From cc4fd4427b6f05e63873a3b498cf0e45f6c7bc9b Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Thu, 23 Nov 2017 11:34:20 +0100
Subject: [PATCH] Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed
 useless @module management + use Error argument to tell which permission
 misses) | api.core.Request (removed @module when calling
 api.core.AuthSystemDefault.permission(@expected))

---
 build/api/core/AuthSystemDefault.php | 21 ++++++++++-----------
 build/api/core/Request.php           |  2 +-
 build/error/core/Error.php           |  5 ++++-
 config/modules.json                  | 10 +++++-----
 4 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index fcb8377..9e6de1c 100755
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -25,6 +25,7 @@
 			/* (1) Initialisation
 			---------------------------------------------------------*/
 			if( !isset($_SESSION['AUTH'])      ) $_SESSION['AUTH']      = [];
+			if( !isset($_SESSION['PERM'])      ) $_SESSION['PERM']      = [];
 			if( !isset($_SESSION['USER'])      ) $_SESSION['USER']      = [];
 			if( !isset($_SESSION['ADMIN'])     ) $_SESSION['ADMIN']     = [];
 
@@ -115,13 +116,12 @@
 
 		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
 		*
-		* @module<String> 										Module concerné
 		* @expected<array> 										Liste de listes de combinaisons de permissions attendues
 		*
 		* @return error<Error> 										Si FALSE, pas la permission, sinon si
 		*
 		*/
-		public static function permission($module, $expected){
+		public static function permission($expected){
 
 			$error_propag = [];
 
@@ -142,9 +142,9 @@
 			foreach($expected as $permission_group){
 
 				/* If granted -> don't go further */
-				$error_propag[]= self::check_permission_group($module, $permission_group);
+				$error_propag[] = self::check_permission_group($permission_group);
 
-				if( $error_propag[count($error_propag)-1] == Err::Success )
+				if( $error_propag[count($error_propag)-1]->get() == Err::Success )
 					return new Error(Err::Success);
 
 			}
@@ -153,7 +153,7 @@
 			/* [3] By default return `PermissionError`
 			=========================================================*/
 			if( count($error_propag) > 0 )
-				return new Error($error_propag[count($error_propag)-1]);
+				return $error_propag[count($error_propag)-1];
 
 			return new Error(Err::PermissionError);
 		}
@@ -166,13 +166,12 @@
 
 		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
 		*
-		* @module<String> 										Module concerné
 		* @expected<array> 										Liste des permissions attendues
 		*
 		* @return error<int> 										Err:: error constants
 		*
 		*/
-		private static function check_permission_group($module, $expected){
+		private static function check_permission_group($expected){
 
 
 			/* [1] Gestion de l'AUTH (authentification)
@@ -181,12 +180,12 @@
 				/* (1) Si entrepot requis, mais manquant
 				---------------------------------------------------------*/
 				if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) )
-					return Err::PermissionError;
+					return new Error(Err::PermissionError);
 
 				/* (2) Si admin requis, mais manquant
 				---------------------------------------------------------*/
 				if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) )
-					return Err::PermissionError;
+					return new Error(Err::PermissionError);
 
 				/* (3) On retire 'admin', et 'user' de @expected
 				---------------------------------------------------------*/
@@ -204,12 +203,12 @@
 
 					// Si il manque au minimum une permission, on retourne FALSE
 					if( !in_array($permission, $_SESSION['PERM']) )
-						return Err::PermissionError;
+						return new Error(Err::PermissionError, $permission);
 
 
 			/* [4] Si on a toutes les permissions requises
 			=========================================================*/
-			return Err::Success;
+			return new Error(Err::Success);
 		}
 
 
diff --git a/build/api/core/Request.php b/build/api/core/Request.php
index 5a44de6..3952d56 100755
--- a/build/api/core/Request.php
+++ b/build/api/core/Request.php
@@ -410,7 +410,7 @@
 			}
 
 			// Check permission using user-implemented AuthSystem
-			$granted = self::$authsystem::permission( $this->path['module'], $method['permissions'] );
+			$granted = self::$authsystem::permission( $method['permissions'] );
 
 			/* (1) On retourne FAUX si aucun droit n'a ete trouve */
 			if( $granted->get() !== Err::Success ){
diff --git a/build/error/core/Error.php b/build/error/core/Error.php
index 70f9944..2cd3aa4 100755
--- a/build/error/core/Error.php
+++ b/build/error/core/Error.php
@@ -110,7 +110,10 @@
 		}private function TokenError(){
 			return 'bad or expired token';
 		}private function PermissionError(){
-			return 'permission error';
+			if(	count($this->arguments) > 0 )
+				return "missing permission: '".$this->arguments[0]."'";
+			else
+				return 'permission error';
 		}private function DisabledModule(){
 			return 'disabled module';
 		}private function MissingPath(){
diff --git a/config/modules.json b/config/modules.json
index ad23777..f71fe62 100755
--- a/config/modules.json
+++ b/config/modules.json
@@ -3,7 +3,7 @@
 	"RESTexample": {
 		"POST article": {
 			"description": "Posts a new article",
-			"permissions": ["journalist"],
+			"permissions": [["journalist"]],
 			"parameters": {
 				"title":   { "description": "Article's title",   "type": "varchar(5,100)" },
 				"content": { "description": "Article's content", "type": "text" }
@@ -15,7 +15,7 @@
 
 		"GET article": {
 			"description": "Gets all or a specific article",
-			"permissions": ["viewer", "journalist"],
+			"permissions": [["viewer"], ["journalist"]],
 			"parameters": {
 				"URL_0":   { "description": "Article id",   "type": "id", "optional": true }
 			},
@@ -26,7 +26,7 @@
 
 		"VIEW article": {
 			"description": "Gets a specific article into a json file (download)",
-			"permissions": ["viewer", "journalist"],
+			"permissions": [["viewer"], ["journalist"]],
 			"options": { "download": true },
 			"parameters": {
 				"URL_0":   { "description": "Article id",   "type": "id" }
@@ -38,7 +38,7 @@
 
 		"PUT article": {
 			"description": "Updates a specific article",
-			"permissions": ["journalist"],
+			"permissions": [["journalist"]],
 			"parameters": {
 				"URL_0":   { "description": "Article id",   "type": "id" },
 				"content": { "description": "Article's content", "type": "text" }
@@ -50,7 +50,7 @@
 
 		"DELETE article": {
 			"description": "Deletes a specific article",
-			"permissions": ["journalist"],
+			"permissions": [["journalist"]],
 			"parameters": {
 				"URL_0":   { "description": "Article id",   "type": "id" }
 			},