diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-01-29 20:38:08 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-01-29 20:38:08 +0000 |
commit | 2f70d58b2243454085035177e4a6ab777a3bf55c (patch) | |
tree | 3df82b9a7ddbb72c9ad8de4357b8cd48111fcd61 | |
parent | 3b11eb39cf165558132be9b4bd5f3279410d9632 (diff) |
web services: give vincent the calling partner id
git-svn-id: http://piwigo.org/svn/trunk@1768 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/ws_core.inc.php | 7 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 24 | ||||
-rw-r--r-- | include/ws_protocols/rest_handler.php | 12 | ||||
-rw-r--r-- | ws.php | 13 |
4 files changed, 47 insertions, 9 deletions
diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php index 61c94b295..77f79388c 100644 --- a/include/ws_core.inc.php +++ b/include/ws_core.inc.php @@ -563,8 +563,11 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder." { return new PwgError(WS_ERR_MISSING_PARAM, 'Missing parameters: '.implode(',',$missing_params)); } - - $result = call_user_func_array($callback, array($params, &$this) ); + $result = trigger_event('ws_invoke_allowed', true, $methodName, $params); + if ( strtolower( get_class($result) )!='pwgerror') + { + $result = call_user_func_array($callback, array($params, &$this) ); + } return $result; } diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index a202e192e..8cbd74987 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -27,6 +27,30 @@ /**** IMPLEMENTATION OF WEB SERVICE METHODS ***********************************/ /** + * Event handler for method invocation security check. Should return a PwgError + * if the preconditions are not satifsied for method invocation. + */ +function ws_isInvokeAllowed($res, $methodName, $params) +{ + global $conf, $calling_partner_id; + if ( !$conf['ws_access_control']) + { + return $res; // No controls are requested + } + $query = ' +SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." + WHERE `name` = '$calling_partner_id' + AND NOW() <= end; "; + $result = pwg_query($query); + $row = mysql_fetch_assoc($result); + if ( empty($row) ) + { + return new PwgError(403, 'Partner id does not exist'); + } + return $res; +} + +/** * ws_add_controls * returns additionnal controls if requested * usable for 99% of Web Service methods diff --git a/include/ws_protocols/rest_handler.php b/include/ws_protocols/rest_handler.php index 184fc205a..1642c3beb 100644 --- a/include/ws_protocols/rest_handler.php +++ b/include/ws_protocols/rest_handler.php @@ -4,10 +4,10 @@ // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ // | branch : BSF (Best So Far) -// | file : $URL: svn+ssh://rvelices@svn.gna.org/svn/phpwebgallery/trunk/action.php $ -// | last update : $Date: 2006-12-21 18:49:12 -0500 (Thu, 21 Dec 2006) $ -// | last modifier : $Author: rvelices $ -// | revision : $Rev: 1678 $ +// | file : $Id$ +// | last update : $Date$ +// | last modifier : $Author$ +// | revision : $Rev$ // +-----------------------------------------------------------------------+ // | This program is free software; you can redistribute it and/or modify | // | it under the terms of the GNU General Public License as published by | @@ -33,8 +33,8 @@ class PwgRestRequestHandler $param_array = $service->isPost() ? $_POST : $_GET; foreach ($param_array as $name => $value) { - if ($name=='format') - continue; + if ($name=='format' or $name=='partner') + continue; // ignore - special keys if ($name=='method') { $method = $value; @@ -29,6 +29,9 @@ define ('PHPWG_ROOT_PATH', './'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php'); +/** + * event handler that registers standard methods with the web service + */ function ws_addDefaultMethods( $arr ) { include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php'); @@ -106,11 +109,19 @@ function ws_addDefaultMethods( $arr ) ); } -add_event_handler('ws_add_methods', 'ws_addDefaultMethods' ); +add_event_handler('ws_add_methods', 'ws_addDefaultMethods'); + +add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3); + +$calling_partner_id = ''; $requestFormat = null; $responseFormat = null; +if ( isset($_GET['partner']) ) +{ + $calling_partner_id = $_GET['partner']; +} if ( isset($_GET['format']) ) { $responseFormat = $_GET['format']; |