summaryrefslogtreecommitdiffstats
path: root/application/controllers
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2014-02-21 23:24:01 +0100
committerFlorian Pritz <bluewind@xinu.at>2014-02-21 23:24:01 +0100
commit5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 (patch)
treec774ace3303c3dd4c232f49136118014271e2ca2 /application/controllers
parentaea9987a38715da82291f87129b1a3047e5c9849 (diff)
Implement multiple access levels for api keys
This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
-rw-r--r--application/controllers/file.php4
-rw-r--r--application/controllers/user.php17
2 files changed, 15 insertions, 6 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index cb925f461..bb06e17d4 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -264,7 +264,7 @@ class File extends MY_Controller {
"lexer" => $lexer
));
$this->session->set_flashdata("uri", "file/claim_id");
- $this->muser->require_access("apikey");
+ $this->muser->require_access("basic");
}
foreach ($ids as $id) {
@@ -630,7 +630,7 @@ class File extends MY_Controller {
// stateful clients get a cookie to claim the ID later
// don't force them to log in just yet
if (!stateful_client()) {
- $this->muser->require_access("apikey");
+ $this->muser->require_access("basic");
}
$ids = array();
diff --git a/application/controllers/user.php b/application/controllers/user.php
index bf6c44a86..f11baba74 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -79,7 +79,16 @@ class User extends MY_Controller {
$userid = $this->muser->get_userid();
$comment = $this->input->post("comment");
+ $access_level = $this->input->post("access_level");
+ if ($access_level === false) {
+ $access_level = "apikey";
+ }
+
+ $valid_levels = $this->muser->get_access_levels();
+ if (array_search($access_level, $valid_levels) === false) {
+ show_error("Invalid access levels requested.");
+ }
if (strlen($comment) > 255) {
show_error("Comment may only be 255 chars long.");
@@ -89,9 +98,9 @@ class User extends MY_Controller {
$this->db->query("
INSERT INTO `apikeys`
- (`key`, `user`, `comment`)
- VALUES (?, ?, ?)
- ", array($key, $userid, $comment));
+ (`key`, `user`, `comment`, `access_level`)
+ VALUES (?, ?, ?, ?)
+ ", array($key, $userid, $comment, $access_level));
if (static_storage("response_type") == "json") {
return send_json_reply(array("new_key" => $key));
@@ -127,7 +136,7 @@ class User extends MY_Controller {
$userid = $this->muser->get_userid();
$query = $this->db->query("
- SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`
+ SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level`
FROM `apikeys`
WHERE `user` = ? order by created desc
", array($userid))->result_array();