diff options
| author | mistic100 <mistic@piwigo.org> | 2013-10-24 10:01:35 +0000 |
|---|---|---|
| committer | mistic100 <mistic@piwigo.org> | 2013-10-24 10:01:35 +0000 |
| commit | d6211432ec2144b877e16c36c1f8ea202bb8daae (patch) | |
| tree | 8f3404bbc5299ec8d32982086fce57d60d41201f /include/ws_functions.inc.php | |
| parent | e7fafb73a150f45a26e80ef5b5edc418c2ad6735 (diff) | |
two new options for API methods : 'admin_only' and 'post_only'
git-svn-id: http://piwigo.org/svn/trunk@25115 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | include/ws_functions.inc.php | 188 |
1 files changed, 0 insertions, 188 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index d2a920772..55bd60863 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -208,11 +208,6 @@ function ws_std_get_tag_xml_attributes() function ws_getMissingDerivatives($params, $service) { - if (!is_admin()) - { - return new PwgError(403, 'Forbidden'); - } - if ( empty($params['types']) ) { $types = array_keys(ImageStdParams::get_defined_type_map()); @@ -319,11 +314,6 @@ function ws_getVersion($params, $service) */ function ws_getInfos($params, $service) { - if (!is_admin()) - { - return new PwgError(403, 'Forbidden'); - } - $infos['version'] = PHPWG_VERSION; $query = 'SELECT COUNT(*) FROM '.IMAGES_TABLE.';'; @@ -383,10 +373,6 @@ function ws_getInfos($params, $service) function ws_caddie_add($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } global $user; $query = ' SELECT id @@ -880,11 +866,6 @@ SELECT id, path, representative_ext */ function ws_categories_getAdminList($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - $query = ' SELECT category_id, @@ -948,11 +929,6 @@ SELECT */ function ws_images_addComment($params, $service) { - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - $query = ' SELECT DISTINCT image_id FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id @@ -1294,14 +1270,6 @@ SELECT * FROM '.IMAGES_TABLE.' function ws_images_setPrivacyLevel($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } global $conf; if ( !in_array($params['level'], $conf['available_permission_levels']) ) { @@ -1324,16 +1292,6 @@ UPDATE '.IMAGES_TABLE.' function ws_images_setRank($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - // does the image really exist? $query=' SELECT COUNT(*) @@ -1418,16 +1376,6 @@ function ws_images_add_chunk($params, $service) // type {thumb, file, high} // position - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - foreach ($params as $param_key => $param_value) { if ('data' == $param_key) { continue; @@ -1576,10 +1524,6 @@ function ws_images_addFile($params, $service) // sum -> not used currently (Piwigo 2.4) global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } // // what is the path and other infos about the photo? @@ -1662,10 +1606,6 @@ SELECT function ws_images_add($params, $service) { global $conf, $user; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } foreach ($params as $param_key => $param_value) { ws_logfile( @@ -1816,15 +1756,6 @@ SELECT id, name, permalink function ws_images_addSimple($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } if (!isset($_FILES['image'])) { @@ -1938,18 +1869,6 @@ SELECT id, name, permalink function ws_rates_delete($params, $service) { - global $conf; - - if (!$service->isPost()) - { - return new PwgError(405, 'This method requires HTTP POST'); - } - - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - $query = ' DELETE FROM '.RATE_TABLE.' WHERE user_id='.$params['user_id']; @@ -1974,12 +1893,6 @@ DELETE FROM '.RATE_TABLE.' */ function ws_session_login($params, $service) { - global $conf; - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } if (try_log_user($params['username'], $params['password'],false)) { return true; @@ -2056,11 +1969,6 @@ function ws_tags_getList($params, $service) */ function ws_tags_getAdminList($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - $tags = get_all_tags(); return array( 'tags' => new PwgNamedArray( @@ -2228,11 +2136,6 @@ function ws_categories_add($params, $service) function ws_tags_add($params, $service) { - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $creation_output = create_tag($params['name']); @@ -2251,11 +2154,6 @@ function ws_images_exist($params, $service) global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - $split_pattern = '/[\s,;\|]/'; if ('md5sum' == $conf['uniqueness_mode']) @@ -2328,11 +2226,6 @@ function ws_images_checkFiles($params, $service) { ws_logfile(__FUNCTION__.', input : '.var_export($params, true)); - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - // input parameters // // image_id @@ -2394,15 +2287,6 @@ SELECT function ws_images_setInfo($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); @@ -2534,15 +2418,6 @@ SELECT * function ws_images_delete($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } if (get_pwg_token() != $params['pwg_token']) { @@ -2726,15 +2601,6 @@ SELECT function ws_categories_setInfo($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } // category_id // name @@ -2774,16 +2640,6 @@ function ws_categories_setRepresentative($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - // category_id // image_id @@ -2831,15 +2687,6 @@ UPDATE '.USER_CACHE_CATEGORIES_TABLE.' function ws_categories_delete($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } if (get_pwg_token() != $params['pwg_token']) { @@ -2903,16 +2750,6 @@ function ws_categories_move($params, $service) { global $conf, $page; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); @@ -3035,11 +2872,6 @@ function ws_images_checkUpload($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); $ret['message'] = ready_for_upload_message(); $ret['ready_for_upload'] = true; @@ -3056,11 +2888,6 @@ function ws_plugins_getList($params, $service) { global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); $plugins = new plugins(); $plugins->sort_fs_plugins('name'); @@ -3094,11 +2921,6 @@ function ws_plugins_performAction($params, &$service) { global $template; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); @@ -3128,11 +2950,6 @@ function ws_themes_performAction($params, $service) { global $template; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); @@ -3305,11 +3122,6 @@ function ws_extensions_checkupdates($params, $service) include_once(PHPWG_ROOT_PATH.'admin/include/updates.class.php'); $update = new updates(); - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - $result = array(); if (!isset($_SESSION['need_update'])) |