public static function setPermissionForAccount($id_account, $permissions_to_set) { $ok = true; $sql = 'DELETE FROM `' . _DB_PREFIX_ . 'webservice_permission` WHERE `id_webservice_account` = ' . (int) $id_account; if (!Db::getInstance()->execute($sql)) { $ok = false; } if (isset($permissions_to_set)) { $permissions = array(); $resources = WebserviceRequest::getResources(); $methods = array('GET', 'PUT', 'POST', 'DELETE', 'HEAD'); foreach ($permissions_to_set as $resource_name => $resource_methods) { if (in_array($resource_name, array_keys($resources))) { foreach (array_keys($resource_methods) as $method_name) { if (in_array($method_name, $methods)) { $permissions[] = array($method_name, $resource_name); } } } } $account = new WebserviceKey($id_account); if ($account->deleteAssociations() && $permissions) { $sql = 'INSERT INTO `' . _DB_PREFIX_ . 'webservice_permission` (`id_webservice_permission` ,`resource` ,`method` ,`id_webservice_account`) VALUES '; foreach ($permissions as $permission) { $sql .= '(NULL , \'' . pSQL($permission[1]) . '\', \'' . pSQL($permission[0]) . '\', ' . (int) $id_account . '), '; } $sql = rtrim($sql, ', '); if (!Db::getInstance()->execute($sql)) { $ok = false; } } } return $ok; }
public function renderForm() { $this->fields_form = array('legend' => array('title' => $this->l('Webservice Accounts'), 'icon' => 'icon-lock'), 'input' => array(array('type' => 'textbutton', 'label' => $this->l('Key'), 'name' => 'key', 'id' => 'code', 'required' => true, 'hint' => $this->l('Webservice account key.'), 'button' => array('label' => $this->l('Generate!'), 'attributes' => array('onclick' => 'gencode(32)'))), array('type' => 'textarea', 'label' => $this->l('Key description'), 'name' => 'description', 'rows' => 3, 'cols' => 110, 'hint' => $this->l('Quick description of the key: who it is for, what permissions it has, etc.')), array('type' => 'switch', 'label' => $this->l('Status'), 'name' => 'active', 'required' => false, 'is_bool' => true, 'values' => array(array('id' => 'active_on', 'value' => 1, 'label' => $this->l('Enabled')), array('id' => 'active_off', 'value' => 0, 'label' => $this->l('Disabled')))), array('type' => 'resources', 'label' => $this->l('Permissions'), 'name' => 'resources'))); if (Shop::isFeatureActive()) { $this->fields_form['input'][] = array('type' => 'shop', 'label' => $this->l('Shop association'), 'name' => 'checkBoxShopAsso'); } $this->fields_form['submit'] = array('title' => $this->l('Save')); if (!($obj = $this->loadObject(true))) { return; } $ressources = WebserviceRequest::getResources(); $permissions = WebserviceKey::getPermissionForAccount($obj->key); $this->tpl_form_vars = array('ressources' => $ressources, 'permissions' => $permissions); return parent::renderForm(); }
public function renderForm() { $this->fields_form = array('legend' => array('title' => $this->l('Webservice Accounts:'), 'image' => '../img/admin/access.png'), 'input' => array(array('type' => 'text', 'label' => $this->l('Key:'), 'name' => 'key', 'id' => 'code', 'size' => 32, 'required' => true, 'desc' => $this->l('Webservice account key')), array('type' => 'textarea', 'label' => $this->l('Key description:'), 'name' => 'description', 'rows' => 3, 'cols' => 110, 'desc' => $this->l('Key description')), array('type' => 'radio', 'label' => $this->l('Status:'), 'name' => 'active', 'required' => false, 'class' => 't', 'is_bool' => true, 'values' => array(array('id' => 'active_on', 'value' => 1, 'label' => $this->l('Enabled')), array('id' => 'active_off', 'value' => 0, 'label' => $this->l('Disabled')))), array('type' => 'resources', 'label' => $this->l('Permissions:'), 'name' => 'resources'))); if (Shop::isFeatureActive()) { $this->fields_form['input'][] = array('type' => 'shop', 'label' => $this->l('Shop association:'), 'name' => 'checkBoxShopAsso'); } $this->fields_form['submit'] = array('title' => $this->l(' Save '), 'class' => 'button'); if (!($obj = $this->loadObject(true))) { return; } $ressources = WebserviceRequest::getResources(); $permissions = WebserviceKey::getPermissionForAccount($obj->key); $this->tpl_form_vars = array('ressources' => $ressources, 'permissions' => $permissions); return parent::renderForm(); }
private function createNewServiceAccount() { $api_key = Tools::strtoupper(md5(time())); $resources = WebserviceRequest::getResources(); $db_instance = Db::getInstance(); $db_instance->insert('webservice_account', array('key' => $api_key, 'active' => '1')); $account_id = $db_instance->Insert_ID(); $shop_id = (int) Context::getContext()->shop->id; $db_instance->insert('webservice_account_shop', array('id_webservice_account' => $account_id, 'id_shop' => $shop_id)); $values = array(array('resource' => 'customers', 'method' => 'PUT', 'id_webservice_account' => $account_id)); foreach (array_keys($resources) as $resource) { $values[] = array('resource' => $resource, 'method' => 'GET', 'id_webservice_account' => $account_id); } $db_instance->insert('webservice_permission', $values); Configuration::updateValue('NEWSLETTER2GO_API_KEY', $api_key); Configuration::updateValue('NEWSLETTER2GO_API_ACCOUNT', $account_id); Configuration::updateValue('PS_WEBSERVICE', 1); return $api_key; }
public function displayForm($isMainTab = true) { global $currentIndex; parent::displayForm(); if (!($obj = $this->loadObject(true))) { return; } echo ' <form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post" enctype="multipart/form-data"> ' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . ' <fieldset><legend><img src="../img/admin/access.png" />' . $this->l('Webservice Accounts') . '</legend> <label>' . $this->l('Key:') . '</label> <div class="margin-form"> <input type="text" size="32" name="key" id="code" value="' . htmlentities(Tools::getValue('key', $obj->key), ENT_COMPAT, 'UTF-8') . '" /> <input type="button" value="' . $this->l(' Generate! ') . '" class="button" onclick="gencode(32)" /> <sup>*</sup> <p class="clear">' . $this->l('Webservice account key') . '</p> </div> <label>' . $this->l('Key description') . '</label> <div class="margin-form"> <textarea rows="3" style="width:400px" name="description">' . htmlentities(Tools::getValue('description', $obj->description), ENT_COMPAT, 'UTF-8') . '</textarea> <p class="clear">' . $this->l('Key description') . '</p> </div> <label>' . $this->l('Status:') . ' </label> <div class="margin-form"> <input type="radio" name="active" id="active_on" value="1" ' . ((!$obj->id or Tools::getValue('active', $obj->active)) ? 'checked="checked" ' : '') . '/> <label class="t" for="active_on"> <img src="../img/admin/enabled.gif" alt="' . $this->l('Enabled') . '" title="' . $this->l('Enabled') . '" /></label> <input type="radio" name="active" id="active_off" value="0" ' . ((!Tools::getValue('active', $obj->active) and $obj->id) ? 'checked="checked" ' : '') . '/> <label class="t" for="active_off"> <img src="../img/admin/disabled.gif" alt="' . $this->l('Disabled') . '" title="' . $this->l('Disabled') . '" /></label> </div> <label>' . $this->l('Permissions:') . ' </label> <div class="margin-form"> <p>' . $this->l('Set the resource permissions for this key:') . '</p> <table border="0" cellspacing="0" cellpadding="0" class="permissions"> <thead> <tr> <th>' . $this->l('Resource') . '</th> <th width="30"></th> <th width="50">' . $this->l('View (GET)') . '</th> <th width="50">' . $this->l('Modify (PUT)') . '</th> <th width="50">' . $this->l('Add (POST)') . '</th> <th width="50">' . $this->l('Delete (DELETE)') . '</th> <th width="50">' . $this->l('Fast view (HEAD)') . '</th> </tr> </thead> <tbody> <tr class="all" style="vertical-align:cen"> <th></th> <th></th> <th><input type="checkbox" class="all_get get " /></th> <th><input type="checkbox" class="all_put put " /></th> <th><input type="checkbox" class="all_post post " /></th> <th><input type="checkbox" class="all_delete delete" /></th> <th><input type="checkbox" class="all_head head" /></th> </tr> '; $ressources = WebserviceRequest::getResources(); $permissions = WebserviceKey::getPermissionForAccount($obj->key); foreach ($ressources as $resourceName => $resource) { echo ' <tr> <th>' . $resourceName . '</th> <th><input type="checkbox" class="all"/></th> <td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('GET', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="get" name="resources[' . $resourceName . '][GET]" ' . (isset($permissions[$resourceName]) && in_array('GET', $permissions[$resourceName]) ? 'checked="checked"' : '') . ' /></td> <td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('PUT', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="put" name="resources[' . $resourceName . '][PUT]" ' . (isset($permissions[$resourceName]) && in_array('PUT', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td> <td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('POST', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="post" name="resources[' . $resourceName . '][POST]" ' . (isset($permissions[$resourceName]) && in_array('POST', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td> <td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('DELETE', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="delete" name="resources[' . $resourceName . '][DELETE]" ' . (isset($permissions[$resourceName]) && in_array('DELETE', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td> <td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('HEAD', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="head" name="resources[' . $resourceName . '][HEAD]" ' . (isset($permissions[$resourceName]) && in_array('HEAD', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td> </tr>'; } echo ' </tbody> </table> <script>'; ?> $(function() { $('table.permissions input.all').click(function() { if($(this).is(':checked')) $(this).parent().parent().find('input.get:not(:checked), input.put:not(:checked), input.post:not(:checked), input.delete:not(:checked), input.head:not(:checked)').click(); else $(this).parent().parent().find('input.get:checked, input.put:checked, input.post:checked, input.delete:checked, input.head:checked').click(); }); $('table.permissions .all_get').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.get:not(:checked)').click(); else $(this).parent().parent().parent().find('input.get:checked').click(); }); $('table.permissions .all_put').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.put:not(:checked)').click(); else $(this).parent().parent().parent().find('input.put:checked').click(); }); $('table.permissions .all_post').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.post:not(:checked)').click(); else $(this).parent().parent().parent().find('input.post:checked').click(); }); $('table.permissions .all_delete').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.delete:not(:checked)').click(); else $(this).parent().parent().parent().find('input.delete:checked').click(); }); $('table.permissions .all_head').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.head:not(:checked)').click(); else $(this).parent().parent().parent().find('input.head:checked').click(); }); }); <?php echo ' </script> </div> <div class="margin-form"> <input type="submit" value="' . $this->l(' Save ') . '" name="submitAdd' . $this->table . '" class="button" /> </div> <div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div> </fieldset> </form>'; }
/** * Check resource validity * * @return boolean */ private function checkResource() { $this->_resourceList = WebserviceRequest::getResources(); $resourceNames = array_keys($this->_resourceList); if ($this->_urlSegment[0] == '') { $this->_resourceConfiguration['objectsNodeName'] = 'resources'; } elseif (in_array($this->_urlSegment[0], $resourceNames)) { if (!in_array($this->_urlSegment[0], array_keys($this->_keyPermissions))) { $this->setError(401, 'Resource of type "' . $this->_urlSegment[0] . '" is not allowed with this authentication key'); return false; } } else { $this->setErrorDidYouMean(400, 'Resource of type "' . $this->_urlSegment[0] . '" does not exists', $this->_urlSegment[0], $resourceNames); return false; } return true; }