function api_methods_can_view_method(&$method, $viewer_id = 0)
{
$see_all = auth_has_role("admin", $viewer_id) ? 1 : 0;
$see_undocumented = auth_has_role_any(array("admin", "api"), $viewer_id) ? 1 : 0;
if (!$method['enabled'] && !$see_all) {
return 0;
}
if (is_array($method['documented_if'])) {
$required = $method['documented_if'];
if (!in_array("admin", $required)) {
$required[] = "admin";
}
if (!auth_has_role_any($required, $viewer_id)) {
return 0;
}
} else {
if (!$method['documented'] && !$see_all) {
return 0;
} else {
}
}
return 1;
}
function api_config_ensure_roles(&$method, &$key, &$token)
{
$roles_map = api_keys_roles_map();
if (is_array($method['requires_key_role'])) {
$role_id = $key['role_id'];
$role = $roles_map[$role_id];
if (!in_array($role, $method['requires_key_role'])) {
api_output_error(403, "Insufficient permissions for API key");
}
} elseif (isset($method['requires_key_role'])) {
api_output_error(403, "Insufficient permissions for API key (because the server is misconfigured)");
} else {
}
if (is_array($method['requires_user_role'])) {
if (!auth_has_role_any($method['requires_user_role'], $token['user_id'])) {
api_output_error(403, "Insufficient permissions for API key");
}
} else {
if (isset($method['requires_user_role'])) {
api_output_error(403, "Insufficient permissions for API key (because the server is misconfigured)");
} else {
}
}
return 1;
}
