diff options
| author | Florian Pritz <bluewind@xinu.at> | 2014-02-21 23:24:01 +0100 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2014-02-21 23:24:01 +0100 |
| commit | 5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 (patch) | |
| tree | c774ace3303c3dd4c232f49136118014271e2ca2 /application/controllers | |
| parent | aea9987a38715da82291f87129b1a3047e5c9849 (diff) | |
Implement multiple access levels for api keys
This allows to use an api key to write a completly standalone client.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
| -rw-r--r-- | application/controllers/file.php | 4 | ||||
| -rw-r--r-- | application/controllers/user.php | 17 |
2 files changed, 15 insertions, 6 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index cb925f461..bb06e17d4 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -264,7 +264,7 @@ class File extends MY_Controller { "lexer" => $lexer )); $this->session->set_flashdata("uri", "file/claim_id"); - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } foreach ($ids as $id) { @@ -630,7 +630,7 @@ class File extends MY_Controller { // stateful clients get a cookie to claim the ID later // don't force them to log in just yet if (!stateful_client()) { - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } $ids = array(); diff --git a/application/controllers/user.php b/application/controllers/user.php index bf6c44a86..f11baba74 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -79,7 +79,16 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $comment = $this->input->post("comment"); + $access_level = $this->input->post("access_level"); + if ($access_level === false) { + $access_level = "apikey"; + } + + $valid_levels = $this->muser->get_access_levels(); + if (array_search($access_level, $valid_levels) === false) { + show_error("Invalid access levels requested."); + } if (strlen($comment) > 255) { show_error("Comment may only be 255 chars long."); @@ -89,9 +98,9 @@ class User extends MY_Controller { $this->db->query(" INSERT INTO `apikeys` - (`key`, `user`, `comment`) - VALUES (?, ?, ?) - ", array($key, $userid, $comment)); + (`key`, `user`, `comment`, `access_level`) + VALUES (?, ?, ?, ?) + ", array($key, $userid, $comment, $access_level)); if (static_storage("response_type") == "json") { return send_json_reply(array("new_key" => $key)); @@ -127,7 +136,7 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $query = $this->db->query(" - SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment` + SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level` FROM `apikeys` WHERE `user` = ? order by created desc ", array($userid))->result_array(); |