-
-
Save anonymous/d6a315d1f29dc7722b7d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| use \Luracast\Restler\iAuthenticate; | |
| use \Luracast\Restler\Resources; | |
| class AccessControl implements iAuthenticate { | |
| public static $Requires = 'user'; | |
| public static $Role = ''; | |
| public static $Roles = array('guest' => array('access' => 0), | |
| 'user' => array('access' => 1), | |
| 'admin' => array('access' => 2)); | |
| private $PDO; | |
| function __construct() { | |
| $this->PDO = DB::Get(); | |
| } | |
| public function __isAllowed() { | |
| if(filter_has_var(INPUT_GET, 'token')) { | |
| try { | |
| $TokenPrep = $this->PDO->prepare('SELECT | |
| User.Level, | |
| Tokens.* | |
| FROM | |
| User, | |
| Tokens | |
| WHERE | |
| Tokens.UserKey = User.ID | |
| AND | |
| Tokens.Token = :Token | |
| AND | |
| (Tokens.Expire > :Expire | |
| OR | |
| Tokens.Expire = 0)'); | |
| $TokenPrep->execute(array(':Token' => $_GET['token'], | |
| ':Expire' => time())); | |
| $TokenRes = $TokenPrep->fetch(); | |
| } | |
| catch(PDOException $e) { | |
| throw new RestException(400, 'MySQL: '.$e->getMessage()); | |
| } | |
| if(is_array($TokenRes)) { | |
| try { | |
| $TokenPrep = $this->PDO->prepare('UPDATE | |
| Tokens | |
| SET | |
| Active = :Active, | |
| Address = :Address | |
| WHERE | |
| Token = :Token'); | |
| $TokenPrep->execute(array(':Active' => time(), | |
| ':Address' => $_SERVER['REMOTE_ADDR'], | |
| ':Token' => $_GET['token'])); | |
| } | |
| catch(PDOException $e) { | |
| throw new RestException(400, 'MySQL: '.$e->getMessage()); | |
| } | |
| static::$Role = $TokenRes['Level']; | |
| } | |
| else { | |
| return FALSE; | |
| } | |
| } | |
| else { | |
| return FALSE; | |
| } | |
| Resources::$accessControlFunction = 'AccessControl::verifyAccess'; | |
| echo 'User role is: '.static::$Role.' ('.static::$Roles[static::$Role]['access'].')'."\n"; | |
| echo 'Required role is: '.static::$Requires.' ('.static::$Roles[static::$Requires]['access'].')'."\n\n"; | |
| if(static::$Roles[static::$Role]['access'] >= static::$Roles[static::$Requires]['access']) { | |
| return TRUE; | |
| } | |
| return FALSE; | |
| } | |
| /** | |
| * @access private | |
| **/ | |
| public static function verifyAccess(array $m) { | |
| if(isset($m['class']['AccessControl']['properties']['requires'])) { | |
| static::$Requires = $m['class']['AccessControl']['properties']['requires']; | |
| } | |
| else { | |
| static::$Requires = FALSE; | |
| } | |
| if($Requires) { | |
| if(static::$Roles[static::$Role]['access'] >= static::$Roles[static::$Requires]['access']) { | |
| return TRUE; | |
| } | |
| else { | |
| return FALSE; | |
| } | |
| } | |
| else { | |
| return TRUE; | |
| } | |
| } | |
| } | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class Test { | |
| /** | |
| * @url GET /publicapi | |
| **/ | |
| function publicapi() { | |
| return 'This method does not require any role'; | |
| } | |
| /** | |
| * @url GET /userapi | |
| * @access protected | |
| * @class AccessControl {@requires user} | |
| **/ | |
| function userapi() { | |
| return 'This method requires \'user\' role'; | |
| } | |
| /** | |
| * @url GET /adminapi | |
| * @access protected | |
| * @class AccessControl {@requires admin} | |
| **/ | |
| protected function adminapi() { | |
| return 'This method requires \'admin\' role'; | |
| } | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment