diff options
author | Florian Pritz <bluewind@xinu.at> | 2014-02-21 23:24:01 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2014-02-21 23:24:01 +0100 |
commit | 5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 (patch) | |
tree | c774ace3303c3dd4c232f49136118014271e2ca2 /application | |
parent | aea9987a38715da82291f87129b1a3047e5c9849 (diff) |
Implement multiple access levels for api keys
This allows to use an api key to write a completly standalone client.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r-- | application/config/migration.php | 2 | ||||
-rw-r--r-- | application/controllers/file.php | 4 | ||||
-rw-r--r-- | application/controllers/user.php | 17 | ||||
-rw-r--r-- | application/migrations/011_apikeys_add_access_level.php | 19 | ||||
-rw-r--r-- | application/models/muser.php | 19 | ||||
-rw-r--r-- | application/views/user/apikeys.php | 26 |
6 files changed, 71 insertions, 16 deletions
diff --git a/application/config/migration.php b/application/config/migration.php index 6cfd09a30..391b6c7c7 100644 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -21,7 +21,7 @@ $config['migration_enabled'] = true; | be upgraded / downgraded to. | */ -$config['migration_version'] = 10; +$config['migration_version'] = 11; /* diff --git a/application/controllers/file.php b/application/controllers/file.php index cb925f461..bb06e17d4 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -264,7 +264,7 @@ class File extends MY_Controller { "lexer" => $lexer )); $this->session->set_flashdata("uri", "file/claim_id"); - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } foreach ($ids as $id) { @@ -630,7 +630,7 @@ class File extends MY_Controller { // stateful clients get a cookie to claim the ID later // don't force them to log in just yet if (!stateful_client()) { - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } $ids = array(); diff --git a/application/controllers/user.php b/application/controllers/user.php index bf6c44a86..f11baba74 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -79,7 +79,16 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $comment = $this->input->post("comment"); + $access_level = $this->input->post("access_level"); + if ($access_level === false) { + $access_level = "apikey"; + } + + $valid_levels = $this->muser->get_access_levels(); + if (array_search($access_level, $valid_levels) === false) { + show_error("Invalid access levels requested."); + } if (strlen($comment) > 255) { show_error("Comment may only be 255 chars long."); @@ -89,9 +98,9 @@ class User extends MY_Controller { $this->db->query(" INSERT INTO `apikeys` - (`key`, `user`, `comment`) - VALUES (?, ?, ?) - ", array($key, $userid, $comment)); + (`key`, `user`, `comment`, `access_level`) + VALUES (?, ?, ?, ?) + ", array($key, $userid, $comment, $access_level)); if (static_storage("response_type") == "json") { return send_json_reply(array("new_key" => $key)); @@ -127,7 +136,7 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $query = $this->db->query(" - SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment` + SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level` FROM `apikeys` WHERE `user` = ? order by created desc ", array($userid))->result_array(); diff --git a/application/migrations/011_apikeys_add_access_level.php b/application/migrations/011_apikeys_add_access_level.php new file mode 100644 index 000000000..e0f39317b --- /dev/null +++ b/application/migrations/011_apikeys_add_access_level.php @@ -0,0 +1,19 @@ +<?php +defined('BASEPATH') OR exit('No direct script access allowed'); + +class Migration_apikeys_add_access_level extends CI_Migration { + + public function up() + { + $this->db->query(" + alter table `apikeys` add `access_level` varchar(255) default 'apikey'; + "); + } + + public function down() + { + $this->db->query(" + alter table `apikeys` drop `access_level`; + "); + } +} diff --git a/application/models/muser.php b/application/models/muser.php index 7a3627b18..a1d8f18e5 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -11,6 +11,9 @@ class Muser extends CI_Model { private $default_upload_id_limits = "3-6"; + // last level has the most access + private $access_levels = array("basic", "apikey", "full"); + function __construct() { parent::__construct(); @@ -95,7 +98,7 @@ class Muser extends CI_Model { $apikey = trim($apikey); $query = $this->db->query(" - SELECT a.user userid + SELECT a.user userid, a.access_level FROM apikeys a WHERE a.key = ? ", array($apikey))->row_array(); @@ -105,7 +108,7 @@ class Muser extends CI_Model { 'logged_in' => true, 'username' => '', 'userid' => $query["userid"], - 'access_level' => 'apikey', + 'access_level' => $query["access_level"], )); return true; } @@ -145,15 +148,17 @@ class Muser extends CI_Model { return $this->duser->get_email($userid); } + public function get_access_levels() + { + return $this->access_levels; + } + private function check_access_level($wanted_level) { $session_level = $this->session->userdata("access_level"); - // last level has the most access - $levels = array("apikey", "full"); - - $wanted = array_search($wanted_level, $levels); - $have = array_search($session_level, $levels); + $wanted = array_search($wanted_level, $this->access_levels); + $have = array_search($session_level, $this->access_levels); if ($wanted === false || $have === false) { show_error("Failed to determine access level"); diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php index 872eb9ef0..2b6934c6d 100644 --- a/application/views/user/apikeys.php +++ b/application/views/user/apikeys.php @@ -7,6 +7,7 @@ <th>Key</th> <th style="width: 30%;">Comment</th> <th>Created on</th> + <th>Access</th> <th></th> </tr> </thead> @@ -19,9 +20,15 @@ <td><?php echo htmlentities($item["comment"]); ?></td> <td><?php echo date("Y/m/d H:i", $item["created"]); ?></td> <td> + <?php if ($item["access_level"] == "full"): ?> + <span class="glyphicon glyphicon-warning-sign"></span> + <?php endif; ?> + <?php echo $item["access_level"]; ?> + </td> + <td> <?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?> - <?php echo form_hidden("key", $item["key"]); ?> - <button class="btn btn-danger btn-xs" type="submit">Delete</input> + <?php echo form_hidden("key", $item["key"]); ?> + <button class="btn btn-danger btn-xs" type="submit">Delete</input> </form> </td> </tr> @@ -30,9 +37,24 @@ </table> </div> +<h3>Access levels:</h3> + +<dl class="dl-horizontal"> + <dt>basic</dt> + <dd>Allows uploading files.</dd> + <dt>apikey</dt> + <dd>Allows removing existing files and viewing the history. Includes <code>basic</code>.</dd> + <dt>full</dt> + <dd>Allows everything, including, but not limited to, creating and removing api keys, changing profile settings and creating invitation keys. Includes <code>apikey</code>.</dd> + <p> <?php echo form_open('user/create_apikey', array("class" => "form-inline")); ?> <input type="text" name="comment" placeholder="Comment" class="form-control" style="width: 200px;"/> + <select name="access_level" class="form-control" style="width: 100px;"> + <option>basic</option> + <option selected="selected">apikey</option> + <option>full</option> + </select> <input class="btn btn-primary" type="submit" value="Create a new key" name="process" /> </form> </p> |