two new options for API methods : 'admin_only' and 'post_only'

git-svn-id: http://piwigo.org/svn/trunk@25115 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 14 insertions, 2 deletions

diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php
index 3bb69a828..704e383ea 100644
--- a/include/ws_core.inc.php
+++ b/include/ws_core.inc.php
@@ -324,7 +324,9 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
    * @param description string - a description of the method.
    * @param include_file string - a file to be included befaore the callback is executed
    * @param options array
-   *    @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList
+   *    @option bool hidden (optional) - if true, this method won't be visible by reflection.getMethodList
+   *    @option bool admin_only (optional)
+   *    @option bool post_only (optional)
    */
   function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array())
   {
@@ -388,7 +390,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
     return isset($signature) ? $signature : array();
   }
 
-  /*static*/ function isPost()
+  static function isPost()
   {
     return isset($HTTP_RAW_POST_DATA) or !empty($_POST);
   }
@@ -510,6 +512,16 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
     {
       return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid');
     }
+    
+    if ( isset($method['options']['post_only']) and $method['options']['post_only'] and !self::isPost() )
+    {
+      return new PwgError(405, 'This method requires HTTP POST');
+    }
+    
+    if ( isset($method['options']['admin_only']) and $method['options']['admin_only'] and !is_admin() )
+    {
+      return new PwgError(401, 'Access denied');
+    }
 
     // parameter check and data correction
     $signature = $method['signature'];