gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add new endpoints for managing roles

Browse Source
This commit is contained in:
Uwe Steinmann 2024-04-23 18:15:14 +02:00
parent 4275072338
commit 0da2308ee3
1 changed files with 101 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
restapi/index.php
View File

@ -170,7 +170,7 @@ class RestapiController { /* {{{ */
'email'=>$u->getEmail(), 'email'=>$u->getEmail(),
'language' => $u->getLanguage(), 'language' => $u->getLanguage(),
'theme' => $u->getTheme(), 'theme' => $u->getTheme(),
'role' => array('id'=>(int)$u->getRole()->getId(), 'name'=>$u->getRole()->getName()), 'role' => $this->__getRoleData($u->getRole()), //array('id'=>(int)$u->getRole()->getId(), 'name'=>$u->getRole()->getName()),
'hidden'=>$u->isHidden() ? true : false, 'hidden'=>$u->isHidden() ? true : false,
'disabled'=>$u->isDisabled() ? true : false, 'disabled'=>$u->isDisabled() ? true : false,
'isguest' => $u->isGuest() ? true : false, 'isguest' => $u->isGuest() ? true : false,
@ -189,6 +189,16 @@ class RestapiController { /* {{{ */
return $data; return $data;
} /* }}} */ } /* }}} */
protected function __getRoleData($r) { /* {{{ */
$data = array(
'type'=>'role',
'id'=>(int)$r->getID(),
'name'=>$r->getName(),
'role'=>$r->getRole()
);
return $data;
} /* }}} */
protected function __getAttributeDefinitionData($attrdef) { /* {{{ */ protected function __getAttributeDefinitionData($attrdef) { /* {{{ */
$data = [ $data = [
'id' => (int)$attrdef->getId(), 'id' => (int)$attrdef->getId(),
@ -1192,7 +1202,7 @@ class RestapiController { /* {{{ */
->withHeader('Content-Description', 'File Transfer') ->withHeader('Content-Description', 'File Transfer')
->withHeader('Content-Transfer-Encoding', 'binary') ->withHeader('Content-Transfer-Encoding', 'binary')
->withHeader('Content-Disposition', 'attachment; filename="' . $filename . '"') ->withHeader('Content-Disposition', 'attachment; filename="' . $filename . '"')
->withHeader('Content-Length', filesize($dms->contentDir . $lc->getPath())) ->withAddedHeader('Content-Length', filesize($dms->contentDir . $lc->getPath()))
->withHeader('Expires', '0') ->withHeader('Expires', '0')
->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0') ->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0')
->withHeader('Pragma', 'no-cache') ->withHeader('Pragma', 'no-cache')
@ -2054,7 +2064,10 @@ class RestapiController { /* {{{ */
$theme = isset($params['theme']) ? $params['theme'] : null; $theme = isset($params['theme']) ? $params['theme'] : null;
$comment = isset($params['comment']) ? $params['comment'] : ''; $comment = isset($params['comment']) ? $params['comment'] : '';
$role = isset($params['role']) ? $params['role'] : 3; $role = isset($params['role']) ? $params['role'] : 3;
$roleobj = $role == 'admin' ? SeedDMS_Core_Role::getInstance(1, $dms) : ($role == 'guest' ? SeedDMS_Core_Role::getInstance(2, $dms) : SeedDMS_Core_Role::getInstance($role, $dms)); $roleobj = $role == 'admin' ? SeedDMS_Core_Role::getInstance(1, $dms) : ($role == 'guest' ? SeedDMS_Core_Role::getInstance(2, $dms) : SeedDMS_Core_Role::getInstance($role, $dms));
if(!$roleobj) {
return $response->withJson(array('success'=>false, 'message'=>'Missing role', 'data'=>''), 400);
}
$newAccount = $dms->addUser($userName, seed_pass_hash($password), $fullname, $email, $language, $theme, $comment, $roleobj); $newAccount = $dms->addUser($userName, seed_pass_hash($password), $fullname, $email, $language, $theme, $comment, $roleobj);
if ($newAccount === false) { if ($newAccount === false) {
@ -2085,7 +2098,8 @@ class RestapiController { /* {{{ */
} /* }}} */ } /* }}} */
/** /**
* Updates the password of an existing Account, the password must be PUT as a md5 string * Updates the password of an existing Account, the password
* will be hashed by this method
* *
* @param <type> $id The user name or numerical identifier * @param <type> $id The user name or numerical identifier
*/ */
@ -2118,7 +2132,7 @@ class RestapiController { /* {{{ */
return; return;
} }
$operation = $account->setPwd($newPassword); $operation = $account->setPwd(seed_pass_hash($newPassword));
if (!$operation){ if (!$operation){
return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change password.'), 404); return $response->withJson(array('success'=>false, 'message'=>'', 'data'=>'Could not change password.'), 404);
@ -2180,6 +2194,69 @@ class RestapiController { /* {{{ */
} }
} /* }}} */ } /* }}} */
function getRoles($request, $response) { /* {{{ */
$dms = $this->container->dms;
$userobj = $this->container->userobj;
$check = $this->checkIfAdmin($request, $response);
if($check !== true)
return $check;
$roles = $dms->getAllRoles();
$data = [];
foreach($roles as $r)
$data[] = $this->__getRoleData($r);
return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
} /* }}} */
function createRole($request, $response) { /* {{{ */
$dms = $this->container->dms;
$userobj = $this->container->userobj;
$check = $this->checkIfAdmin($request, $response);
if($check !== true)
return $check;
$params = $request->getParsedBody();
if (empty($params['name'])) {
return $response->withJson(array('success'=>false, 'message'=>'Need a role name.', 'data'=>''), 400);
}
$roleName = $params['name'];
$roleType = $params['role'];
$newRole = $dms->addRole($roleName, $roleType);
if ($newRole === false) {
return $response->withJson(array('success'=>false, 'message'=>'Role could not be created, maybe it already exists', 'data'=>''), 500);
}
// $result = array('id'=>(int)$newGroup->getID());
return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$this->__getRoleData($newRole)), 201);
} /* }}} */
function getRole($request, $response, $args) { /* {{{ */
$dms = $this->container->dms;
$userobj = $this->container->userobj;
$check = $this->checkIfAdmin($request, $response);
if($check !== true)
return $check;
if(ctype_digit($args['id']))
$role = $dms->getRole($args['id']);
else {
$role = $dms->getRoleByName($args['id']);
}
if($role) {
$data = $this->__getRoleData($role);
$data['users'] = array();
foreach ($role->getUsers() as $user) {
$data['users'][] = array('id' => (int)$user->getID(), 'login' => $user->getLogin());
}
return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200);
} else {
return $response->withJson(array('success'=>false, 'message'=>'No such role', 'data'=>''), 404);
}
} /* }}} */
function getGroups($request, $response) { /* {{{ */ function getGroups($request, $response) { /* {{{ */
$dms = $this->container->dms; $dms = $this->container->dms;
$userobj = $this->container->userobj; $userobj = $this->container->userobj;
@ -2768,17 +2845,17 @@ class RestapiAuth { /* {{{ */
$logger->log("Received preflight options request", PEAR_LOG_DEBUG); $logger->log("Received preflight options request", PEAR_LOG_DEBUG);
} elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/' && $request->getUri()->getPath() != 'version') { } elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/' && $request->getUri()->getPath() != 'version') {
$userobj = null; $userobj = null;
if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
$logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG);
if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) { if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) {
if(!($userobj = $dms->getUser($settings->_apiUserId))) { if(!($userobj = $dms->getUser($settings->_apiUserId))) {
return $response->withJson(array('success'=>false, 'message'=>'Invalid user associated with api key', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Invalid user associated with api key', 'data'=>''), 403);
} }
} else { } else {
return $response->withJson(array('success'=>false, 'message'=>'Wrong api key', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Wrong api key', 'data'=>''), 403);
} }
$logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO);
} else { } else {
require_once("../inc/inc.ClassSession.php"); require_once("../inc/inc.ClassSession.php");
$session = new SeedDMS_Session($dms->getDb()); $session = new SeedDMS_Session($dms->getDb());
if (isset($_COOKIE["mydms_session"])) { if (isset($_COOKIE["mydms_session"])) {
@ -2788,7 +2865,7 @@ class RestapiAuth { /* {{{ */
/* Delete Cookie */ /* Delete Cookie */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot);
$logger->log("Session for id '".$dms_session."' has gone", PEAR_LOG_ERR); $logger->log("Session for id '".$dms_session."' has gone", PEAR_LOG_ERR);
return $response->withJson(array('success'=>false, 'message'=>'Session has gone', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Session has gone', 'data'=>''), 403);
} }
/* Load user data */ /* Load user data */
@ -2798,20 +2875,20 @@ class RestapiAuth { /* {{{ */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot);
if($settings->_enableGuestLogin) { if($settings->_enableGuestLogin) {
if(!($userobj = $dms->getUser($settings->_guestID))) if(!($userobj = $dms->getUser($settings->_guestID)))
return $response->withJson(array('success'=>false, 'message'=>'Could not get guest login', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Could not get guest login', 'data'=>''), 403);
} else } else
return $response->withJson(array('success'=>false, 'message'=>'Login as guest disabled', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Login as guest disabled', 'data'=>''), 403);
} }
if($userobj->isAdmin()) { if($userobj->isAdmin()) {
if($resArr["su"]) { if($resArr["su"]) {
if(!($userobj = $dms->getUser($resArr["su"]))) if(!($userobj = $dms->getUser($resArr["su"])))
return $response->withJson(array('success'=>false, 'message'=>'Cannot substitute user', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Cannot substitute user', 'data'=>''), 403);
} }
} }
// $logger->log("Login with user name '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); // $logger->log("Login with user name '".$userobj->getLogin()."' successful", PEAR_LOG_INFO);
$dms->setUser($userobj); $dms->setUser($userobj);
} else { } else {
return $response->withJson(array('success'=>false, 'message'=>'Missing session cookie', 'data'=>''), 403); return $response->withJson(array('success'=>false, 'message'=>'Missing session cookie', 'data'=>''), 403);
} }
} }
$this->container['userobj'] = $userobj; $this->container['userobj'] = $userobj;
@ -2905,6 +2982,9 @@ $app->post('/users', \RestapiController::class.':createUser');
$app->get('/users/{id}', \RestapiController::class.':getUserById'); $app->get('/users/{id}', \RestapiController::class.':getUserById');
$app->put('/users/{id}/disable', \RestapiController::class.':setDisabledUser'); $app->put('/users/{id}/disable', \RestapiController::class.':setDisabledUser');
$app->put('/users/{id}/password', \RestapiController::class.':changeUserPassword'); $app->put('/users/{id}/password', \RestapiController::class.':changeUserPassword');
$app->get('/roles', \RestapiController::class.':getRoles');
$app->post('/roles', \RestapiController::class.':createRole');
$app->get('/roles/{id}', \RestapiController::class.':getRole');
$app->post('/groups', \RestapiController::class.':createGroup'); $app->post('/groups', \RestapiController::class.':createGroup');
$app->get('/groups', \RestapiController::class.':getGroups'); $app->get('/groups', \RestapiController::class.':getGroups');
$app->delete('/groups/{id}', \RestapiController::class.':deleteGroup'); $app->delete('/groups/{id}', \RestapiController::class.':deleteGroup');