kopia lustrzana https://github.com/magicbug/Cloudlog
API key-based authorization implemented for api/search.
Andy Smith
rodzic
c9e43ec203
commit
c93bc608dd
|
|
@ -144,10 +144,14 @@ class API extends CI_Controller {
|
|||
$this->load->model('api_model');
|
||||
$this->load->model('logbook_model');
|
||||
$this->load->model('user_model');
|
||||
//if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
|
||||
|
||||
$arguments = $this->_retrieve();
|
||||
|
||||
if((!$this->user_model->authorize(3)) && ($this->api_model->authorize($arguments['key']) == 0)) {
|
||||
$this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard');
|
||||
}
|
||||
|
||||
// Retrieve the arguments from the query string
|
||||
$arguments = $this->_retrieve();
|
||||
$data['data']['format'] = $arguments['format'];
|
||||
|
||||
// Call the parser within the API model to build the query
|
||||
|
|
@ -189,6 +193,27 @@ class API extends CI_Controller {
|
|||
$this->load->view('api/index', $data);
|
||||
}
|
||||
|
||||
function validate()
|
||||
{
|
||||
// Load the API and Logbook models
|
||||
$this->load->model('api_model');
|
||||
$this->load->model('logbook_model');
|
||||
|
||||
// Retrieve the arguments from the query string
|
||||
$arguments = $this->_retrieve();
|
||||
|
||||
// Add some debugging information to the XML output
|
||||
$data['data'] = $arguments;
|
||||
$data['data']['queryInfo']['call'] = "validate";
|
||||
$data['data']['queryInfo']['dbQuery'] = "";
|
||||
$data['data']['queryInfo']['numResults'] = 1;
|
||||
$data['data']['queryInfo']['executionTime'] = 0;
|
||||
|
||||
$data['data']['validate_Result']['results'] = array(0 => array('Result' => $this->api_model->authorize($arguments['key'])));
|
||||
|
||||
$this->load->view('api/index', $data);
|
||||
}
|
||||
|
||||
function add()
|
||||
{
|
||||
// Load the API and Logbook models
|
||||
|
|
@ -246,6 +271,7 @@ class API extends CI_Controller {
|
|||
$order = preg_grep("/^order\[(.*)\]$/", $this->uri->segments);
|
||||
$fields = preg_grep("/^fields\[(.*)\]$/", $this->uri->segments);
|
||||
$format = preg_grep("/^format\[(.*)\]$/", $this->uri->segments);
|
||||
$key = preg_grep("/^key\[(.*)\]$/", $this->uri->segments);
|
||||
|
||||
// Strip each argument
|
||||
$arguments['query'] = substr(array_pop($query), 6);
|
||||
|
|
@ -258,6 +284,13 @@ class API extends CI_Controller {
|
|||
$arguments['fields'] = substr($arguments['fields'], 0, strlen($arguments['fields']) - 1);
|
||||
$arguments['format'] = substr(array_pop($format), 7);
|
||||
$arguments['format'] = substr($arguments['format'], 0, strlen($arguments['format']) - 1);
|
||||
$arguments['key'] = substr(array_pop($key), 4);
|
||||
$arguments['key'] = substr($arguments['key'], 0, strlen($arguments['key']) - 1);
|
||||
|
||||
// By default, assume XML for the format if not otherwise set
|
||||
if($arguments['format'] == "") {
|
||||
$arguments['format'] = "xml";
|
||||
}
|
||||
|
||||
// Return the arguments
|
||||
return $arguments;
|
||||
|
|
|
|||
|
|
@ -38,26 +38,41 @@ class API_Model extends CI_Model {
|
|||
|
||||
function access($key) {
|
||||
|
||||
// No key = no access, mate
|
||||
if(!$key) {
|
||||
return $status = "No Key Found";
|
||||
}
|
||||
|
||||
// Check that the key is valid
|
||||
$this->db->where('key', $key);
|
||||
$query = $this->db->get('api');
|
||||
$query = $this->db->get('api');
|
||||
|
||||
if ($query->num_rows() > 0)
|
||||
{
|
||||
foreach ($query->result() as $row)
|
||||
{
|
||||
if($row->status == "active") {
|
||||
return $status = $row->rights;
|
||||
} else {
|
||||
return $status = "Key Disabled";
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
return $status = "No Key Found";
|
||||
}
|
||||
if ($query->num_rows() > 0)
|
||||
{
|
||||
foreach ($query->result() as $row)
|
||||
{
|
||||
if($row->status == "active") {
|
||||
return $status = $row->rights;
|
||||
} else {
|
||||
return $status = "Key Disabled";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return $status = "No Key Found";
|
||||
}
|
||||
}
|
||||
|
||||
function authorize($key) {
|
||||
$r = $this->access($key);
|
||||
if($r == "rw") {
|
||||
return 2;
|
||||
} else if($r == "r") {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
// FUNCTION: string name(string $column)
|
||||
// Converts a MySQL column name to a more friendly name
|
||||
function name($col)
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@
|
|||
?>
|
||||
|
||||
</td>
|
||||
<td><?php echo ucfirst($row->status); ?></td>
|
||||
<td><?php echo ucfirst($row->status); ?> - <a href="<?php echo site_url('/api/validate/key['.$row->key.']'); ?>">Test</td>
|
||||
</tr>
|
||||
|
||||
<?php } ?>
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue