$app->post("/{$v}/hash/?", function () use($app) {
if (!(isset($_POST['password']) && !empty($_POST['password']))) {
return JsonView::render(array('success' => false, 'message' => 'Must provide password.'));
}
$salt = isset($_POST['salt']) && !empty($_POST['salt']) ? $_POST['salt'] : '';
$hashedPassword = Auth::hashPassword($_POST['password'], $salt);
return JsonView::render(array('success' => true, 'password' => $hashedPassword));
});
$app->get("/{$v}/privileges/:groupId/", function ($groupId) use($acl, $ZendDb, $params, $requestPayload, $app) {
$currentUser = Auth::getUserRecord();
$myGroupId = $currentUser['group'];
if ($myGroupId != 1) {
throw new Exception('Permission denied');
}
$privileges = new DirectusPrivilegesTableGateway($acl, $ZendDb);
$response = $privileges->fetchPerTable($groupId);
return JsonView::render($response);
});
$app->map("/{$v}/privileges/:groupId/?", function ($groupId) use($acl, $ZendDb, $params, $requestPayload, $app) {
$currentUser = Auth::getUserRecord();
$myGroupId = $currentUser['group'];
if ($myGroupId != 1) {
throw new Exception('Permission denied');
}
if (isset($requestPayload['addTable'])) {
$isTableNameAlphanumeric = preg_match("/[a-z0-9]+/i", $requestPayload['table_name']);
$zeroOrMoreUnderscoresDashes = preg_match("/[_-]*/i", $requestPayload['table_name']);
if (!($isTableNameAlphanumeric && $zeroOrMoreUnderscoresDashes)) {
$app->response->setStatus(400);
return JsonView::render(array('message' => 'Invalid table name'));
}
// default random string length
$length = 32;
if (array_key_exists('length', $_POST)) {
$length = (int) $_POST['length'];
}
$randomString = StringUtils::randomString($length);
return JsonView::render(['random' => $randomString]);
});
$app->get("/{$v}/privileges/:groupId(/:tableName)/?", function ($groupId, $tableName = null) use($acl, $ZendDb, $params, $requestPayload, $app) {
$currentUser = Auth::getUserRecord();
$myGroupId = $currentUser['group'];
if ($myGroupId != 1) {
throw new Exception(__t('permission_denied'));
}
$privileges = new DirectusPrivilegesTableGateway($acl, $ZendDb);
$response = $privileges->fetchPerTable($groupId, $tableName);
if (!$response) {
$app->response()->setStatus(404);
$response = ['message' => __t('unable_to_find_privileges_for_x_in_group_x', ['table' => $tableName, 'group_id' => $groupId]), 'success' => false];
}
return JsonView::render($response);
});
$app->map("/{$v}/privileges/:groupId/?", function ($groupId) use($acl, $ZendDb, $params, $requestPayload, $app) {
$currentUser = Auth::getUserRecord();
$myGroupId = $currentUser['group'];
if ($myGroupId != 1) {
throw new Exception(__t('permission_denied'));
}
if (isset($requestPayload['addTable'])) {
$isTableNameAlphanumeric = preg_match("/[a-z0-9]+/i", $requestPayload['table_name']);
$zeroOrMoreUnderscoresDashes = preg_match("/[_-]*/i", $requestPayload['table_name']);
