API, write permissions

This commit is contained in:
Diego Najar 2017-09-23 13:10:05 +02:00
parent 1bd75ac2ee
commit 5f6c43e73d
5 changed files with 46 additions and 27 deletions

View File

@ -10,7 +10,7 @@ class dbPages extends dbJSON
'description'=> array('inFile'=>false, 'value'=>''),
'username'=> array('inFile'=>false, 'value'=>''),
'tags'=> array('inFile'=>false, 'value'=>array()),
'status'=> array('inFile'=>false, 'value'=>'draft'), // published, draft, scheduled
'status'=> array('inFile'=>false, 'value'=>'published'), // published, draft, scheduled
'date'=> array('inFile'=>false, 'value'=>''),
'dateModified'=> array('inFile'=>false, 'value'=>''),
'position'=> array('inFile'=>false, 'value'=>0),
@ -142,8 +142,8 @@ class dbPages extends dbJSON
}
}
} else {
// Default value for the field
$value = $options['value'];
// By default is the current value
$value = $this->db[$args['key']][$field];
}
$args[$field] = $value;
@ -158,9 +158,6 @@ class dbPages extends dbJSON
$args['date'] = $this->db[$args['key']]['date'];
}
// Current UUID
$args['uuid'] = $this->db[$args['key']]['uuid'];
// Date
$currentDate = Date::current(DB_DATE_FORMAT);

View File

@ -108,10 +108,8 @@ class dbUsers extends dbJSON
foreach ($this->db[$username] as $key=>$value) {
$User->setField($key, $value);
}
return $User;
}
return false;
}

View File

@ -349,10 +349,15 @@ function editPage($args) {
global $dbPages;
global $Syslog;
// The user is always the one loggued
$args['username'] = Session::get('username');
if ( empty($args['username']) ) {
Log::set('Function editPage()'.LOG_SEP.'Empty username.');
// Check the key is not empty
if (empty($args['key'])) {
Log::set('Function editPage()'.LOG_SEP.'Empty key.');
return false;
}
// Check if the page key exist
if (!$dbPages->exists($args['key'])) {
Log::set('Function editPage()'.LOG_SEP.'Page key does not exist, '.$args['key']);
return false;
}
@ -362,6 +367,17 @@ function editPage($args) {
unset($args['externalCoverImage']);
}
// Title and content need to be here because from inside the dbPages is not visible
if (empty($args['title']) || empty($args['content'])) {
$page = buildPage($args['key']);
if (empty($args['title'])) {
$args['title'] = $page->title();
}
if (empty($args['content'])) {
$args['content'] = $page->contentRaw();
}
}
$key = $dbPages->edit($args);
if ($key) {
// Call the plugins after page modified

View File

@ -91,13 +91,20 @@ class pluginAPI extends Plugin {
// ------------------------------------------------------------
$writePermissions = false;
if ( !empty($inputs['authentication']) ) {
// Get the user with the authentication token
// Get the user with the authentication token, FALSE if doesn't exit
$username = $dbUsers->getByAuthToken($inputs['authentication']);
if ($username!==false) {
// Enable write permissions
$writePermissions = true;
// Get the object user to check the role
$user = $dbUsers->getUser($username);
if ($user->role()=='admin') {
// Loggin the user to create the session
$Login->setLogin($username, 'admin');
// Enable write permissions
$writePermissions = true;
}
}
}
@ -270,7 +277,7 @@ class pluginAPI extends Plugin {
{
// This function is defined on functions.php
$key = createPage($args);
var_dump($key);exit;
if ($key===false) {
return array(
'status'=>'1',

View File

@ -367,6 +367,7 @@ function install($adminPassword, $email, $timezone)
// File users.php
$salt = uniqid();
$passwordHash = sha1($adminPassword.$salt);
$tokenAuth = md5( uniqid().time().DOMAIN );
$data = array(
'admin'=>array(
@ -379,7 +380,7 @@ function install($adminPassword, $email, $timezone)
'registered'=>$currentDate,
'tokenEmail'=>'',
'tokenEmailTTL'=>'2009-03-15 14:00',
'tokenAuth'=>'',
'tokenAuth'=>$tokenAuth,
'tokenAuthTTL'=>'2009-03-15 14:00',
'twitter'=>'',
'facebook'=>'',