diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php index fcb8377..9e6de1c 100755 --- a/build/api/core/AuthSystemDefault.php +++ b/build/api/core/AuthSystemDefault.php @@ -25,6 +25,7 @@ /* (1) Initialisation ---------------------------------------------------------*/ if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = []; + if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = []; if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = []; if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = []; @@ -115,13 +116,12 @@ /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * - * @module Module concerné * @expected Liste de listes de combinaisons de permissions attendues * * @return error Si FALSE, pas la permission, sinon si * */ - public static function permission($module, $expected){ + public static function permission($expected){ $error_propag = []; @@ -142,9 +142,9 @@ foreach($expected as $permission_group){ /* If granted -> don't go further */ - $error_propag[]= self::check_permission_group($module, $permission_group); + $error_propag[] = self::check_permission_group($permission_group); - if( $error_propag[count($error_propag)-1] == Err::Success ) + if( $error_propag[count($error_propag)-1]->get() == Err::Success ) return new Error(Err::Success); } @@ -153,7 +153,7 @@ /* [3] By default return `PermissionError` =========================================================*/ if( count($error_propag) > 0 ) - return new Error($error_propag[count($error_propag)-1]); + return $error_propag[count($error_propag)-1]; return new Error(Err::PermissionError); } @@ -166,13 +166,12 @@ /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * - * @module Module concerné * @expected Liste des permissions attendues * * @return error Err:: error constants * */ - private static function check_permission_group($module, $expected){ + private static function check_permission_group($expected){ /* [1] Gestion de l'AUTH (authentification) @@ -181,12 +180,12 @@ /* (1) Si entrepot requis, mais manquant ---------------------------------------------------------*/ if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) ) - return Err::PermissionError; + return new Error(Err::PermissionError); /* (2) Si admin requis, mais manquant ---------------------------------------------------------*/ if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) ) - return Err::PermissionError; + return new Error(Err::PermissionError); /* (3) On retire 'admin', et 'user' de @expected ---------------------------------------------------------*/ @@ -204,12 +203,12 @@ // Si il manque au minimum une permission, on retourne FALSE if( !in_array($permission, $_SESSION['PERM']) ) - return Err::PermissionError; + return new Error(Err::PermissionError, $permission); /* [4] Si on a toutes les permissions requises =========================================================*/ - return Err::Success; + return new Error(Err::Success); } diff --git a/build/api/core/Request.php b/build/api/core/Request.php index 5a44de6..3952d56 100755 --- a/build/api/core/Request.php +++ b/build/api/core/Request.php @@ -410,7 +410,7 @@ } // Check permission using user-implemented AuthSystem - $granted = self::$authsystem::permission( $this->path['module'], $method['permissions'] ); + $granted = self::$authsystem::permission( $method['permissions'] ); /* (1) On retourne FAUX si aucun droit n'a ete trouve */ if( $granted->get() !== Err::Success ){ diff --git a/build/error/core/Error.php b/build/error/core/Error.php index 70f9944..2cd3aa4 100755 --- a/build/error/core/Error.php +++ b/build/error/core/Error.php @@ -110,7 +110,10 @@ }private function TokenError(){ return 'bad or expired token'; }private function PermissionError(){ - return 'permission error'; + if( count($this->arguments) > 0 ) + return "missing permission: '".$this->arguments[0]."'"; + else + return 'permission error'; }private function DisabledModule(){ return 'disabled module'; }private function MissingPath(){ diff --git a/config/modules.json b/config/modules.json index ad23777..f71fe62 100755 --- a/config/modules.json +++ b/config/modules.json @@ -3,7 +3,7 @@ "RESTexample": { "POST article": { "description": "Posts a new article", - "permissions": ["journalist"], + "permissions": [["journalist"]], "parameters": { "title": { "description": "Article's title", "type": "varchar(5,100)" }, "content": { "description": "Article's content", "type": "text" } @@ -15,7 +15,7 @@ "GET article": { "description": "Gets all or a specific article", - "permissions": ["viewer", "journalist"], + "permissions": [["viewer"], ["journalist"]], "parameters": { "URL_0": { "description": "Article id", "type": "id", "optional": true } }, @@ -26,7 +26,7 @@ "VIEW article": { "description": "Gets a specific article into a json file (download)", - "permissions": ["viewer", "journalist"], + "permissions": [["viewer"], ["journalist"]], "options": { "download": true }, "parameters": { "URL_0": { "description": "Article id", "type": "id" } @@ -38,7 +38,7 @@ "PUT article": { "description": "Updates a specific article", - "permissions": ["journalist"], + "permissions": [["journalist"]], "parameters": { "URL_0": { "description": "Article id", "type": "id" }, "content": { "description": "Article's content", "type": "text" } @@ -50,7 +50,7 @@ "DELETE article": { "description": "Deletes a specific article", - "permissions": ["journalist"], + "permissions": [["journalist"]], "parameters": { "URL_0": { "description": "Article id", "type": "id" } },