summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2014-02-21 23:24:01 +0100
committerFlorian Pritz <bluewind@xinu.at>2014-02-21 23:24:01 +0100
commit5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 (patch)
treec774ace3303c3dd4c232f49136118014271e2ca2
parentaea9987a38715da82291f87129b1a3047e5c9849 (diff)
Implement multiple access levels for api keys
This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/config/migration.php2
-rw-r--r--application/controllers/file.php4
-rw-r--r--application/controllers/user.php17
-rw-r--r--application/migrations/011_apikeys_add_access_level.php19
-rw-r--r--application/models/muser.php19
-rw-r--r--application/views/user/apikeys.php26
6 files changed, 71 insertions, 16 deletions
diff --git a/application/config/migration.php b/application/config/migration.php
index 6cfd09a30..391b6c7c7 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -21,7 +21,7 @@ $config['migration_enabled'] = true;
| be upgraded / downgraded to.
|
*/
-$config['migration_version'] = 10;
+$config['migration_version'] = 11;
/*
diff --git a/application/controllers/file.php b/application/controllers/file.php
index cb925f461..bb06e17d4 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -264,7 +264,7 @@ class File extends MY_Controller {
"lexer" => $lexer
));
$this->session->set_flashdata("uri", "file/claim_id");
- $this->muser->require_access("apikey");
+ $this->muser->require_access("basic");
}
foreach ($ids as $id) {
@@ -630,7 +630,7 @@ class File extends MY_Controller {
// stateful clients get a cookie to claim the ID later
// don't force them to log in just yet
if (!stateful_client()) {
- $this->muser->require_access("apikey");
+ $this->muser->require_access("basic");
}
$ids = array();
diff --git a/application/controllers/user.php b/application/controllers/user.php
index bf6c44a86..f11baba74 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -79,7 +79,16 @@ class User extends MY_Controller {
$userid = $this->muser->get_userid();
$comment = $this->input->post("comment");
+ $access_level = $this->input->post("access_level");
+ if ($access_level === false) {
+ $access_level = "apikey";
+ }
+
+ $valid_levels = $this->muser->get_access_levels();
+ if (array_search($access_level, $valid_levels) === false) {
+ show_error("Invalid access levels requested.");
+ }
if (strlen($comment) > 255) {
show_error("Comment may only be 255 chars long.");
@@ -89,9 +98,9 @@ class User extends MY_Controller {
$this->db->query("
INSERT INTO `apikeys`
- (`key`, `user`, `comment`)
- VALUES (?, ?, ?)
- ", array($key, $userid, $comment));
+ (`key`, `user`, `comment`, `access_level`)
+ VALUES (?, ?, ?, ?)
+ ", array($key, $userid, $comment, $access_level));
if (static_storage("response_type") == "json") {
return send_json_reply(array("new_key" => $key));
@@ -127,7 +136,7 @@ class User extends MY_Controller {
$userid = $this->muser->get_userid();
$query = $this->db->query("
- SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`
+ SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level`
FROM `apikeys`
WHERE `user` = ? order by created desc
", array($userid))->result_array();
diff --git a/application/migrations/011_apikeys_add_access_level.php b/application/migrations/011_apikeys_add_access_level.php
new file mode 100644
index 000000000..e0f39317b
--- /dev/null
+++ b/application/migrations/011_apikeys_add_access_level.php
@@ -0,0 +1,19 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_apikeys_add_access_level extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ alter table `apikeys` add `access_level` varchar(255) default 'apikey';
+ ");
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ alter table `apikeys` drop `access_level`;
+ ");
+ }
+}
diff --git a/application/models/muser.php b/application/models/muser.php
index 7a3627b18..a1d8f18e5 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -11,6 +11,9 @@ class Muser extends CI_Model {
private $default_upload_id_limits = "3-6";
+ // last level has the most access
+ private $access_levels = array("basic", "apikey", "full");
+
function __construct()
{
parent::__construct();
@@ -95,7 +98,7 @@ class Muser extends CI_Model {
$apikey = trim($apikey);
$query = $this->db->query("
- SELECT a.user userid
+ SELECT a.user userid, a.access_level
FROM apikeys a
WHERE a.key = ?
", array($apikey))->row_array();
@@ -105,7 +108,7 @@ class Muser extends CI_Model {
'logged_in' => true,
'username' => '',
'userid' => $query["userid"],
- 'access_level' => 'apikey',
+ 'access_level' => $query["access_level"],
));
return true;
}
@@ -145,15 +148,17 @@ class Muser extends CI_Model {
return $this->duser->get_email($userid);
}
+ public function get_access_levels()
+ {
+ return $this->access_levels;
+ }
+
private function check_access_level($wanted_level)
{
$session_level = $this->session->userdata("access_level");
- // last level has the most access
- $levels = array("apikey", "full");
-
- $wanted = array_search($wanted_level, $levels);
- $have = array_search($session_level, $levels);
+ $wanted = array_search($wanted_level, $this->access_levels);
+ $have = array_search($session_level, $this->access_levels);
if ($wanted === false || $have === false) {
show_error("Failed to determine access level");
diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php
index 872eb9ef0..2b6934c6d 100644
--- a/application/views/user/apikeys.php
+++ b/application/views/user/apikeys.php
@@ -7,6 +7,7 @@
<th>Key</th>
<th style="width: 30%;">Comment</th>
<th>Created on</th>
+ <th>Access</th>
<th></th>
</tr>
</thead>
@@ -19,9 +20,15 @@
<td><?php echo htmlentities($item["comment"]); ?></td>
<td><?php echo date("Y/m/d H:i", $item["created"]); ?></td>
<td>
+ <?php if ($item["access_level"] == "full"): ?>
+ <span class="glyphicon glyphicon-warning-sign"></span>
+ <?php endif; ?>
+ <?php echo $item["access_level"]; ?>
+ </td>
+ <td>
<?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?>
- <?php echo form_hidden("key", $item["key"]); ?>
- <button class="btn btn-danger btn-xs" type="submit">Delete</input>
+ <?php echo form_hidden("key", $item["key"]); ?>
+ <button class="btn btn-danger btn-xs" type="submit">Delete</input>
</form>
</td>
</tr>
@@ -30,9 +37,24 @@
</table>
</div>
+<h3>Access levels:</h3>
+
+<dl class="dl-horizontal">
+ <dt>basic</dt>
+ <dd>Allows uploading files.</dd>
+ <dt>apikey</dt>
+ <dd>Allows removing existing files and viewing the history. Includes <code>basic</code>.</dd>
+ <dt>full</dt>
+ <dd>Allows everything, including, but not limited to, creating and removing api keys, changing profile settings and creating invitation keys. Includes <code>apikey</code>.</dd>
+
<p>
<?php echo form_open('user/create_apikey', array("class" => "form-inline")); ?>
<input type="text" name="comment" placeholder="Comment" class="form-control" style="width: 200px;"/>
+ <select name="access_level" class="form-control" style="width: 100px;">
+ <option>basic</option>
+ <option selected="selected">apikey</option>
+ <option>full</option>
+ </select>
<input class="btn btn-primary" type="submit" value="Create a new key" name="process" />
</form>
</p>