From 5919c771e9cf3c3edfc62dfb1ac6bddf1cfc9732 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 21 Feb 2014 23:24:01 +0100 Subject: Implement multiple access levels for api keys This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz --- application/config/migration.php | 2 +- application/controllers/file.php | 4 ++-- application/controllers/user.php | 17 ++++++++++---- .../migrations/011_apikeys_add_access_level.php | 19 ++++++++++++++++ application/models/muser.php | 19 ++++++++++------ application/views/user/apikeys.php | 26 ++++++++++++++++++++-- 6 files changed, 71 insertions(+), 16 deletions(-) create mode 100644 application/migrations/011_apikeys_add_access_level.php (limited to 'application') diff --git a/application/config/migration.php b/application/config/migration.php index 6cfd09a30..391b6c7c7 100644 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -21,7 +21,7 @@ $config['migration_enabled'] = true; | be upgraded / downgraded to. | */ -$config['migration_version'] = 10; +$config['migration_version'] = 11; /* diff --git a/application/controllers/file.php b/application/controllers/file.php index cb925f461..bb06e17d4 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -264,7 +264,7 @@ class File extends MY_Controller { "lexer" => $lexer )); $this->session->set_flashdata("uri", "file/claim_id"); - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } foreach ($ids as $id) { @@ -630,7 +630,7 @@ class File extends MY_Controller { // stateful clients get a cookie to claim the ID later // don't force them to log in just yet if (!stateful_client()) { - $this->muser->require_access("apikey"); + $this->muser->require_access("basic"); } $ids = array(); diff --git a/application/controllers/user.php b/application/controllers/user.php index bf6c44a86..f11baba74 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -79,7 +79,16 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $comment = $this->input->post("comment"); + $access_level = $this->input->post("access_level"); + if ($access_level === false) { + $access_level = "apikey"; + } + + $valid_levels = $this->muser->get_access_levels(); + if (array_search($access_level, $valid_levels) === false) { + show_error("Invalid access levels requested."); + } if (strlen($comment) > 255) { show_error("Comment may only be 255 chars long."); @@ -89,9 +98,9 @@ class User extends MY_Controller { $this->db->query(" INSERT INTO `apikeys` - (`key`, `user`, `comment`) - VALUES (?, ?, ?) - ", array($key, $userid, $comment)); + (`key`, `user`, `comment`, `access_level`) + VALUES (?, ?, ?, ?) + ", array($key, $userid, $comment, $access_level)); if (static_storage("response_type") == "json") { return send_json_reply(array("new_key" => $key)); @@ -127,7 +136,7 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $query = $this->db->query(" - SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment` + SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level` FROM `apikeys` WHERE `user` = ? order by created desc ", array($userid))->result_array(); diff --git a/application/migrations/011_apikeys_add_access_level.php b/application/migrations/011_apikeys_add_access_level.php new file mode 100644 index 000000000..e0f39317b --- /dev/null +++ b/application/migrations/011_apikeys_add_access_level.php @@ -0,0 +1,19 @@ +db->query(" + alter table `apikeys` add `access_level` varchar(255) default 'apikey'; + "); + } + + public function down() + { + $this->db->query(" + alter table `apikeys` drop `access_level`; + "); + } +} diff --git a/application/models/muser.php b/application/models/muser.php index 7a3627b18..a1d8f18e5 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -11,6 +11,9 @@ class Muser extends CI_Model { private $default_upload_id_limits = "3-6"; + // last level has the most access + private $access_levels = array("basic", "apikey", "full"); + function __construct() { parent::__construct(); @@ -95,7 +98,7 @@ class Muser extends CI_Model { $apikey = trim($apikey); $query = $this->db->query(" - SELECT a.user userid + SELECT a.user userid, a.access_level FROM apikeys a WHERE a.key = ? ", array($apikey))->row_array(); @@ -105,7 +108,7 @@ class Muser extends CI_Model { 'logged_in' => true, 'username' => '', 'userid' => $query["userid"], - 'access_level' => 'apikey', + 'access_level' => $query["access_level"], )); return true; } @@ -145,15 +148,17 @@ class Muser extends CI_Model { return $this->duser->get_email($userid); } + public function get_access_levels() + { + return $this->access_levels; + } + private function check_access_level($wanted_level) { $session_level = $this->session->userdata("access_level"); - // last level has the most access - $levels = array("apikey", "full"); - - $wanted = array_search($wanted_level, $levels); - $have = array_search($session_level, $levels); + $wanted = array_search($wanted_level, $this->access_levels); + $have = array_search($session_level, $this->access_levels); if ($wanted === false || $have === false) { show_error("Failed to determine access level"); diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php index 872eb9ef0..2b6934c6d 100644 --- a/application/views/user/apikeys.php +++ b/application/views/user/apikeys.php @@ -7,6 +7,7 @@ Key Comment Created on + Access @@ -18,10 +19,16 @@ + + + + + + "margin-bottom: 0")); ?> - -