public static function check_permission($required) { global $ticket; if ($ticket && auth::check_ticket($ticket, auth::get_seed())) { list($uname, $role, $timestamp, $md5str) = explode(':', $ticket); } else { $role = ROLE_ANONYMOUS; } if ($role > $required) { /*1为最大角色,其它权限依数字越大,权限越小*/ throw new ForbiddenException('permission denied'); } }
array_push($ret, $params[$arg_name]); } else { if ($func_args[$i]->isOptional() || $func_args[$i]->isDefaultValueAvailable()) { continue; } else { //echo "check_method_params 2:$arg_name\n"; return null; } } } return $ret; } /*check the ticket*/ $ticket = isset($_COOKIE["ticket"]) ? $_COOKIE["ticket"] : null; $resobj = new response(); if ($ticket && !auth::check_ticket($ticket)) { $resobj->set(array('code' => 403, 'body' => "ticket invalid!")); goto RES_CLIENT; } /*extract a clean and standard path like /rest/xxx/xxx/xxx*/ function filter_path() { $path = preg_replace('/\\|\\\\|\\/\\//', '/', $_SERVER["REQUEST_URI"]); $path = preg_replace('/\\?[^\\/]*$/', '', $path); $path = preg_replace('/\\/$/', '', $path); return $path; } /*find the api handler method*/ $handler = find_handler(filter_path()); if ($handler) { $params = check_method_params($handler['method'], extract_params());