Пример #1
0
 public function __isAllowed()
 {
     //hardcoded api_key=>role for brevity
     $roles = array('12345' => 'user', '67890' => 'admin');
     if (!isset($_GET['api_key']) || !array_key_exists($_GET['api_key'], $roles)) {
         return false;
     }
     static::$role = $roles[$_GET['api_key']];
     Resources::$accessControlFunction = 'AccessControl::verifyAccess';
     return static::$requires == static::$role || static::$role == 'admin';
 }
Пример #2
0
 public function __isAllowed()
 {
     //hardcoded api_key=>role for brevity
     $roles = array('12345' => 'user', '67890' => 'admin');
     $userClass = Defaults::$userIdentifierClass;
     if (isset($_GET['api_key'])) {
         if (!array_key_exists($_GET['api_key'], $roles)) {
             $userClass::setCacheIdentifier($_GET['api_key']);
             return false;
         }
     } else {
         return false;
     }
     static::$role = $roles[$_GET['api_key']];
     $userClass::setCacheIdentifier(static::$role);
     Resources::$accessControlFunction = 'AccessControl::verifyAccess';
     return static::$requires == static::$role || static::$role == 'admin';
 }
Пример #3
0
    $gate_keeper = new GateKeeper();
    $gate_keeper->assertAccess(UserManager::instance()->getCurrentUser());
} catch (Exception $exception) {
    header("HTTP/1.0 403 Forbidden");
    $GLOBALS['Response']->sendJSON(array('error' => $exception->getMessage()));
    die;
}
preg_match('/^\\/api\\/v(\\d+)\\//', $_SERVER['REQUEST_URI'], $matches);
$version = floor(file_get_contents(__DIR__ . '/VERSION'));
if ($matches && isset($matches[1]) && $matches[1] == 2) {
    $version = 2;
}
// Do not put .json at the end of the resource
Resources::$useFormatAsExtension = false;
//Do not hide the API
Resources::$hideProtected = false;
// Use /api/v1/projects uri
Defaults::$useUrlBasedVersioning = true;
if (ForgeConfig::get('DEBUG_MODE')) {
    $restler = new Restler(false, true);
} else {
    $restler = new Restler();
}
$restler->setAPIVersion($version);
$restler->setSupportedFormats('JsonFormat', 'XmlFormat');
$core_resources_injector = new Tuleap\REST\ResourcesInjector();
$core_resources_injector->populate($restler);
switch ($version) {
    case 2:
        $event = Event::REST_RESOURCES_V2;
        break;
Пример #4
0
 /**
  * Check access
  *
  * @return bool
  * @throws RestException
  */
 public function __isAllowed()
 {
     global $db;
     $stored_key = '';
     $userClass = Defaults::$userIdentifierClass;
     if (isset($_GET['api_key'])) {
         $sql = "SELECT u.login, u.datec, u.api_key, ";
         $sql .= " u.tms as date_modification, u.entity";
         $sql .= " FROM " . MAIN_DB_PREFIX . "user as u";
         $sql .= " WHERE u.api_key = '" . $db->escape($_GET['api_key']) . "'";
         $result = $db->query($sql);
         if ($result) {
             if ($db->num_rows($result)) {
                 $obj = $db->fetch_object($result);
                 $login = $obj->login;
                 $stored_key = $obj->api_key;
             }
         } else {
             throw new RestException(503, 'Error when fetching user api_key :' . $db->error_msg);
         }
         if ($stored_key != $_GET['api_key']) {
             $userClass::setCacheIdentifier($_GET['api_key']);
             return false;
         }
         $fuser = new User($db);
         if (!$fuser->fetch('', $login)) {
             throw new RestException(503, 'Error when fetching user :'******'external';
         }
         if ($fuser->admin) {
             static::$role = 'admin';
         }
     } else {
         return false;
     }
     $userClass::setCacheIdentifier(static::$role);
     Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
     return in_array(static::$role, (array) static::$requires) || static::$role == 'admin';
 }
Пример #5
0
<?php

require_once '../bootstrap.php';
require_once 'SimpleAuth.php';
use Luracast\Restler\Resources;
Resources::$useFormatAsExtension = false;
use Luracast\Restler\Restler;
$r = new Restler(true, true);
$r->addAPIClass('Luracast\\Restler\\Resources');
$r->setSupportedFormats('JsonFormat');
$r->addAuthenticationClass('SimpleAuth');
$r->addAPIClass('User');
$r->addAPIClass('Book');
$r->addAPIClass('Car');
$r->addAPIClass('Ads');
$r->addAPIClass('Clicks');
$r->addAPIClass('Points');
$r->addAPIClass('Plan');
$r->addAPIClass('Mvnos');
$r->addAPIClass('Subscribers');
$r->addAPIClass('Mvno');
$r->addAPIClass('Impression');
$r->handle();