aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-01-29 20:38:08 +0000
committerrvelices <rv-github@modusoptimus.com>2007-01-29 20:38:08 +0000
commit2f70d58b2243454085035177e4a6ab777a3bf55c (patch)
tree3df82b9a7ddbb72c9ad8de4357b8cd48111fcd61
parent3b11eb39cf165558132be9b4bd5f3279410d9632 (diff)
web services: give vincent the calling partner id
git-svn-id: http://piwigo.org/svn/trunk@1768 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/ws_core.inc.php7
-rw-r--r--include/ws_functions.inc.php24
-rw-r--r--include/ws_protocols/rest_handler.php12
-rw-r--r--ws.php13
4 files changed, 47 insertions, 9 deletions
diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php
index 61c94b295..77f79388c 100644
--- a/include/ws_core.inc.php
+++ b/include/ws_core.inc.php
@@ -563,8 +563,11 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
{
return new PwgError(WS_ERR_MISSING_PARAM, 'Missing parameters: '.implode(',',$missing_params));
}
-
- $result = call_user_func_array($callback, array($params, &$this) );
+ $result = trigger_event('ws_invoke_allowed', true, $methodName, $params);
+ if ( strtolower( get_class($result) )!='pwgerror')
+ {
+ $result = call_user_func_array($callback, array($params, &$this) );
+ }
return $result;
}
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index a202e192e..8cbd74987 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -27,6 +27,30 @@
/**** IMPLEMENTATION OF WEB SERVICE METHODS ***********************************/
/**
+ * Event handler for method invocation security check. Should return a PwgError
+ * if the preconditions are not satifsied for method invocation.
+ */
+function ws_isInvokeAllowed($res, $methodName, $params)
+{
+ global $conf, $calling_partner_id;
+ if ( !$conf['ws_access_control'])
+ {
+ return $res; // No controls are requested
+ }
+ $query = '
+SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
+ WHERE `name` = '$calling_partner_id'
+ AND NOW() <= end; ";
+ $result = pwg_query($query);
+ $row = mysql_fetch_assoc($result);
+ if ( empty($row) )
+ {
+ return new PwgError(403, 'Partner id does not exist');
+ }
+ return $res;
+}
+
+/**
* ws_add_controls
* returns additionnal controls if requested
* usable for 99% of Web Service methods
diff --git a/include/ws_protocols/rest_handler.php b/include/ws_protocols/rest_handler.php
index 184fc205a..1642c3beb 100644
--- a/include/ws_protocols/rest_handler.php
+++ b/include/ws_protocols/rest_handler.php
@@ -4,10 +4,10 @@
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
-// | file : $URL: svn+ssh://rvelices@svn.gna.org/svn/phpwebgallery/trunk/action.php $
-// | last update : $Date: 2006-12-21 18:49:12 -0500 (Thu, 21 Dec 2006) $
-// | last modifier : $Author: rvelices $
-// | revision : $Rev: 1678 $
+// | file : $Id$
+// | last update : $Date$
+// | last modifier : $Author$
+// | revision : $Rev$
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
@@ -33,8 +33,8 @@ class PwgRestRequestHandler
$param_array = $service->isPost() ? $_POST : $_GET;
foreach ($param_array as $name => $value)
{
- if ($name=='format')
- continue;
+ if ($name=='format' or $name=='partner')
+ continue; // ignore - special keys
if ($name=='method')
{
$method = $value;
diff --git a/ws.php b/ws.php
index 5fb35dc61..2b5d636f4 100644
--- a/ws.php
+++ b/ws.php
@@ -29,6 +29,9 @@ define ('PHPWG_ROOT_PATH', './');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
+/**
+ * event handler that registers standard methods with the web service
+ */
function ws_addDefaultMethods( $arr )
{
include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php');
@@ -106,11 +109,19 @@ function ws_addDefaultMethods( $arr )
);
}
-add_event_handler('ws_add_methods', 'ws_addDefaultMethods' );
+add_event_handler('ws_add_methods', 'ws_addDefaultMethods');
+
+add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
+
+$calling_partner_id = '';
$requestFormat = null;
$responseFormat = null;
+if ( isset($_GET['partner']) )
+{
+ $calling_partner_id = $_GET['partner'];
+}
if ( isset($_GET['format']) )
{
$responseFormat = $_GET['format'];