sendError("nopermission");
}
}
switch ($VARS['action']) {
/* Get info */
case "getmachineinfo":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
@ -51,6 +79,7 @@ switch ($VARS['action']) {
}
break;
case "getmachinehistory":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
@ -63,6 +92,7 @@ switch ($VARS['action']) {
}
break;
case "getmachinecomponents":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
@ -84,6 +114,7 @@ switch ($VARS['action']) {
/* Save info */
case "addmachine":
dieWithoutRole(Roles::ROLE_ADDEDIT);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
@ -114,6 +145,9 @@ switch ($VARS['action']) {
sendError("", "Machine price must be a number and 0 < price < 10000.");
}
}
if (!empty($VARS['os'])) {
$data['os'] = $VARS['os'];
}
$database->insert('machines', $data);
if ($database->error()[1] != 0) {
@ -122,6 +156,7 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "OK"]));
break;
case "addhistory":
dieWithoutRole([Roles::ROLE_ADDEDIT, Roles::ROLE_ADDHIST]);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
@ -134,6 +169,7 @@ switch ($VARS['action']) {
}
break;
case "addcomponent":
dieWithoutRole(Roles::ROLE_ADDEDIT);
if (empty($VARS['id'])) {
sendError("nomachineid");
}

BIN
database.mwb
View File

Binary file not shown.

5
machine.php
Unescape Escape View File

@ -11,7 +11,7 @@ class Machine {
global $database;
if ($database->has('machines', ['machineid' => $machineid])) {
$this->machineid = $machineid;
$this->machine = $database->get('machines', ['machineid', 'notes', 'model', 'condition', 'price'], ['machineid' => $machineid]);
$this->machine = $database->get('machines', ['machineid', 'notes', 'model', 'condition', 'price', 'os'], ['machineid' => $machineid]);
$this->history = $database->select('history', ['[>]event_types' => 'eventid'], ['historyid', 'date', 'eventname', 'notes'], ['machineid' => $machineid]);
$this->components = $database->select('components', ['[>]component_types' => 'typeid'], ['compid', 'serial', 'typename', 'tested', 'notes', 'capacity', 'model'], ['machineid' => $machineid]);
} else {
@ -35,6 +35,9 @@ class Machine {
if (!empty($this->machine['price'])) {
$info['price'] = $this->machine['price'];
}
if (!empty($this->machine['os'])) {
$info['os'] = $this->machine['os'];
}
$info['notes'] = $this->machine['notes'];
return $info;
}

39
roles.php
Unescape Escape View File

@ -0,0 +1,39 @@
<?php
class Roles {
const ROLE_VIEWBYID = 1;
const ROLE_ADDEDIT = 2;
const ROLE_ADDHIST = 3;
const ROLE_VIEWBULK = 4;
public static function has($apikey, $roleid) {
global $database;
return $database->has('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]]) === true;
}
public static function add($apikey, $roleid) {
global $database;
if (!$database->has('apikeys', ['apikey' => $apikey])) {
throw new Exception("No such API key found.");
}
if (!$database->has('roles', ['roleid' => $roleid])) {
throw new Exception("No such role ID found.");
}
if (!$database->has('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]])) {
$database->insert('permissions', ['apikey' => $apikey, 'roleid' => $roleid]);
}
}
public static function remove($apikey, $roleid) {
global $database;
if (!$database->has('apikeys', ['apikey' => $apikey])) {
throw new Exception("No such API key found.");
}
if (!$database->has('roles', ['roleid' => $roleid])) {
throw new Exception("No such role ID found.");
}
$database->delete('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]]);
}
}

5
routes/info.php
Unescape Escape View File

@ -54,7 +54,10 @@
}
break;
case "price":
$echo = "Sale Value: $" . number_format($val * 1.0, 2);
$echo = "Est. Value: $" . number_format($val * 1.0, 2);
break;
case "os":
$echo = "Operating System: " . htmlspecialchars($val);
break;
case "notes":
$echo = "<div>" . htmlspecialchars($val) . "</div>";

Write Preview
Loading…
Cancel
Save