web services: give vincent the calling partner id

git-svn-id: http://piwigo.org/svn/trunk@1768 68402e56-0260-453c-a942-63ccdbb3a9ee
2025-04-28 04:09:56 +03:00 · 2007-01-29 20:38:08 +00:00 · 2007-01-29 20:38:08 +00:00 · 2f70d58b22
commit 2f70d58b22
parent 3b11eb39cf
4 changed files with 47 additions and 9 deletions
--- a/include/ws_core.inc.php
+++ b/include/ws_core.inc.php
@ -563,8 +563,11 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
    {
      return new PwgError(WS_ERR_MISSING_PARAM, 'Missing parameters: '.implode(',',$missing_params));
    }
-
+    $result = trigger_event('ws_invoke_allowed', true, $methodName, $params);
+    if ( strtolower( get_class($result) )!='pwgerror')
+    {
      $result = call_user_func_array($callback, array($params, &$this) );
+    }
    return $result;
  }

--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@ -26,6 +26,30 @@

 /**** IMPLEMENTATION OF WEB SERVICE METHODS ***********************************/

+/**
+ * Event handler for method invocation security check. Should return a PwgError
+ * if the preconditions are not satifsied for method invocation.
+ */
+function ws_isInvokeAllowed($res, $methodName, $params)
+{
+  global $conf, $calling_partner_id;
+  if ( !$conf['ws_access_control'])
+  {
+    return $res; // No controls are requested
+  }
+  $query = '
+SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."
+ WHERE `name` = '$calling_partner_id'
+   AND NOW() <= end; ";
+  $result = pwg_query($query);
+  $row = mysql_fetch_assoc($result);
+  if ( empty($row) )
+  {
+    return new PwgError(403, 'Partner id does not exist');
+  }
+  return $res;
+}
+
 /**
 * ws_add_controls 
 * returns additionnal controls if requested
--- a/include/ws_protocols/rest_handler.php
+++ b/include/ws_protocols/rest_handler.php
@ -4,10 +4,10 @@
 // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
-// | file          : $URL: svn+ssh://rvelices@svn.gna.org/svn/phpwebgallery/trunk/action.php $
-// | last update   : $Date: 2006-12-21 18:49:12 -0500 (Thu, 21 Dec 2006) $
-// | last modifier : $Author: rvelices $
-// | revision      : $Rev: 1678 $
+// | file          : $Id$
+// | last update   : $Date$
+// | last modifier : $Author$
+// | revision      : $Rev$
 // +-----------------------------------------------------------------------+
 // | This program is free software; you can redistribute it and/or modify  |
 // | it under the terms of the GNU General Public License as published by  |
@ -33,8 +33,8 @@ class PwgRestRequestHandler
    $param_array = $service->isPost() ? $_POST : $_GET;
    foreach ($param_array as $name => $value)
    {
-      if ($name=='format')
-        continue;
+      if ($name=='format' or $name=='partner')
+        continue; // ignore - special keys
      if ($name=='method')
      {
        $method = $value;
--- a/ws.php
+++ b/ws.php
@ -29,6 +29,9 @@ define ('PHPWG_ROOT_PATH', './');
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');

+/**
+ * event handler that registers standard methods with the web service
+ */
 function ws_addDefaultMethods( $arr )
 {
  include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php');
@ -108,9 +111,17 @@ function ws_addDefaultMethods( $arr )

 add_event_handler('ws_add_methods', 'ws_addDefaultMethods');

+
+add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
+
+$calling_partner_id = '';
 $requestFormat = null;
 $responseFormat = null;

+if ( isset($_GET['partner']) )
+{
+  $calling_partner_id = $_GET['partner'];
+}
 if ( isset($_GET['format']) )
 {
  $responseFormat = $_GET['format'];