Groups & Stuff
This commit is contained in:
@@ -16,24 +16,27 @@ class Request {
|
||||
protected bool $variableParamCount;
|
||||
protected bool $isDisabled;
|
||||
protected bool $apiKeyAllowed;
|
||||
protected int $requiredGroup;
|
||||
|
||||
private array $aDefaultParams;
|
||||
private array $allowedMethods;
|
||||
private bool $externCall;
|
||||
private bool $externalCall;
|
||||
|
||||
public function __construct(User $user, bool $externalCall = false, array $params = array()) {
|
||||
$this->user = $user;
|
||||
$this->aDefaultParams = $params;
|
||||
$this->lastError = '';
|
||||
|
||||
$this->success = false;
|
||||
$this->result = array();
|
||||
$this->externCall = $externalCall;
|
||||
$this->externalCall = $externalCall;
|
||||
$this->isPublic = true;
|
||||
$this->isDisabled = false;
|
||||
$this->loginRequired = false;
|
||||
$this->variableParamCount = false;
|
||||
$this->apiKeyAllowed = true;
|
||||
$this->allowedMethods = array("GET", "POST");
|
||||
$this->requiredGroup = 0;
|
||||
$this->lastError = "";
|
||||
}
|
||||
|
||||
protected function forbidMethod($method) {
|
||||
@@ -82,7 +85,7 @@ class Request {
|
||||
$this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds();
|
||||
}
|
||||
|
||||
if($this->externCall) {
|
||||
if($this->externalCall) {
|
||||
$values = $_REQUEST;
|
||||
if($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SERVER["CONTENT_TYPE"]) && in_array("application/json", explode(";", $_SERVER["CONTENT_TYPE"]))) {
|
||||
$jsonData = json_decode(file_get_contents('php://input'), true);
|
||||
@@ -95,7 +98,7 @@ class Request {
|
||||
return false;
|
||||
}
|
||||
|
||||
if($this->externCall && !$this->isPublic) {
|
||||
if($this->externalCall && !$this->isPublic) {
|
||||
$this->lastError = 'This function is private.';
|
||||
header('HTTP 1.1 403 Forbidden');
|
||||
return false;
|
||||
@@ -107,8 +110,7 @@ class Request {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
if($this->loginRequired) {
|
||||
if($this->loginRequired || $this->requiredGroup > 0) {
|
||||
$authorized = false;
|
||||
if(isset($values['api_key']) && $this->apiKeyAllowed) {
|
||||
$apiKey = $values['api_key'];
|
||||
@@ -119,6 +121,10 @@ class Request {
|
||||
$this->lastError = 'You are not logged in.';
|
||||
header('HTTP 1.1 401 Unauthorized');
|
||||
return false;
|
||||
} else if($this->requiredGroup > 0 && !$this->user->hasGroup($this->requiredGroup)) {
|
||||
$this->lastError = "Insufficient permissions. Required group: ". GroupName($this->requiredGroup);
|
||||
header('HTTP 1.1 401 Unauthorized');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -151,7 +157,7 @@ class Request {
|
||||
public function getResult() { return $this->result; }
|
||||
public function success() { return $this->success; }
|
||||
public function loginRequired() { return $this->loginRequired; }
|
||||
public function isExternalCall() { return $this->externCall; }
|
||||
public function isExternalCall() { return $this->externalCall; }
|
||||
|
||||
public function getJsonResult() {
|
||||
$this->result['success'] = $this->success;
|
||||
|
||||
53
core/Api/User/Fetch.class.php
Normal file
53
core/Api/User/Fetch.class.php
Normal file
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
|
||||
namespace Api\User;
|
||||
|
||||
use \Api\Request;
|
||||
|
||||
class Fetch extends Request {
|
||||
|
||||
public function __construct($user, $externalCall = false) {
|
||||
parent::__construct($user, $externalCall, array());
|
||||
$this->loginRequired = true;
|
||||
// $this->requiredGroup = USER_GROUP_ADMIN;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$sql = $this->user->getSQL();
|
||||
$res = $sql->select("User.uid as userId", "User.name", "User.email", "Group.uid as groupId", "Group.name as groupName")
|
||||
->from("User")
|
||||
->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
|
||||
->leftJoin("Group", "Group.uid", "UserGroup.group_id")
|
||||
->execute();
|
||||
|
||||
$this->success = ($res !== FALSE);
|
||||
$this->lastError = $sql->getLastError();
|
||||
|
||||
if($this->success) {
|
||||
$this->result["users"] = array();
|
||||
foreach($res as $row) {
|
||||
$userId = $row["userId"];
|
||||
$groupId = $row["groupId"];
|
||||
$groupName = $row["groupName"];
|
||||
if (!isset($this->result["users"][$userId])) {
|
||||
$this->result["users"][$userId] = array(
|
||||
"uid" => $userId,
|
||||
"name" => $row["name"],
|
||||
"email" => $row["email"],
|
||||
"groups" => array(),
|
||||
);
|
||||
}
|
||||
|
||||
if(!is_null($groupId)) {
|
||||
$this->result["users"][$userId]["groups"][$groupId] = $groupName;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user