ACL rewrite
This commit is contained in:
parent
d6c6572989
commit
aea20b7a10
@ -33,7 +33,6 @@ namespace Core\API\ApiKey {
|
||||
use Core\API\Traits\Pagination;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondAnd;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\ApiKey;
|
||||
|
||||
@ -61,8 +60,8 @@ namespace Core\API\ApiKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to create new API-Keys", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to create new API-Keys";
|
||||
}
|
||||
}
|
||||
|
||||
@ -106,8 +105,8 @@ namespace Core\API\ApiKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to fetch new API-Keys", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch their API-Keys";
|
||||
}
|
||||
}
|
||||
|
||||
@ -134,8 +133,8 @@ namespace Core\API\ApiKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to refresh API-Keys", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to refresh their API-Keys";
|
||||
}
|
||||
}
|
||||
|
||||
@ -158,8 +157,8 @@ namespace Core\API\ApiKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to revoke API-Keys", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to revoke their API-Keys";
|
||||
}
|
||||
}
|
||||
}
|
@ -2,8 +2,14 @@
|
||||
|
||||
namespace Core\API {
|
||||
|
||||
use Core\Objects\Context;
|
||||
|
||||
abstract class DatabaseAPI extends Request {
|
||||
|
||||
public function __construct(Context $context, bool $externalCall = false, array $params = array()) {
|
||||
parent::__construct($context, $externalCall, $params);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -12,8 +18,6 @@ namespace Core\API\Database {
|
||||
|
||||
use Core\API\DatabaseAPI;
|
||||
use Core\API\Parameter\RegexType;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Controller\DatabaseEntity;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
@ -27,14 +31,16 @@ namespace Core\API\Database {
|
||||
protected function _execute(): bool {
|
||||
$sql = $this->context->getSQL();
|
||||
$status = $sql->getStatus();
|
||||
|
||||
$this->result["status"] = $status;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to view the database status", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to view the database status";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -102,8 +108,12 @@ namespace Core\API\Database {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to migrate the database structure", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to migrate the database structure";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
}
|
@ -21,7 +21,6 @@ namespace Core\API\GpgKey {
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\Template\Render;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\GpgKey;
|
||||
use Core\Objects\DatabaseEntity\User;
|
||||
@ -137,8 +136,8 @@ namespace Core\API\GpgKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to import gpg keys for a secure e-mail communication", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to import gpg keys for a secure e-mail communication";
|
||||
}
|
||||
}
|
||||
|
||||
@ -170,8 +169,8 @@ namespace Core\API\GpgKey {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to unlink gpg keys from their profile", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to unlink gpg keys from their profile";
|
||||
}
|
||||
}
|
||||
|
||||
@ -219,6 +218,10 @@ namespace Core\API\GpgKey {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to confirm their imported gpg key";
|
||||
}
|
||||
}
|
||||
|
||||
class Download extends GpgKeyAPI {
|
||||
@ -289,7 +292,9 @@ namespace Core\API\GpgKey {
|
||||
header("Content-Disposition: attachment; filename=\"$fileName\"");
|
||||
die($key);
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to download any gpg public key";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -56,18 +56,14 @@ namespace Core\API\Groups {
|
||||
use Core\API\GroupsAPI;
|
||||
use Core\API\Parameter\Parameter;
|
||||
use Core\API\Parameter\RegexType;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\Traits\Pagination;
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondAnd;
|
||||
use Core\Driver\SQL\Expression\Alias;
|
||||
use Core\Driver\SQL\Expression\Count;
|
||||
use Core\Driver\SQL\Join\InnerJoin;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\Route;
|
||||
use Core\Objects\DatabaseEntity\User;
|
||||
|
||||
class Fetch extends GroupsAPI {
|
||||
@ -113,8 +109,12 @@ namespace Core\API\Groups {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch available groups", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch available groups";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -135,8 +135,12 @@ namespace Core\API\Groups {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to get details about a group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -155,7 +159,7 @@ namespace Core\API\Groups {
|
||||
$nmTable = User::getHandler($sql)->getNMRelation("groups")->getTableName();
|
||||
$condition = new Compare("group_id", $this->getParam("id"));
|
||||
$nmJoin = new InnerJoin($nmTable, "$nmTable.user_id", "User.id");
|
||||
if (!$this->initPagination($sql, User::class, $condition, 100, [$nmJoin])) {
|
||||
if (!$this->initPagination($sql, User::class, $condition, [$nmJoin])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -174,8 +178,12 @@ namespace Core\API\Groups {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch members of a group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch members of a group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -210,8 +218,12 @@ namespace Core\API\Groups {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create a new group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to create a new group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -252,8 +264,12 @@ namespace Core\API\Groups {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to update existing groups", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to update existing groups";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -280,8 +296,12 @@ namespace Core\API\Groups {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete a group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to delete a group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -321,8 +341,12 @@ namespace Core\API\Groups {
|
||||
}
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add members to a group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to add members to a group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -362,8 +386,12 @@ namespace Core\API\Groups {
|
||||
}
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove members from a group", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to remove members from a group";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
}
|
@ -23,4 +23,8 @@ class Info extends Request {
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Returns general information about the Site";
|
||||
}
|
||||
}
|
@ -48,6 +48,10 @@ namespace Core\API\Language {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to retrieve a list of built-in languages";
|
||||
}
|
||||
}
|
||||
|
||||
class Set extends LanguageAPI {
|
||||
@ -109,6 +113,10 @@ namespace Core\API\Language {
|
||||
$this->result["language"] = $this->language->jsonSerialize();
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to set their preferred language";
|
||||
}
|
||||
}
|
||||
|
||||
class GetEntries extends LanguageAPI {
|
||||
@ -172,5 +180,9 @@ namespace Core\API\Language {
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Returns a set of translations for the given language and module";
|
||||
}
|
||||
}
|
||||
}
|
@ -24,7 +24,6 @@ namespace Core\API\Logs {
|
||||
use Core\Driver\SQL\Condition\CondIn;
|
||||
use Core\Driver\SQL\Condition\CondLike;
|
||||
use Core\Driver\SQL\Condition\CondOr;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\SystemLog;
|
||||
@ -148,8 +147,12 @@ namespace Core\API\Logs {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch system logs", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch system logs";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
}
|
@ -46,7 +46,6 @@ namespace Core\API\Mail {
|
||||
use Core\API\MailAPI;
|
||||
use Core\API\Parameter\Parameter;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\MailQueueItem;
|
||||
use DateTimeInterface;
|
||||
@ -83,8 +82,12 @@ namespace Core\API\Mail {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to send a test email to verify configuration", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to send a test email to verify configuration";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -223,6 +226,14 @@ namespace Core\API\Mail {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Sends an email or puts it into an asynchronous queue. This function is for internal use only.";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
class SendQueue extends MailAPI {
|
||||
@ -282,5 +293,13 @@ namespace Core\API\Mail {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Processes the asynchronous mailing queue. This function is for internal use only.";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
@ -23,6 +23,7 @@ namespace Core\API {
|
||||
|
||||
protected function isRestricted(string $method): bool {
|
||||
return in_array(strtolower($method), ["permission/update", "permission/delete"]);
|
||||
// TODO: access the "hasConfigurablePermissions" here.
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -36,7 +37,6 @@ namespace Core\API\Permission {
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
use Core\Driver\SQL\Condition\CondIn;
|
||||
use Core\Driver\SQL\Condition\CondLike;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Driver\SQL\Strategy\UpdateStrategy;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
@ -93,6 +93,14 @@ namespace Core\API\Permission {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Checks whether a user is permitted to access a given API-method";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
class Fetch extends PermissionAPI {
|
||||
@ -146,8 +154,12 @@ namespace Core\API\Permission {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch API permissions", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch API permissions";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -199,12 +211,16 @@ namespace Core\API\Permission {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(
|
||||
self::getEndpoint(), [Group::ADMIN],
|
||||
"Allows users to modify API permissions. This is restricted to the administrator and cannot be changed",
|
||||
true
|
||||
);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to modify API permissions. This is restricted to the administrator and cannot be changed";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -250,12 +266,16 @@ namespace Core\API\Permission {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(
|
||||
self::getEndpoint(), [Group::ADMIN],
|
||||
"Allows users to delete API permissions. This is restricted to the administrator and cannot be changed",
|
||||
true
|
||||
);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to delete API permissions. This is restricted to the administrator and cannot be changed";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
@ -3,7 +3,6 @@
|
||||
namespace Core\API;
|
||||
|
||||
use Core\Driver\Logger\Logger;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\TwoFactorToken;
|
||||
use Core\Objects\TwoFactor\KeyBasedTwoFactorToken;
|
||||
@ -131,8 +130,14 @@ abstract class Request {
|
||||
|
||||
protected abstract function _execute(): bool;
|
||||
|
||||
// TODO: replace this function with two abstract methods: getDefaultPermittedGroups and getDescription
|
||||
public static function getDefaultACL(Insert $insert): void { }
|
||||
public static abstract function getDescription(): string;
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [];
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function check2FA(?TwoFactorToken $tfaToken = null): bool {
|
||||
|
||||
|
@ -70,7 +70,6 @@ namespace Core\API\Routes {
|
||||
use Core\API\Parameter\Parameter;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\RoutesAPI;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\Route;
|
||||
@ -98,8 +97,12 @@ namespace Core\API\Routes {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site routing", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch site routing.";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -130,13 +133,12 @@ namespace Core\API\Routes {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(
|
||||
self::getEndpoint(),
|
||||
[Group::ADMIN, Group::MODERATOR],
|
||||
"Allows users to fetch a single route",
|
||||
true
|
||||
);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch a single route";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::MODERATOR];
|
||||
}
|
||||
}
|
||||
|
||||
@ -177,8 +179,12 @@ namespace Core\API\Routes {
|
||||
return $this->success && $this->regenerateCache();
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add new routes", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to add new routes";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -234,8 +240,12 @@ namespace Core\API\Routes {
|
||||
return $this->success && $this->regenerateCache();
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to update existing routes", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to update existing routes";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -264,8 +274,12 @@ namespace Core\API\Routes {
|
||||
return $this->success && $this->regenerateCache();
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove routes", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to remove routes";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -281,8 +295,12 @@ namespace Core\API\Routes {
|
||||
return $this->toggleRoute($id, true);
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to enable a route", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to enable a route";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -298,8 +316,12 @@ namespace Core\API\Routes {
|
||||
return $this->toggleRoute($id, false);
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to disable a route", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to disable a route";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -342,11 +364,12 @@ namespace Core\API\Routes {
|
||||
return $this->router;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(),
|
||||
[Group::ADMIN, Group::SUPPORT],
|
||||
"Allows users to regenerate the routing cache", true
|
||||
);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to regenerate the routing cache";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -368,12 +391,12 @@ namespace Core\API\Routes {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow("routes/check",
|
||||
[Group::ADMIN, Group::MODERATOR],
|
||||
"Users with this permission can see, if a route pattern is matched with the given path for debugging purposes",
|
||||
true
|
||||
);
|
||||
public static function getDescription(): string {
|
||||
return "This endpoint grants the ability to check, if a route pattern is matched with the given path for debugging purposes";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::MODERATOR];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ use Core\Objects\Context;
|
||||
use Core\Objects\Search\Searchable;
|
||||
use Core\Objects\Search\SearchQuery;
|
||||
|
||||
// TODO: rework this entirely
|
||||
class Search extends Request {
|
||||
|
||||
public function __construct(Context $context, bool $externalCall = false) {
|
||||
@ -38,4 +39,8 @@ class Search extends Request {
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Searches the site documents and returns a list of matching routes";
|
||||
}
|
||||
}
|
@ -39,7 +39,6 @@ namespace Core\API\Settings {
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
use Core\Driver\SQL\Condition\CondBool;
|
||||
use Core\Driver\SQL\Condition\CondIn;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Driver\SQL\Strategy\UpdateStrategy;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
@ -66,8 +65,12 @@ namespace Core\API\Settings {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site settings", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch site settings";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -174,8 +177,12 @@ namespace Core\API\Settings {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify site settings", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to modify site settings";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
}
|
@ -2,14 +2,9 @@
|
||||
|
||||
namespace Core\API;
|
||||
|
||||
use Core\Driver\SQL\Expression\Count;
|
||||
use Core\Driver\SQL\Expression\Distinct;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\Route;
|
||||
use Core\Objects\DatabaseEntity\User;
|
||||
use DateTime;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondBool;
|
||||
use Core\Objects\Context;
|
||||
|
||||
@ -82,7 +77,11 @@ class Stats extends Request {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to view site statistics", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to view site statistics";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
@ -2,9 +2,10 @@
|
||||
|
||||
namespace Core\API;
|
||||
|
||||
use Core\API\Parameter\IntegerType;
|
||||
use Core\API\Parameter\RegexType;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
|
||||
class Swagger extends Request {
|
||||
|
||||
@ -52,6 +53,16 @@ class Swagger extends Request {
|
||||
return true;
|
||||
}
|
||||
|
||||
private function getBodyName(\ReflectionClass $class): string {
|
||||
$bodyName = $class->getShortName() . "Body";
|
||||
$namespace = explode("\\", $class->getNamespaceName());
|
||||
if (count($namespace) > 2) { // Core\API\XYZ or Site\API\XYZ
|
||||
$bodyName = $namespace[2] . $bodyName;
|
||||
}
|
||||
|
||||
return $bodyName;
|
||||
}
|
||||
|
||||
private function getDocumentation(): string {
|
||||
|
||||
$settings = $this->context->getSettings();
|
||||
@ -86,6 +97,7 @@ class Swagger extends Request {
|
||||
}
|
||||
}
|
||||
|
||||
$bodyName = $this->getBodyName($apiClass);
|
||||
$parameters = $apiObject->getDefaultParams();
|
||||
if (!empty($parameters)) {
|
||||
$body = [];
|
||||
@ -97,6 +109,17 @@ class Swagger extends Request {
|
||||
|
||||
if ($param instanceof StringType && $param->maxLength > 0) {
|
||||
$body[$param->name]["maxLength"] = $param->maxLength;
|
||||
} else if ($param instanceof IntegerType) {
|
||||
if ($param->minValue > PHP_INT_MIN) {
|
||||
$body[$param->name]["minimum"] = $param->minValue;
|
||||
}
|
||||
if ($param->maxValue < PHP_INT_MAX) {
|
||||
$body[$param->name]["maximum"] = $param->maxValue;
|
||||
}
|
||||
}
|
||||
|
||||
if ($param instanceof RegexType) {
|
||||
$body[$param->name]["pattern"] = $param->pattern;
|
||||
}
|
||||
|
||||
if ($body[$param->name]["type"] === "string" && ($format = $param->getSwaggerFormat())) {
|
||||
@ -108,7 +131,6 @@ class Swagger extends Request {
|
||||
}
|
||||
}
|
||||
|
||||
$bodyName = $apiClass->getShortName() . "Body";
|
||||
$definitions[$bodyName] = [
|
||||
"description" => "Body for $endpoint",
|
||||
"properties" => $body
|
||||
@ -122,6 +144,7 @@ class Swagger extends Request {
|
||||
$endPointDefinition = [
|
||||
"post" => [
|
||||
"tags" => [$tag ?? "Global"],
|
||||
"summary" => $apiObject->getDescription(),
|
||||
"produces" => ["application/json"],
|
||||
"responses" => [
|
||||
"200" => ["description" => "OK!"],
|
||||
@ -143,7 +166,7 @@ class Swagger extends Request {
|
||||
"in" => "body",
|
||||
"name" => "body",
|
||||
"required" => !empty($requiredProperties),
|
||||
"schema" => ["\$ref" => "#/definitions/" . $apiClass->getShortName() . "Body"]
|
||||
"schema" => ["\$ref" => "#/definitions/$bodyName"]
|
||||
]];
|
||||
} else if ($apiObject->isMethodAllowed("GET")) {
|
||||
$endPointDefinition["get"] = $endPointDefinition["post"];
|
||||
@ -170,6 +193,13 @@ class Swagger extends Request {
|
||||
];
|
||||
|
||||
return \yaml_emit($yamlData);
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Returns the API-specification for this site. Endpoints, a user does not have access to, are hidden by default.";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [];
|
||||
}
|
||||
}
|
@ -79,6 +79,12 @@ namespace Core\API\Template {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
public static function getDescription(): string {
|
||||
return "Renders a given template with a set of parameters. This API is for internal use only";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
@ -57,7 +57,6 @@ namespace Core\API\TFA {
|
||||
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\TfaAPI;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\TwoFactor\AttestationObject;
|
||||
use Core\Objects\TwoFactor\AuthenticationData;
|
||||
@ -128,8 +127,8 @@ namespace Core\API\TFA {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to remove their 2FA-Tokens", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to remove their 2FA-Tokens";
|
||||
}
|
||||
}
|
||||
|
||||
@ -168,8 +167,8 @@ namespace Core\API\TFA {
|
||||
die($twoFactorToken->generateQRCode($this->context));
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users generate a QR-code to add a time-based 2FA-Token", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users generate a QR-code to add a time-based 2FA-Token";
|
||||
}
|
||||
}
|
||||
|
||||
@ -202,8 +201,8 @@ namespace Core\API\TFA {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to confirm their time-based 2FA-Token", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to confirm their time-based 2FA-Token";
|
||||
}
|
||||
}
|
||||
|
||||
@ -236,8 +235,8 @@ namespace Core\API\TFA {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to verify time-based 2FA-Tokens", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to verify time-based 2FA-Tokens";
|
||||
}
|
||||
}
|
||||
|
||||
@ -333,8 +332,8 @@ namespace Core\API\TFA {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to register a 2FA hardware-key", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to register a 2FA hardware-key";
|
||||
}
|
||||
}
|
||||
|
||||
@ -395,8 +394,8 @@ namespace Core\API\TFA {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to verify a 2FA hardware-key", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to verify a 2FA hardware-key";
|
||||
}
|
||||
}
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Core\API\Traits;
|
||||
|
||||
use Core\API\Parameter\Parameter;
|
||||
use Core\API\Parameter\IntegerType;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\Driver\SQL\Condition\Condition;
|
||||
use Core\Driver\SQL\SQL;
|
||||
@ -11,26 +11,24 @@ use Core\Objects\DatabaseEntity\Controller\DatabaseEntityQuery;
|
||||
|
||||
trait Pagination {
|
||||
|
||||
function getPaginationParameters(array $orderColumns, string $defaultOrderBy = null, string $defaultSortOrder = "asc"): array {
|
||||
function getPaginationParameters(array $orderColumns, string $defaultOrderBy = null,
|
||||
string $defaultSortOrder = "asc", int $maxPageSize = 100): array {
|
||||
$this->paginationOrderColumns = $orderColumns;
|
||||
$defaultOrderBy = $defaultOrderBy ?? current($orderColumns);
|
||||
|
||||
return [
|
||||
'page' => new Parameter('page', Parameter::TYPE_INT, true, 1),
|
||||
'count' => new Parameter('count', Parameter::TYPE_INT, true, 25),
|
||||
'page' => new IntegerType('page', 1,PHP_INT_MAX, true, 1),
|
||||
'count' => new IntegerType('count', 1, $maxPageSize, true, 25),
|
||||
'orderBy' => new StringType('orderBy', -1, true, $defaultOrderBy, array_values($orderColumns)),
|
||||
'sortOrder' => new StringType('sortOrder', -1, true, $defaultSortOrder, ['asc', 'desc']),
|
||||
];
|
||||
}
|
||||
|
||||
function initPagination(SQL $sql, string $class, ?Condition $condition = null, int $maxPageSize = 100, ?array $joins = null): bool {
|
||||
function initPagination(SQL $sql, string $class, ?Condition $condition = null, ?array $joins = null): bool {
|
||||
$this->paginationClass = $class;
|
||||
$this->paginationCondition = $condition;
|
||||
if (!$this->validateParameters($maxPageSize)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->entityCount = call_user_func("$this->paginationClass::count", $sql, $condition, $joins);
|
||||
$this->pageSize = $this->getParam("count");
|
||||
if ($this->entityCount === false) {
|
||||
return $this->createError("Error fetching $this->paginationClass::count: " . $sql->getLastError());
|
||||
}
|
||||
@ -48,20 +46,6 @@ trait Pagination {
|
||||
return true;
|
||||
}
|
||||
|
||||
function validateParameters(int $maxCount = 100): bool {
|
||||
$this->page = $this->getParam("page");
|
||||
if ($this->page < 1) {
|
||||
return $this->createError("Invalid page count");
|
||||
}
|
||||
|
||||
$this->pageSize = $this->getParam("count");
|
||||
if ($this->pageSize < 1 || $this->pageSize > $maxCount) {
|
||||
return $this->createError("Invalid fetch count");
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function createPaginationQuery(SQL $sql, ?array $additionalValues = null, ?array $joins = null): DatabaseEntityQuery {
|
||||
$page = $this->getParam("page");
|
||||
$count = $this->getParam("count");
|
||||
|
@ -131,7 +131,6 @@ namespace Core\API\User {
|
||||
use Core\Driver\SQL\Condition\CondLike;
|
||||
use Core\Driver\SQL\Condition\CondOr;
|
||||
use Core\Driver\SQL\Expression\Alias;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\UserToken;
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
@ -141,7 +140,6 @@ namespace Core\API\User {
|
||||
use Core\Objects\TwoFactor\KeyBasedTwoFactorToken;
|
||||
use ImagickException;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\GpgKey;
|
||||
use Core\Objects\DatabaseEntity\User;
|
||||
|
||||
class Create extends UserAPI {
|
||||
@ -208,8 +206,12 @@ namespace Core\API\User {
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create new users", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to create new users";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -270,8 +272,12 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch all users", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to fetch all users";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -313,8 +319,12 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a user", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to get details about a user";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -346,8 +356,12 @@ namespace Core\API\User {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to search other users", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to search other users";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
@ -399,6 +413,14 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Retrieves information about the current session";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
class Invite extends UserAPI {
|
||||
@ -476,8 +498,12 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to invite new users", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to invite new users";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT, Group::MODERATOR];
|
||||
}
|
||||
}
|
||||
|
||||
@ -524,6 +550,10 @@ namespace Core\API\User {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to accept invitations and register an account";
|
||||
}
|
||||
}
|
||||
|
||||
class ConfirmEmail extends UserAPI {
|
||||
@ -563,6 +593,10 @@ namespace Core\API\User {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to confirm their email";
|
||||
}
|
||||
}
|
||||
|
||||
class Login extends UserAPI {
|
||||
@ -642,6 +676,14 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Creates a new session identified by the session cookie";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
class Logout extends UserAPI {
|
||||
@ -664,6 +706,14 @@ namespace Core\API\User {
|
||||
$this->lastError = $this->context->getSQL()->getLastError();
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Destroys the current session and logs the user out";
|
||||
}
|
||||
|
||||
public static function hasConfigurablePermissions(): bool {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
class Register extends UserAPI {
|
||||
@ -776,6 +826,10 @@ namespace Core\API\User {
|
||||
$this->logger->info("Registered new user with id=" . $user->getId());
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to register a new account";
|
||||
}
|
||||
}
|
||||
|
||||
class Edit extends UserAPI {
|
||||
@ -892,8 +946,12 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify other user's details", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to modify other user's details";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -929,8 +987,12 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete other users", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to delete other users";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN];
|
||||
}
|
||||
}
|
||||
|
||||
@ -1021,6 +1083,10 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to request a password reset link";
|
||||
}
|
||||
}
|
||||
|
||||
class ResendConfirmEmail extends UserAPI {
|
||||
@ -1115,6 +1181,10 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to request a new e-mail confirmation link";
|
||||
}
|
||||
}
|
||||
|
||||
class ResetPassword extends UserAPI {
|
||||
@ -1127,6 +1197,7 @@ namespace Core\API\User {
|
||||
));
|
||||
|
||||
$this->csrfTokenRequired = false;
|
||||
$this->apiKeyAllowed = false;
|
||||
}
|
||||
|
||||
public function _execute(): bool {
|
||||
@ -1161,6 +1232,10 @@ namespace Core\API\User {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to reset their password with a token received by a password reset email";
|
||||
}
|
||||
}
|
||||
|
||||
class UpdateProfile extends UserAPI {
|
||||
@ -1175,6 +1250,7 @@ namespace Core\API\User {
|
||||
));
|
||||
$this->loginRequired = true;
|
||||
$this->csrfTokenRequired = true;
|
||||
$this->apiKeyAllowed = false; // prevent account takeover when an API-key is stolen
|
||||
$this->forbidMethod("GET");
|
||||
}
|
||||
|
||||
@ -1231,8 +1307,8 @@ namespace Core\API\User {
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to update their profiles.", true);
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to update their profiles.";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1343,6 +1419,10 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to upload and change their profile pictures.";
|
||||
}
|
||||
}
|
||||
|
||||
class RemovePicture extends UserAPI {
|
||||
@ -1373,6 +1453,10 @@ namespace Core\API\User {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to remove their profile pictures.";
|
||||
}
|
||||
}
|
||||
|
||||
class CheckToken extends UserAPI {
|
||||
@ -1402,5 +1486,9 @@ namespace Core\API\User {
|
||||
$this->result["token"] = $userToken->jsonSerialize();
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Allows users to validate a token received in an e-mail for various purposes";
|
||||
}
|
||||
}
|
||||
}
|
@ -59,4 +59,8 @@ class VerifyCaptcha extends Request {
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Verifies a captcha response. This API is for internal use only.";
|
||||
}
|
||||
}
|
@ -5,10 +5,6 @@ namespace Core\Configuration;
|
||||
use Core\API\Request;
|
||||
use Core\Driver\SQL\SQL;
|
||||
use Core\Objects\DatabaseEntity\Controller\DatabaseEntity;
|
||||
use Core\Objects\DatabaseEntity\Group;
|
||||
use Core\Objects\DatabaseEntity\Route;
|
||||
use Core\Objects\Router\DocumentRoute;
|
||||
use Core\Objects\Router\StaticFileRoute;
|
||||
use PHPUnit\Util\Exception;
|
||||
|
||||
class CreateDatabase extends DatabaseScript {
|
||||
@ -20,7 +16,7 @@ class CreateDatabase extends DatabaseScript {
|
||||
|
||||
$queries[] = $sql->createTable("Settings")
|
||||
->addString("name", 32)
|
||||
->addString("value", 1024, true)
|
||||
->addJson("value", true)
|
||||
->addBool("private", false) // these values are not returned from '/api/settings/get', but can be changed
|
||||
->addBool("readonly", false) // these values are neither returned, nor can be changed from outside
|
||||
->primaryKey("name");
|
||||
@ -115,13 +111,20 @@ class CreateDatabase extends DatabaseScript {
|
||||
}
|
||||
}
|
||||
|
||||
public static function loadDefaultACL(array &$queries, SQL $sql) {
|
||||
public static function loadDefaultACL(array &$queries, SQL $sql): void {
|
||||
$query = $sql->insert("ApiPermission", ["method", "groups", "description", "is_core"]);
|
||||
|
||||
foreach (Request::getApiEndpoints() as $reflectionClass) {
|
||||
$method = $reflectionClass->getName() . "::getDefaultACL";
|
||||
$method($query);
|
||||
$className = $reflectionClass->getName();
|
||||
if (("$className::hasConfigurablePermissions")()) {
|
||||
$method = ("$className::getEndpoint")();
|
||||
$groups = ("$className::getDefaultPermittedGroups")();
|
||||
$description = ("$className::getDescription")();
|
||||
$isCore = startsWith($className, "Core\\API\\");
|
||||
$query->addRow($method, $groups, $description, $isCore);
|
||||
}
|
||||
}
|
||||
|
||||
if ($query->hasRows()) {
|
||||
$queries[] = $query;
|
||||
}
|
||||
|
@ -136,7 +136,7 @@ export default function AccessControlList(props) {
|
||||
}, [acl]);
|
||||
|
||||
const isRestricted = (method) => {
|
||||
return ["permissions/update", "permissions/delete"].includes(method.toLowerCase()) &&
|
||||
return ["permission/update", "permission/delete"].includes(method.toLowerCase()) ||
|
||||
!props.api.hasGroup(USER_GROUP_ADMIN);
|
||||
}
|
||||
|
||||
|
@ -38,6 +38,8 @@ import SettingsSelection from "./input-selection";
|
||||
|
||||
export default function SettingsView(props) {
|
||||
|
||||
// TODO: website-logo (?), mail_contact, mail_contact_gpg_key_id
|
||||
|
||||
// meta
|
||||
const api = props.api;
|
||||
const showDialog = props.showDialog;
|
||||
@ -205,7 +207,7 @@ export default function SettingsView(props) {
|
||||
key_name: key_name,
|
||||
value: settings[key_name],
|
||||
disabled: disabled,
|
||||
onChangeValue: v => setSettings({...settings, [key_name]: v}),
|
||||
onChangeValue: v => { setChanged(true); setSettings({...settings, [key_name]: v}) },
|
||||
...props
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user