print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
break;
}
- print json_encode( array( 'response' => 'ok', 'key' => $key, 'host' => $host, 'access' => authlevel_name( $level ) ) );
+ print json_encode( array( 'response' => 'ok', 'key' => $key, 'host' => $host, 'access' => authlevel_name( get_authorization( "key", $key ) ) ) );
break;
}
else print json_encode ( array( 'response' => 'invalid') );
// needed parameters should be username and access level
// If the authorization does not exist, add it.
// If the user is already authorized, replace access level.
+ if ( ! can_write() )
+ simple_authfail();
+
+ if ( array_key_exists('username', $_GET )
+ && array_key_exists('access', $_GET ))
+ {
+ $user = $_GET['username'];
+ $access = $_GET['access'];
+ $level = authlevel_value( $access );
+
+ if ( ! $level )
+ {
+ print json_encode ( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
+ break;
+ }
+ if ( ! authuser_getinfo( $user ) )
+ {
+ print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
+ break;
+ }
+
+ if ( ! update_authorization( "user", $user, $level ) )
+ {
+ print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+ break;
+ }
+
+ print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
+ break;
+ }
+ else print json_encode ( array( 'response' => 'invalid') );
+ break;
+
case "/remove_user":
// If the current authentication has write access:
// Remove authorization for the given users.
// Delete user from backend if backend is read-write.
+ if ( ! can_write() )
+ simple_authfail();
+
+ if ( array_key_exists('username', $_GET ))
+ {
+ $user = $_GET['username'];
+
+ $t_level = get_authorization( "user", $user );
+
+ if ( $t_level && ! remove_authorization( $user ) )
+ {
+ print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+ break;
+ }
+ if ( ! authmethod_readonly() )
+ {
+ if ( !authuser_getinfo( $user ) )
+ {
+ print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
+ break;
+ }
+ if ( !authuser_delete( $user ) )
+ {
+ print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+ break;
+ }
+ }
+
+ print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
+ break;
+ }
+ else print json_encode ( array( 'response' => 'invalid') );
+ break;
+
case "/list_users":
// List valid API user-acounts.
// Fail with notauthorized if current authentication
// does not have write access.
// Should not return users from backend,
// but should only return users with authorization.
+ if ( ! can_write() )
+ simple_authfail();
+ $list = list_users();
+ print json_encode( array( 'response' => 'ok', 'list' => $list ) );
+ break;
+
case "/add_user":
// Add user to backend if backend is read-write and
// the current authentication has write access.
git.defcon.no / hermes / blobdiff