diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-01-29 20:38:08 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-01-29 20:38:08 +0000 |
commit | 2f70d58b2243454085035177e4a6ab777a3bf55c (patch) | |
tree | 3df82b9a7ddbb72c9ad8de4357b8cd48111fcd61 /include/ws_functions.inc.php | |
parent | 3b11eb39cf165558132be9b4bd5f3279410d9632 (diff) |
web services: give vincent the calling partner id
git-svn-id: http://piwigo.org/svn/trunk@1768 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/ws_functions.inc.php | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index a202e192e..8cbd74987 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -27,6 +27,30 @@ /**** IMPLEMENTATION OF WEB SERVICE METHODS ***********************************/ /** + * Event handler for method invocation security check. Should return a PwgError + * if the preconditions are not satifsied for method invocation. + */ +function ws_isInvokeAllowed($res, $methodName, $params) +{ + global $conf, $calling_partner_id; + if ( !$conf['ws_access_control']) + { + return $res; // No controls are requested + } + $query = ' +SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." + WHERE `name` = '$calling_partner_id' + AND NOW() <= end; "; + $result = pwg_query($query); + $row = mysql_fetch_assoc($result); + if ( empty($row) ) + { + return new PwgError(403, 'Partner id does not exist'); + } + return $res; +} + +/** * ws_add_controls * returns additionnal controls if requested * usable for 99% of Web Service methods |