Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) | api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected))

This commit is contained in:
xdrm-brackets 2017-11-23 11:34:20 +01:00
parent ab0808d4c5
commit cc4fd4427b
4 changed files with 20 additions and 18 deletions

View File

@ -25,6 +25,7 @@
/* (1) Initialisation /* (1) Initialisation
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = []; if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = [];
if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = []; if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = [];
if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = []; if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = [];
@ -115,13 +116,12 @@
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
* *
* @module<String> Module concerné
* @expected<array> Liste de listes de combinaisons de permissions attendues * @expected<array> Liste de listes de combinaisons de permissions attendues
* *
* @return error<Error> Si FALSE, pas la permission, sinon si * @return error<Error> Si FALSE, pas la permission, sinon si
* *
*/ */
public static function permission($module, $expected){ public static function permission($expected){
$error_propag = []; $error_propag = [];
@ -142,9 +142,9 @@
foreach($expected as $permission_group){ foreach($expected as $permission_group){
/* If granted -> don't go further */ /* If granted -> don't go further */
$error_propag[]= self::check_permission_group($module, $permission_group); $error_propag[] = self::check_permission_group($permission_group);
if( $error_propag[count($error_propag)-1] == Err::Success ) if( $error_propag[count($error_propag)-1]->get() == Err::Success )
return new Error(Err::Success); return new Error(Err::Success);
} }
@ -153,7 +153,7 @@
/* [3] By default return `PermissionError` /* [3] By default return `PermissionError`
=========================================================*/ =========================================================*/
if( count($error_propag) > 0 ) if( count($error_propag) > 0 )
return new Error($error_propag[count($error_propag)-1]); return $error_propag[count($error_propag)-1];
return new Error(Err::PermissionError); return new Error(Err::PermissionError);
} }
@ -166,13 +166,12 @@
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
* *
* @module<String> Module concerné
* @expected<array> Liste des permissions attendues * @expected<array> Liste des permissions attendues
* *
* @return error<int> Err:: error constants * @return error<int> Err:: error constants
* *
*/ */
private static function check_permission_group($module, $expected){ private static function check_permission_group($expected){
/* [1] Gestion de l'AUTH (authentification) /* [1] Gestion de l'AUTH (authentification)
@ -181,12 +180,12 @@
/* (1) Si entrepot requis, mais manquant /* (1) Si entrepot requis, mais manquant
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) ) if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) )
return Err::PermissionError; return new Error(Err::PermissionError);
/* (2) Si admin requis, mais manquant /* (2) Si admin requis, mais manquant
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) ) if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) )
return Err::PermissionError; return new Error(Err::PermissionError);
/* (3) On retire 'admin', et 'user' de @expected /* (3) On retire 'admin', et 'user' de @expected
---------------------------------------------------------*/ ---------------------------------------------------------*/
@ -204,12 +203,12 @@
// Si il manque au minimum une permission, on retourne FALSE // Si il manque au minimum une permission, on retourne FALSE
if( !in_array($permission, $_SESSION['PERM']) ) if( !in_array($permission, $_SESSION['PERM']) )
return Err::PermissionError; return new Error(Err::PermissionError, $permission);
/* [4] Si on a toutes les permissions requises /* [4] Si on a toutes les permissions requises
=========================================================*/ =========================================================*/
return Err::Success; return new Error(Err::Success);
} }

View File

@ -410,7 +410,7 @@
} }
// Check permission using user-implemented AuthSystem // Check permission using user-implemented AuthSystem
$granted = self::$authsystem::permission( $this->path['module'], $method['permissions'] ); $granted = self::$authsystem::permission( $method['permissions'] );
/* (1) On retourne FAUX si aucun droit n'a ete trouve */ /* (1) On retourne FAUX si aucun droit n'a ete trouve */
if( $granted->get() !== Err::Success ){ if( $granted->get() !== Err::Success ){

View File

@ -110,6 +110,9 @@
}private function TokenError(){ }private function TokenError(){
return 'bad or expired token'; return 'bad or expired token';
}private function PermissionError(){ }private function PermissionError(){
if( count($this->arguments) > 0 )
return "missing permission: '".$this->arguments[0]."'";
else
return 'permission error'; return 'permission error';
}private function DisabledModule(){ }private function DisabledModule(){
return 'disabled module'; return 'disabled module';

View File

@ -3,7 +3,7 @@
"RESTexample": { "RESTexample": {
"POST article": { "POST article": {
"description": "Posts a new article", "description": "Posts a new article",
"permissions": ["journalist"], "permissions": [["journalist"]],
"parameters": { "parameters": {
"title": { "description": "Article's title", "type": "varchar(5,100)" }, "title": { "description": "Article's title", "type": "varchar(5,100)" },
"content": { "description": "Article's content", "type": "text" } "content": { "description": "Article's content", "type": "text" }
@ -15,7 +15,7 @@
"GET article": { "GET article": {
"description": "Gets all or a specific article", "description": "Gets all or a specific article",
"permissions": ["viewer", "journalist"], "permissions": [["viewer"], ["journalist"]],
"parameters": { "parameters": {
"URL_0": { "description": "Article id", "type": "id", "optional": true } "URL_0": { "description": "Article id", "type": "id", "optional": true }
}, },
@ -26,7 +26,7 @@
"VIEW article": { "VIEW article": {
"description": "Gets a specific article into a json file (download)", "description": "Gets a specific article into a json file (download)",
"permissions": ["viewer", "journalist"], "permissions": [["viewer"], ["journalist"]],
"options": { "download": true }, "options": { "download": true },
"parameters": { "parameters": {
"URL_0": { "description": "Article id", "type": "id" } "URL_0": { "description": "Article id", "type": "id" }
@ -38,7 +38,7 @@
"PUT article": { "PUT article": {
"description": "Updates a specific article", "description": "Updates a specific article",
"permissions": ["journalist"], "permissions": [["journalist"]],
"parameters": { "parameters": {
"URL_0": { "description": "Article id", "type": "id" }, "URL_0": { "description": "Article id", "type": "id" },
"content": { "description": "Article's content", "type": "text" } "content": { "description": "Article's content", "type": "text" }
@ -50,7 +50,7 @@
"DELETE article": { "DELETE article": {
"description": "Deletes a specific article", "description": "Deletes a specific article",
"permissions": ["journalist"], "permissions": [["journalist"]],
"parameters": { "parameters": {
"URL_0": { "description": "Article id", "type": "id" } "URL_0": { "description": "Article id", "type": "id" }
}, },