frontend & backend update

2023-01-16 21:47:23 +01:00
parent 1d6ff17994
commit 4cec531a25
51 changed files with 1010 additions and 571 deletions
--- a/Core/API/PermissionAPI.class.php
+++ b/Core/API/PermissionAPI.class.php
@@ -31,6 +31,7 @@ namespace Core\API\Permission {
  use Core\Driver\SQL\Condition\CondIn;
  use Core\Driver\SQL\Condition\CondLike;
  use Core\Driver\SQL\Condition\CondNot;
+  use Core\Driver\SQL\Query\Insert;
  use Core\Driver\SQL\Strategy\UpdateStrategy;
  use Core\Objects\Context;
  use Core\Objects\DatabaseEntity\Group;
@@ -73,6 +74,16 @@ namespace Core\API\Permission {
          http_response_code(401);
          return $this->createError("Permission denied.");
        }
+
+        // user would have required groups, check for 2fa-state
+        if ($currentUser) {
+          $tfaToken = $currentUser->getTwoFactorToken();
+          if ($tfaToken && $tfaToken->isConfirmed() && !$tfaToken->isAuthenticated()) {
+            $this->lastError = '2FA-Authorization is required';
+            http_response_code(401);
+            return false;
+          }
+        }
      }

      return $this->success;
@@ -127,6 +138,10 @@ namespace Core\API\Permission {

      return $this->success;
    }
+
+    public static function getDefaultACL(Insert $insert): void {
+      $insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch API permissions");
+    }
  }

  class Save extends PermissionAPI {
@@ -192,5 +207,10 @@ namespace Core\API\Permission {

      return $this->success;
    }
+
+    public static function getDefaultACL(Insert $insert): void {
+      $insert->addRow(self::getEndpoint(), [Group::ADMIN],
+        "Allows users to modify API permissions. This is restricted to the administrator and cannot be changed");
+    }
  }
 }