From ab0808d4c5285d0cd7c7b79046ffdae38c0e4bd5 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Thu, 23 Nov 2017 11:32:31 +0100 Subject: [PATCH] Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) --- build/api/core/AuthSystemDefault.php | 70 +++++++--------------------- 1 file changed, 17 insertions(+), 53 deletions(-) diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php index b74054a..fcb8377 100755 --- a/build/api/core/AuthSystemDefault.php +++ b/build/api/core/AuthSystemDefault.php @@ -82,66 +82,22 @@ /* [2] Si authentification token -> ADMIN =========================================================*/ - if( self::auth_level() >= 1 ){ + if( self::auth_level() == 2 ){ - $checkRoot = new Repo('warehouse/getByToken', [ $_SESSION['AUTH'][0] ]); - - /* (1) Si le token n'existe pas, on retourne une erreur */ - if( $checkRoot->answer() == false ) - return false; - - /* (2) On met à jour les informations de l'entrepot */ - $_SESSION['WAREHOUSE'] = [ - 'id' => (int) $checkRoot->answer()[0]['id_warehouse'], - 'name' => $checkRoot->answer()[0]['name'], - 'theme' => '#'.$checkRoot->answer()[0]['theme'] - ]; - - /* (3) On récupère les modules de l'entrepot */ - $getModules = new Repo('warehouse/getModules', [ $_SESSION['WAREHOUSE']['id'] ]); - - $_SESSION['WAREHOUSE']['modules'] = $getModules->answer(); + // TODO: implement ADMIN database auth. check + // + set $_SESSION['ADMIN'] + // + return FALSE on error } /* [3] Si authentification token -> USER =========================================================*/ - if( self::auth_level() == 2 ){ - - $checkBranch = new Repo('admin/getByToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1] ]); - - /* (1) Si le token n'existe pas, on retourne une erreur */ - if( $checkBranch->answer() == false ) - return false; - - /* (2) On met à jour les informations de l'administrateur */ - $_SESSION['ADMIN'] = [ - 'id' => (int) $checkBranch->answer()['id_admin'], - 'username' => $checkBranch->answer()['username'], - 'mail' => $checkBranch->answer()['mail'] - ]; - - - } - - - /* [4] Si authentification triple -> WAREHOUSE + SATS_token + SATS_nexttoken - =========================================================*/ - if( self::auth_level() == 3 ){ - - - $checkBranch = new Repo('machine/checkToken', [ $_SESSION['WAREHOUSE']['id'], $_SESSION['AUTH'][1], $_SESSION['AUTH'][2] ]); - - /* (1) Si le token n'est pas valide, on retourne une erreur */ - if( $checkBranch->answer() === false ) - return false; - - /* (2) On met à jour les informations de l'administrateur */ - $_SESSION['SATS'] = [ - 'id' => (int) $checkBranch->answer() - ]; + if( self::auth_level() == 1 ){ + // TODO: implement USER database auth. check + // + set $_SESSION['USER'] + // + return FALSE on error } @@ -232,12 +188,20 @@ if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) ) return Err::PermissionError; + /* (3) On retire 'admin', et 'user' de @expected + ---------------------------------------------------------*/ + $adminIndex = array_search('admin', $expected); + $userIndex = array_search('user', $expected); + if( is_int($adminIndex) ) unset($expected[$adminIndex]); + if( is_int($userIndex) ) unset($expected[$userIndex]); - /* [2] Gestion des permissions + + /* [2] Gestion des permissions CUSTOM =========================================================*/ /* (1) Vérification de toutes les permissions requises */ foreach($expected as $permission) + // Si il manque au minimum une permission, on retourne FALSE if( !in_array($permission, $_SESSION['PERM']) ) return Err::PermissionError;