public function __isAllowed() { //hardcoded api_key=>role for brevity $roles = array('12345' => 'user', '67890' => 'admin'); if (!isset($_GET['api_key']) || !array_key_exists($_GET['api_key'], $roles)) { return false; } static::$role = $roles[$_GET['api_key']]; Resources::$accessControlFunction = 'AccessControl::verifyAccess'; return static::$requires == static::$role || static::$role == 'admin'; }
public function __isAllowed() { //hardcoded api_key=>role for brevity $roles = array('12345' => 'user', '67890' => 'admin'); $userClass = Defaults::$userIdentifierClass; if (isset($_GET['api_key'])) { if (!array_key_exists($_GET['api_key'], $roles)) { $userClass::setCacheIdentifier($_GET['api_key']); return false; } } else { return false; } static::$role = $roles[$_GET['api_key']]; $userClass::setCacheIdentifier(static::$role); Resources::$accessControlFunction = 'AccessControl::verifyAccess'; return static::$requires == static::$role || static::$role == 'admin'; }
$gate_keeper = new GateKeeper(); $gate_keeper->assertAccess(UserManager::instance()->getCurrentUser()); } catch (Exception $exception) { header("HTTP/1.0 403 Forbidden"); $GLOBALS['Response']->sendJSON(array('error' => $exception->getMessage())); die; } preg_match('/^\\/api\\/v(\\d+)\\//', $_SERVER['REQUEST_URI'], $matches); $version = floor(file_get_contents(__DIR__ . '/VERSION')); if ($matches && isset($matches[1]) && $matches[1] == 2) { $version = 2; } // Do not put .json at the end of the resource Resources::$useFormatAsExtension = false; //Do not hide the API Resources::$hideProtected = false; // Use /api/v1/projects uri Defaults::$useUrlBasedVersioning = true; if (ForgeConfig::get('DEBUG_MODE')) { $restler = new Restler(false, true); } else { $restler = new Restler(); } $restler->setAPIVersion($version); $restler->setSupportedFormats('JsonFormat', 'XmlFormat'); $core_resources_injector = new Tuleap\REST\ResourcesInjector(); $core_resources_injector->populate($restler); switch ($version) { case 2: $event = Event::REST_RESOURCES_V2; break;
/** * Check access * * @return bool * @throws RestException */ public function __isAllowed() { global $db; $stored_key = ''; $userClass = Defaults::$userIdentifierClass; if (isset($_GET['api_key'])) { $sql = "SELECT u.login, u.datec, u.api_key, "; $sql .= " u.tms as date_modification, u.entity"; $sql .= " FROM " . MAIN_DB_PREFIX . "user as u"; $sql .= " WHERE u.api_key = '" . $db->escape($_GET['api_key']) . "'"; $result = $db->query($sql); if ($result) { if ($db->num_rows($result)) { $obj = $db->fetch_object($result); $login = $obj->login; $stored_key = $obj->api_key; } } else { throw new RestException(503, 'Error when fetching user api_key :' . $db->error_msg); } if ($stored_key != $_GET['api_key']) { $userClass::setCacheIdentifier($_GET['api_key']); return false; } $fuser = new User($db); if (!$fuser->fetch('', $login)) { throw new RestException(503, 'Error when fetching user :'******'external'; } if ($fuser->admin) { static::$role = 'admin'; } } else { return false; } $userClass::setCacheIdentifier(static::$role); Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess'; return in_array(static::$role, (array) static::$requires) || static::$role == 'admin'; }
<?php require_once '../bootstrap.php'; require_once 'SimpleAuth.php'; use Luracast\Restler\Resources; Resources::$useFormatAsExtension = false; use Luracast\Restler\Restler; $r = new Restler(true, true); $r->addAPIClass('Luracast\\Restler\\Resources'); $r->setSupportedFormats('JsonFormat'); $r->addAuthenticationClass('SimpleAuth'); $r->addAPIClass('User'); $r->addAPIClass('Book'); $r->addAPIClass('Car'); $r->addAPIClass('Ads'); $r->addAPIClass('Clicks'); $r->addAPIClass('Points'); $r->addAPIClass('Plan'); $r->addAPIClass('Mvnos'); $r->addAPIClass('Subscribers'); $r->addAPIClass('Mvno'); $r->addAPIClass('Impression'); $r->handle();