From fa5dff22a02aeb5985215454549ab1020382b197 Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Thu, 13 Sep 2012 09:41:20 +0000
Subject: [PATCH] API: Require api calls to register the required auth level

---
 lib/api.php | 63 +++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 56 insertions(+), 7 deletions(-)

diff --git a/lib/api.php b/lib/api.php
index 92fa05bd71..c278f7672f 100644
--- a/lib/api.php
+++ b/lib/api.php
@@ -26,6 +26,14 @@
 
 class OC_API {
 
+	/**
+	 * API authentication levels
+	 */
+	const GUEST_AUTH = 0;
+	const USER_AUTH = 1;
+	const SUBADMIN_AUTH = 2;
+	const ADMIN_AUTH = 3;
+
 	private static $server;
 
 	/**
@@ -46,8 +54,12 @@ class OC_API {
 	* @param string $url the url to match
 	* @param callable $action the function to run
 	* @param string $app the id of the app registering the call
+	* @param int $authlevel the level of authentication required for the call
+	* @param array $defaults
+	* @param array $requirements
 	*/
-	public static function register($method, $url, $action, $app,
+	public static function register($method, $url, $action, $app, 
+				$authlevel = OC_API::USER_AUTH,
 				$defaults = array(),
 				$requirements = array()){
 		$name = strtolower($method).$url;
@@ -61,7 +73,7 @@ class OC_API {
 				->action('OC_API', 'call');
 			self::$actions[$name] = array();
 		}
-		self::$actions[$name][] = array('app' => $app, 'action' => $action);
+		self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authlevel);
 	}
 	
 	/**
@@ -73,16 +85,16 @@ class OC_API {
 		// Loop through registered actions
 		foreach(self::$actions[$name] as $action){
 			$app = $action['app'];
-			// Check the consumer has permission to call this method.
-			//if(OC_OAuth_Server::isAuthorised('app_'.$app)){
+			// Authorsie this call
+			if($this->isAuthorised($action)){
 				if(is_callable($action['action'])){
 					$responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters));
 				} else {
 					$responses[] = array('app' => $app, 'response' => 501);
 				}
-			//} else {
-			//	$responses[] = array('app' => $app, 'response' => 401);
-			//}
+			} else {
+				$responses[] = array('app' => $app, 'response' => 401);
+			}
 			
 		}
 		// Merge the responses
@@ -97,6 +109,43 @@ class OC_API {
 		OC_User::logout();
 	}
 	
+	/**
+	 * authenticate the api call
+	 * @param array $action the action details as supplied to OC_API::register()
+	 * @return bool
+	 */
+	private function isAuthorised($action){
+		$level = $action['authlevel'];
+		switch($level){
+			case OC_API::GUEST_AUTH:
+				// Anyone can access
+				return true;
+				break;
+			case OC_API::USER_AUTH:
+				// User required
+				// Check url for username and password
+				break;
+			case OC_API::SUBADMIN_AUTH:
+				// Check for subadmin
+				break;
+			case OC_API::ADMIN_AUTH:
+				// Check for admin
+				break;
+			default:
+				// oops looks like invalid level supplied
+				return false;
+				break;
+		}
+	} 
+	
+	/**
+	 * gets login details from url and logs in the user
+	 * @return bool
+	 */
+	public function loginUser(){
+		// Todo
+	}
+	
 	/**
 	 * intelligently merges the different responses
 	 * @param array $responses