/** * Reject RPC methods * @param $what * @return bool */ public static function authorize($what) { /** * Option 1. Use the xfile config passed from index.php */ if (self::$_config) { $data = (array) json_decode(self::$_config); $allowedActions = $data['ALLOWED_ACTIONS']; $intOp = intval(XApp_Service_Entry_Utils::opToInteger($what)); if ($intOp != XC_OPERATION_UNKOWN) { if ($intOp > 0 && $intOp < count($allowedActions)) { //boundary check return $allowedActions[$intOp]; } } } /** * Option 2. Reject via string match if you like */ switch ($what) { case XC_OPERATION_COPY_STR: case XC_OPERATION_MOVE_STR: case XC_OPERATION_DELETE_STR: case XC_OPERATION_READ_STR: case XC_OPERATION_EDIT_STR: case XC_OPERATION_COMPRESS_STR: case XC_OPERATION_RENAME_STR: case XC_OPERATION_DOWNLOAD_STR: case XC_OPERATION_FILE_UPDATE_STR: case XC_OPERATION_NEW_DIRECTORY_STR: case XC_OPERATION_NEW_FILE_STR: case XC_OPERATION_UPLOAD: case XC_OPERATION_DOWNLOAD: case XC_OPERATION_EXTRACT: return true; } return true; }