Skip to content
Snippets Groups Projects
Select Git revision
  • d62d7a2fc7a088251c71bfa9ec4cda01cc531cb6
  • 3.9 default
  • develop
  • 6.0
  • 5.0
  • 4.0
  • scrutinizer-patch-4
  • scrutinizer-patch-3
  • scrutinizer-patch-2
  • scrutinizer-patch-1
  • 3.7
  • 3.8
  • 3.6
  • 3.9_backported
  • 3.8_backported
  • 3.7_backported
  • 3.5
  • 3.6_backported
  • 3.5_backported
  • 3.4
  • 3.3_backported
  • 6.0.4
  • 6.0.3
  • 5.0.7
  • 6.0.2
  • 6.0.1
  • 5.0.6
  • 6.0.0
  • 5.0.5
  • 6.0.0-rc
  • 5.0.4
  • 6.0.0-beta
  • 5.0.3
  • 4.0.6
  • 5.0.2
  • 5.0.1
  • 4.0.5
  • 5.0.0
  • 4.0.4
  • 5.0.0-rc2
  • 5.0.0-rc1
41 results

api_access.class.php

Blame
    • user avatar
    PHPCS again
    Jean-François Ferry authored
    d62d7a2f
    History
    user avatar d62d7a2f
    History
    api_access.class.php 3.25 KiB 
    <?php
/* Copyright (C) 2015   Jean-François Ferry     <jfefe@aternatik.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

use \Luracast\Restler\iAuthenticate;
use \Luracast\Restler\Resources;
use \Luracast\Restler\Defaults;
use Luracast\Restler\RestException;


/**
 * Dolibarr API access class
 *
 */
class DolibarrApiAccess implements iAuthenticate
{
	const REALM = 'Restricted Dolibarr API';
	
	/**
	 * @var array $requires	role required by API method		user / external / admin	
	 */
	public static $requires = array('user','external','admin');
	
	/**
	 * @var string $role		user role
	 */
    public static $role = 'user';
	
	/**
	 * @var User		$user	Loggued user 
	 */
	public static $user = '';
	 
	
	/**
	 * Check access
	 * 
	 * @return boolean
	 */
	public function __isAllowed()
    {
		global $db;

		$stored_key = '';
		
		$userClass = Defaults::$userIdentifierClass;
				
		if (isset($_GET['api_key'])) {
			$sql = "SELECT u.login, u.datec, u.api_key, ";
			$sql.= " u.tms as date_modification, u.entity";
			$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
			$sql.= " WHERE u.api_key = '".$db->escape($_GET['api_key'])."'";
	
			if ($db->query($sql))
			{
				if ($db->num_rows($result))
				{
    					$obj = $db->fetch_object($result);
					$login = $obj->login;
					$stored_key = $obj->api_key;
				}
			}
			else {
				throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg);
			}

			if ( $stored_key != $_GET['api_key']) {
				$userClass::setCacheIdentifier($_GET['api_key']);
				return false;
			}
			
			$fuser = new User($db);
			if(! $fuser->fetch('',$login)) {
				throw new RestException(503, 'Error when fetching user :'.$fuser->error);
			}
			$fuser->getrights();
			static::$user = $fuser;
			
			if($fuser->societe_id)
				static::$role = 'external';
			
			if($fuser->admin)
				static::$role = 'admin';
        }
		else
		{
			return false;
		}

        $userClass::setCacheIdentifier(static::$role);
        Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
        return in_array(static::$role, (array) static::$requires) || static::$role == 'admin';
	}
	
	public function __getWWWAuthenticateString()
    {
        return '';
    }
	
	/**
     * Verify access
     * 
     * @param   array   $m   Properties of method 
     * 
     * @access private
     */
    public static function verifyAccess(array $m)
    {
        $requires = isset($m['class']['DolibarrApiAccess']['properties']['requires'])
                ? $m['class']['DolibarrApiAccess']['properties']['requires']
                : false;
		
		
        return $requires
            ? static::$role == 'admin' || in_array(static::$role, (array) $requires)
            : true;
		
    }
}