Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) | api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected))
This commit is contained in:
xdrm-brackets
parent
ab0808d4c5
commit
cc4fd4427b
|
|
@ -25,6 +25,7 @@
|
||||||
/* (1) Initialisation
|
/* (1) Initialisation
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
|
if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
|
||||||
|
if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = [];
|
||||||
if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = [];
|
if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = [];
|
||||||
if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = [];
|
if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = [];
|
||||||
|
|
||||||
|
|
@ -115,13 +116,12 @@
|
||||||
|
|
||||||
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
||||||
*
|
*
|
||||||
* @module<String> Module concerné
|
|
||||||
* @expected<array> Liste de listes de combinaisons de permissions attendues
|
* @expected<array> Liste de listes de combinaisons de permissions attendues
|
||||||
*
|
*
|
||||||
* @return error<Error> Si FALSE, pas la permission, sinon si
|
* @return error<Error> Si FALSE, pas la permission, sinon si
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public static function permission($module, $expected){
|
public static function permission($expected){
|
||||||
|
|
||||||
$error_propag = [];
|
$error_propag = [];
|
||||||
|
|
||||||
|
|
@ -142,9 +142,9 @@
|
||||||
foreach($expected as $permission_group){
|
foreach($expected as $permission_group){
|
||||||
|
|
||||||
/* If granted -> don't go further */
|
/* If granted -> don't go further */
|
||||||
$error_propag[]= self::check_permission_group($module, $permission_group);
|
$error_propag[] = self::check_permission_group($permission_group);
|
||||||
|
|
||||||
if( $error_propag[count($error_propag)-1] == Err::Success )
|
if( $error_propag[count($error_propag)-1]->get() == Err::Success )
|
||||||
return new Error(Err::Success);
|
return new Error(Err::Success);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -153,7 +153,7 @@
|
||||||
/* [3] By default return `PermissionError`
|
/* [3] By default return `PermissionError`
|
||||||
=========================================================*/
|
=========================================================*/
|
||||||
if( count($error_propag) > 0 )
|
if( count($error_propag) > 0 )
|
||||||
return new Error($error_propag[count($error_propag)-1]);
|
return $error_propag[count($error_propag)-1];
|
||||||
|
|
||||||
return new Error(Err::PermissionError);
|
return new Error(Err::PermissionError);
|
||||||
}
|
}
|
||||||
|
|
@ -166,13 +166,12 @@
|
||||||
|
|
||||||
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
||||||
*
|
*
|
||||||
* @module<String> Module concerné
|
|
||||||
* @expected<array> Liste des permissions attendues
|
* @expected<array> Liste des permissions attendues
|
||||||
*
|
*
|
||||||
* @return error<int> Err:: error constants
|
* @return error<int> Err:: error constants
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private static function check_permission_group($module, $expected){
|
private static function check_permission_group($expected){
|
||||||
|
|
||||||
|
|
||||||
/* [1] Gestion de l'AUTH (authentification)
|
/* [1] Gestion de l'AUTH (authentification)
|
||||||
|
|
@ -181,12 +180,12 @@
|
||||||
/* (1) Si entrepot requis, mais manquant
|
/* (1) Si entrepot requis, mais manquant
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) )
|
if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) )
|
||||||
return Err::PermissionError;
|
return new Error(Err::PermissionError);
|
||||||
|
|
||||||
/* (2) Si admin requis, mais manquant
|
/* (2) Si admin requis, mais manquant
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) )
|
if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) )
|
||||||
return Err::PermissionError;
|
return new Error(Err::PermissionError);
|
||||||
|
|
||||||
/* (3) On retire 'admin', et 'user' de @expected
|
/* (3) On retire 'admin', et 'user' de @expected
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
|
|
@ -204,12 +203,12 @@
|
||||||
|
|
||||||
// Si il manque au minimum une permission, on retourne FALSE
|
// Si il manque au minimum une permission, on retourne FALSE
|
||||||
if( !in_array($permission, $_SESSION['PERM']) )
|
if( !in_array($permission, $_SESSION['PERM']) )
|
||||||
return Err::PermissionError;
|
return new Error(Err::PermissionError, $permission);
|
||||||
|
|
||||||
|
|
||||||
/* [4] Si on a toutes les permissions requises
|
/* [4] Si on a toutes les permissions requises
|
||||||
=========================================================*/
|
=========================================================*/
|
||||||
return Err::Success;
|
return new Error(Err::Success);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -410,7 +410,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check permission using user-implemented AuthSystem
|
// Check permission using user-implemented AuthSystem
|
||||||
$granted = self::$authsystem::permission( $this->path['module'], $method['permissions'] );
|
$granted = self::$authsystem::permission( $method['permissions'] );
|
||||||
|
|
||||||
/* (1) On retourne FAUX si aucun droit n'a ete trouve */
|
/* (1) On retourne FAUX si aucun droit n'a ete trouve */
|
||||||
if( $granted->get() !== Err::Success ){
|
if( $granted->get() !== Err::Success ){
|
||||||
|
|
|
||||||
|
|
@ -110,7 +110,10 @@
|
||||||
}private function TokenError(){
|
}private function TokenError(){
|
||||||
return 'bad or expired token';
|
return 'bad or expired token';
|
||||||
}private function PermissionError(){
|
}private function PermissionError(){
|
||||||
return 'permission error';
|
if( count($this->arguments) > 0 )
|
||||||
|
return "missing permission: '".$this->arguments[0]."'";
|
||||||
|
else
|
||||||
|
return 'permission error';
|
||||||
}private function DisabledModule(){
|
}private function DisabledModule(){
|
||||||
return 'disabled module';
|
return 'disabled module';
|
||||||
}private function MissingPath(){
|
}private function MissingPath(){
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
"RESTexample": {
|
"RESTexample": {
|
||||||
"POST article": {
|
"POST article": {
|
||||||
"description": "Posts a new article",
|
"description": "Posts a new article",
|
||||||
"permissions": ["journalist"],
|
"permissions": [["journalist"]],
|
||||||
"parameters": {
|
"parameters": {
|
||||||
"title": { "description": "Article's title", "type": "varchar(5,100)" },
|
"title": { "description": "Article's title", "type": "varchar(5,100)" },
|
||||||
"content": { "description": "Article's content", "type": "text" }
|
"content": { "description": "Article's content", "type": "text" }
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
"GET article": {
|
"GET article": {
|
||||||
"description": "Gets all or a specific article",
|
"description": "Gets all or a specific article",
|
||||||
"permissions": ["viewer", "journalist"],
|
"permissions": [["viewer"], ["journalist"]],
|
||||||
"parameters": {
|
"parameters": {
|
||||||
"URL_0": { "description": "Article id", "type": "id", "optional": true }
|
"URL_0": { "description": "Article id", "type": "id", "optional": true }
|
||||||
},
|
},
|
||||||
|
|
@ -26,7 +26,7 @@
|
||||||
|
|
||||||
"VIEW article": {
|
"VIEW article": {
|
||||||
"description": "Gets a specific article into a json file (download)",
|
"description": "Gets a specific article into a json file (download)",
|
||||||
"permissions": ["viewer", "journalist"],
|
"permissions": [["viewer"], ["journalist"]],
|
||||||
"options": { "download": true },
|
"options": { "download": true },
|
||||||
"parameters": {
|
"parameters": {
|
||||||
"URL_0": { "description": "Article id", "type": "id" }
|
"URL_0": { "description": "Article id", "type": "id" }
|
||||||
|
|
@ -38,7 +38,7 @@
|
||||||
|
|
||||||
"PUT article": {
|
"PUT article": {
|
||||||
"description": "Updates a specific article",
|
"description": "Updates a specific article",
|
||||||
"permissions": ["journalist"],
|
"permissions": [["journalist"]],
|
||||||
"parameters": {
|
"parameters": {
|
||||||
"URL_0": { "description": "Article id", "type": "id" },
|
"URL_0": { "description": "Article id", "type": "id" },
|
||||||
"content": { "description": "Article's content", "type": "text" }
|
"content": { "description": "Article's content", "type": "text" }
|
||||||
|
|
@ -50,7 +50,7 @@
|
||||||
|
|
||||||
"DELETE article": {
|
"DELETE article": {
|
||||||
"description": "Deletes a specific article",
|
"description": "Deletes a specific article",
|
||||||
"permissions": ["journalist"],
|
"permissions": [["journalist"]],
|
||||||
"parameters": {
|
"parameters": {
|
||||||
"URL_0": { "description": "Article id", "type": "id" }
|
"URL_0": { "description": "Article id", "type": "id" }
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue