mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API: Require api calls to register the required auth level

This commit is contained in:
Tom Needham 2012-09-13 09:41:20 +00:00
parent 707f74226f
commit fa5dff22a0
1 changed files with 56 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
lib/api.php
View File

@ -26,6 +26,14 @@
class OC_API { class OC_API {
/**
* API authentication levels
*/
const GUEST_AUTH = 0;
const USER_AUTH = 1;
const SUBADMIN_AUTH = 2;
const ADMIN_AUTH = 3;
private static $server; private static $server;
/** /**
@ -46,8 +54,12 @@ class OC_API {
* @param string $url the url to match * @param string $url the url to match
* @param callable $action the function to run * @param callable $action the function to run
* @param string $app the id of the app registering the call * @param string $app the id of the app registering the call
* @param int $authlevel the level of authentication required for the call
* @param array $defaults
* @param array $requirements
*/ */
public static function register($method, $url, $action, $app, public static function register($method, $url, $action, $app,
$authlevel = OC_API::USER_AUTH,
$defaults = array(), $defaults = array(),
$requirements = array()){ $requirements = array()){
$name = strtolower($method).$url; $name = strtolower($method).$url;
@ -61,7 +73,7 @@ class OC_API {
->action('OC_API', 'call'); ->action('OC_API', 'call');
self::$actions[$name] = array(); self::$actions[$name] = array();
} }
self::$actions[$name][] = array('app' => $app, 'action' => $action); self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authlevel);
} }
/** /**
@ -73,16 +85,16 @@ class OC_API {
// Loop through registered actions // Loop through registered actions
foreach(self::$actions[$name] as $action){ foreach(self::$actions[$name] as $action){
$app = $action['app']; $app = $action['app'];
// Check the consumer has permission to call this method. // Authorsie this call
//if(OC_OAuth_Server::isAuthorised('app_'.$app)){ if($this->isAuthorised($action)){
if(is_callable($action['action'])){ if(is_callable($action['action'])){
$responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters)); $responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters));
} else { } else {
$responses[] = array('app' => $app, 'response' => 501); $responses[] = array('app' => $app, 'response' => 501);
} }
//} else { } else {
// $responses[] = array('app' => $app, 'response' => 401); $responses[] = array('app' => $app, 'response' => 401);
//} }
} }
// Merge the responses // Merge the responses
@ -97,6 +109,43 @@ class OC_API {
OC_User::logout(); OC_User::logout();
} }
/**
* authenticate the api call
* @param array $action the action details as supplied to OC_API::register()
* @return bool
*/
private function isAuthorised($action){
$level = $action['authlevel'];
switch($level){
case OC_API::GUEST_AUTH:
// Anyone can access
return true;
break;
case OC_API::USER_AUTH:
// User required
// Check url for username and password
break;
case OC_API::SUBADMIN_AUTH:
// Check for subadmin
break;
case OC_API::ADMIN_AUTH:
// Check for admin
break;
default:
// oops looks like invalid level supplied
return false;
break;
}
}
/**
* gets login details from url and logs in the user
* @return bool
*/
public function loginUser(){
// Todo
}
/** /**
* intelligently merges the different responses * intelligently merges the different responses
* @param array $responses * @param array $responses