From d6211432ec2144b877e16c36c1f8ea202bb8daae Mon Sep 17 00:00:00 2001 From: mistic100 Date: Thu, 24 Oct 2013 10:01:35 +0000 Subject: two new options for API methods : 'admin_only' and 'post_only' git-svn-id: http://piwigo.org/svn/trunk@25115 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/ws_core.inc.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'include/ws_core.inc.php') diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php index 3bb69a828..704e383ea 100644 --- a/include/ws_core.inc.php +++ b/include/ws_core.inc.php @@ -324,7 +324,9 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF * @param description string - a description of the method. * @param include_file string - a file to be included befaore the callback is executed * @param options array - * @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList + * @option bool hidden (optional) - if true, this method won't be visible by reflection.getMethodList + * @option bool admin_only (optional) + * @option bool post_only (optional) */ function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array()) { @@ -388,7 +390,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF return isset($signature) ? $signature : array(); } - /*static*/ function isPost() + static function isPost() { return isset($HTTP_RAW_POST_DATA) or !empty($_POST); } @@ -510,6 +512,16 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF { return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid'); } + + if ( isset($method['options']['post_only']) and $method['options']['post_only'] and !self::isPost() ) + { + return new PwgError(405, 'This method requires HTTP POST'); + } + + if ( isset($method['options']['admin_only']) and $method['options']['admin_only'] and !is_admin() ) + { + return new PwgError(401, 'Access denied'); + } // parameter check and data correction $signature = $method['signature']; -- cgit v1.2.3