API, write permissions

This commit is contained in:
Diego Najar 2017-09-23 13:10:05 +02:00
parent 1bd75ac2ee
commit 5f6c43e73d
5 changed files with 46 additions and 27 deletions

View File

@ -10,7 +10,7 @@ class dbPages extends dbJSON
'description'=> array('inFile'=>false, 'value'=>''), 'description'=> array('inFile'=>false, 'value'=>''),
'username'=> array('inFile'=>false, 'value'=>''), 'username'=> array('inFile'=>false, 'value'=>''),
'tags'=> array('inFile'=>false, 'value'=>array()), 'tags'=> array('inFile'=>false, 'value'=>array()),
'status'=> array('inFile'=>false, 'value'=>'draft'), // published, draft, scheduled 'status'=> array('inFile'=>false, 'value'=>'published'), // published, draft, scheduled
'date'=> array('inFile'=>false, 'value'=>''), 'date'=> array('inFile'=>false, 'value'=>''),
'dateModified'=> array('inFile'=>false, 'value'=>''), 'dateModified'=> array('inFile'=>false, 'value'=>''),
'position'=> array('inFile'=>false, 'value'=>0), 'position'=> array('inFile'=>false, 'value'=>0),
@ -142,8 +142,8 @@ class dbPages extends dbJSON
} }
} }
} else { } else {
// Default value for the field // By default is the current value
$value = $options['value']; $value = $this->db[$args['key']][$field];
} }
$args[$field] = $value; $args[$field] = $value;
@ -158,9 +158,6 @@ class dbPages extends dbJSON
$args['date'] = $this->db[$args['key']]['date']; $args['date'] = $this->db[$args['key']]['date'];
} }
// Current UUID
$args['uuid'] = $this->db[$args['key']]['uuid'];
// Date // Date
$currentDate = Date::current(DB_DATE_FORMAT); $currentDate = Date::current(DB_DATE_FORMAT);
@ -192,9 +189,9 @@ class dbPages extends dbJSON
} }
} }
if( $climode===false ) { if ($climode===false) {
// Move the directory from old key to new key. // Move the directory from old key to new key.
if($newKey!==$args['key']) { if ($newKey!==$args['key']) {
if( Filesystem::mv(PATH_PAGES.$args['key'], PATH_PAGES.$newKey) === false ) { if( Filesystem::mv(PATH_PAGES.$args['key'], PATH_PAGES.$newKey) === false ) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to move the directory to '.PATH_PAGES.$newKey); Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to move the directory to '.PATH_PAGES.$newKey);
return false; return false;
@ -203,7 +200,7 @@ class dbPages extends dbJSON
// Make the index.txt and save the file. // Make the index.txt and save the file.
$data = implode("\n", $dataForFile); $data = implode("\n", $dataForFile);
if( file_put_contents(PATH_PAGES.$newKey.DS.FILENAME, $data) === false ) { if (file_put_contents(PATH_PAGES.$newKey.DS.FILENAME, $data)===false) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to put the content in the file '.FILENAME); Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to put the content in the file '.FILENAME);
return false; return false;
} }

View File

@ -105,13 +105,11 @@ class dbUsers extends dbJSON
$User = new User(); $User = new User();
$User->setField('username', $username); $User->setField('username', $username);
foreach($this->db[$username] as $key=>$value) { foreach ($this->db[$username] as $key=>$value) {
$User->setField($key, $value); $User->setField($key, $value);
} }
return $User; return $User;
} }
return false; return false;
} }
@ -152,8 +150,8 @@ class dbUsers extends dbJSON
// Return the username associated to an email, FALSE otherwise // Return the username associated to an email, FALSE otherwise
public function getByEmail($email) public function getByEmail($email)
{ {
foreach($this->db as $username=>$values) { foreach ($this->db as $username=>$values) {
if($values['email']==$email) { if ($values['email']==$email) {
return $username; return $username;
} }
} }
@ -163,8 +161,8 @@ class dbUsers extends dbJSON
// Returns the username with the authentication token assigned, FALSE otherwise // Returns the username with the authentication token assigned, FALSE otherwise
public function getByAuthToken($token) public function getByAuthToken($token)
{ {
foreach($this->db as $username=>$fields) { foreach ($this->db as $username=>$fields) {
if($fields['tokenAuth']==$token) { if ($fields['tokenAuth']==$token) {
return $username; return $username;
} }
} }

View File

@ -349,10 +349,15 @@ function editPage($args) {
global $dbPages; global $dbPages;
global $Syslog; global $Syslog;
// The user is always the one loggued // Check the key is not empty
$args['username'] = Session::get('username'); if (empty($args['key'])) {
if ( empty($args['username']) ) { Log::set('Function editPage()'.LOG_SEP.'Empty key.');
Log::set('Function editPage()'.LOG_SEP.'Empty username.'); return false;
}
// Check if the page key exist
if (!$dbPages->exists($args['key'])) {
Log::set('Function editPage()'.LOG_SEP.'Page key does not exist, '.$args['key']);
return false; return false;
} }
@ -362,6 +367,17 @@ function editPage($args) {
unset($args['externalCoverImage']); unset($args['externalCoverImage']);
} }
// Title and content need to be here because from inside the dbPages is not visible
if (empty($args['title']) || empty($args['content'])) {
$page = buildPage($args['key']);
if (empty($args['title'])) {
$args['title'] = $page->title();
}
if (empty($args['content'])) {
$args['content'] = $page->contentRaw();
}
}
$key = $dbPages->edit($args); $key = $dbPages->edit($args);
if ($key) { if ($key) {
// Call the plugins after page modified // Call the plugins after page modified

View File

@ -91,13 +91,20 @@ class pluginAPI extends Plugin {
// ------------------------------------------------------------ // ------------------------------------------------------------
$writePermissions = false; $writePermissions = false;
if ( !empty($inputs['authentication']) ) { if ( !empty($inputs['authentication']) ) {
// Get the user with the authentication token
// Get the user with the authentication token, FALSE if doesn't exit
$username = $dbUsers->getByAuthToken($inputs['authentication']); $username = $dbUsers->getByAuthToken($inputs['authentication']);
if ($username!==false) { if ($username!==false) {
// Enable write permissions
$writePermissions = true; // Get the object user to check the role
$user = $dbUsers->getUser($username);
if ($user->role()=='admin') {
// Loggin the user to create the session // Loggin the user to create the session
$Login->setLogin($username, 'admin'); $Login->setLogin($username, 'admin');
// Enable write permissions
$writePermissions = true;
}
} }
} }
@ -270,7 +277,7 @@ class pluginAPI extends Plugin {
{ {
// This function is defined on functions.php // This function is defined on functions.php
$key = createPage($args); $key = createPage($args);
var_dump($key);exit;
if ($key===false) { if ($key===false) {
return array( return array(
'status'=>'1', 'status'=>'1',

View File

@ -367,6 +367,7 @@ function install($adminPassword, $email, $timezone)
// File users.php // File users.php
$salt = uniqid(); $salt = uniqid();
$passwordHash = sha1($adminPassword.$salt); $passwordHash = sha1($adminPassword.$salt);
$tokenAuth = md5( uniqid().time().DOMAIN );
$data = array( $data = array(
'admin'=>array( 'admin'=>array(
@ -379,7 +380,7 @@ function install($adminPassword, $email, $timezone)
'registered'=>$currentDate, 'registered'=>$currentDate,
'tokenEmail'=>'', 'tokenEmail'=>'',
'tokenEmailTTL'=>'2009-03-15 14:00', 'tokenEmailTTL'=>'2009-03-15 14:00',
'tokenAuth'=>'', 'tokenAuth'=>$tokenAuth,
'tokenAuthTTL'=>'2009-03-15 14:00', 'tokenAuthTTL'=>'2009-03-15 14:00',
'twitter'=>'', 'twitter'=>'',
'facebook'=>'', 'facebook'=>'',