Implement multiple access levels for api keys

This allows to use an api key to write a completly standalone client.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

1 files changed, 13 insertions, 4 deletions

diff --git a/application/controllers/user.php b/application/controllers/user.php
index bf6c44a86..f11baba74 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -79,7 +79,16 @@ class User extends MY_Controller {
 
 		$userid = $this->muser->get_userid();
 		$comment = $this->input->post("comment");
+		$access_level = $this->input->post("access_level");
 
+		if ($access_level === false) {
+			$access_level = "apikey";
+		}
+
+		$valid_levels = $this->muser->get_access_levels();
+		if (array_search($access_level, $valid_levels) === false) {
+			show_error("Invalid access levels requested.");
+		}
 
 		if (strlen($comment) > 255) {
 			show_error("Comment may only be 255 chars long.");
@@ -89,9 +98,9 @@ class User extends MY_Controller {
 
 		$this->db->query("
 			INSERT INTO `apikeys`
-			(`key`, `user`, `comment`)
-			VALUES (?, ?, ?)
-		", array($key, $userid, $comment));
+			(`key`, `user`, `comment`, `access_level`)
+			VALUES (?, ?, ?, ?)
+		", array($key, $userid, $comment, $access_level));
 
 		if (static_storage("response_type") == "json") {
 			return send_json_reply(array("new_key" => $key));
@@ -127,7 +136,7 @@ class User extends MY_Controller {
 		$userid = $this->muser->get_userid();
 
 		$query = $this->db->query("
-			SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`
+			SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level`
 			FROM `apikeys`
 			WHERE `user` = ? order by created desc
 			", array($userid))->result_array();