From 5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 21 Feb 2014 23:24:01 +0100 Subject: Implement multiple access levels for api keys This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz --- application/controllers/user.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'application/controllers/user.php') diff --git a/application/controllers/user.php b/application/controllers/user.php index bf6c44a86..f11baba74 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -79,7 +79,16 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $comment = $this->input->post("comment"); + $access_level = $this->input->post("access_level"); + if ($access_level === false) { + $access_level = "apikey"; + } + + $valid_levels = $this->muser->get_access_levels(); + if (array_search($access_level, $valid_levels) === false) { + show_error("Invalid access levels requested."); + } if (strlen($comment) > 255) { show_error("Comment may only be 255 chars long."); @@ -89,9 +98,9 @@ class User extends MY_Controller { $this->db->query(" INSERT INTO `apikeys` - (`key`, `user`, `comment`) - VALUES (?, ?, ?) - ", array($key, $userid, $comment)); + (`key`, `user`, `comment`, `access_level`) + VALUES (?, ?, ?, ?) + ", array($key, $userid, $comment, $access_level)); if (static_storage("response_type") == "json") { return send_json_reply(array("new_key" => $key)); @@ -127,7 +136,7 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $query = $this->db->query(" - SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment` + SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level` FROM `apikeys` WHERE `user` = ? order by created desc ", array($userid))->result_array(); -- cgit v1.2.3-24-g4f1b