API: Check for user permission

master
Skylar Ittner 5 years ago
parent 26a662c399
commit c97e058786

@ -52,7 +52,7 @@ function getCensoredKey() {
* @return bool true if the request should continue, false if the request is bad * @return bool true if the request should continue, false if the request is bad
*/ */
function authenticate(): bool { function authenticate(): bool {
global $VARS; global $VARS, $SETTINGS;
// HTTP basic auth // HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER']; $username = $_SERVER['PHP_AUTH_USER'];
@ -68,6 +68,13 @@ function authenticate(): bool {
return false; return false;
} }
if ($user->checkPassword($password, true)) { if ($user->checkPassword($password, true)) {
// Check that the user has permission to access the app
$perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
foreach ($perms as $perm) {
if (!$user->hasPermission($perm)) {
return false;
}
}
return true; return true;
} }
return false; return false;

@ -39,6 +39,10 @@ $SETTINGS = [
// List of required user permissions to access this app. // List of required user permissions to access this app.
"permissions" => [ "permissions" => [
], ],
// List of permissions required for API access. Remove to use the value of
// "permissions" instead.
"api_permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php // For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver", "timezone" => "America/Denver",
// Language to use for localization. See langs folder to add a language. // Language to use for localization. See langs folder to add a language.

Loading…
Cancel
Save