X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Fauth.php;fp=api%2Fauth.php;h=336c6c34fa7fc1d074e3ce5149a5afd761bf1e1e;hb=672f041e45c91540c7246f22728b6eb444612013;hp=1513aae2d7585dd948c387f439e1a240abca605a;hpb=c2f99e5e48ac8d3be1f3140b696bd307a4adb9d0;p=hermes

diff --git a/api/auth.php b/api/auth.php
index 1513aae..336c6c3 100644
--- a/api/auth.php
+++ b/api/auth.php
@@ -130,7 +130,7 @@ else
 					print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
 					break;
 				}
-				print json_encode( array( 'response' => 'ok', 'key' => $key, 'host' => $host, 'access' => authlevel_name( $level ) ) );
+				print json_encode( array( 'response' => 'ok', 'key' => $key, 'host' => $host, 'access' => authlevel_name( get_authorization( "key", $key ) ) ) );
 				break;
 			}
 			else print json_encode ( array( 'response' => 'invalid') );
@@ -175,16 +175,89 @@ else
 			// needed parameters should be username and access level
 			// If the authorization does not exist, add it.
 			// If the user is already authorized, replace access level.
+			if ( ! can_write() )
+				simple_authfail();
+
+			if ( array_key_exists('username', $_GET )
+				&& array_key_exists('access', $_GET ))
+			{
+				$user = $_GET['username'];
+				$access = $_GET['access'];
+				$level = authlevel_value( $access );
+
+				if ( ! $level )
+				{
+					print json_encode ( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
+					break;	
+				}
+				if ( ! authuser_getinfo( $user ) )
+				{
+					print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
+					break;
+				}
+
+				if ( ! update_authorization( "user", $user, $level ) )
+				{
+					print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+					break;
+				}
+
+				print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
+				break;
+			}
+			else print json_encode ( array( 'response' => 'invalid') );
+			break;	
+
 		case "/remove_user":
 			// If the current authentication has write access:
 			// Remove authorization for the given users.
 			// Delete user from backend if backend is read-write.
+			if ( ! can_write() )
+				simple_authfail();
+
+			if ( array_key_exists('username', $_GET ))
+			{
+				$user = $_GET['username'];
+
+				$t_level = get_authorization( "user", $user ); 
+
+				if ( $t_level && ! remove_authorization( $user ) )
+				{
+					print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+					break;
+				}
+				if ( ! authmethod_readonly() )
+				{
+					if ( !authuser_getinfo( $user ) )
+					{
+						print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
+						break;
+					}
+					if ( !authuser_delete( $user ) )
+					{
+						print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
+						break;
+					}
+				}
+
+				print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
+				break;
+			}
+			else print json_encode ( array( 'response' => 'invalid') );
+			break;	
+
 		case "/list_users":
 			// List valid API user-acounts.
 			// Fail with notauthorized if current authentication
 			// does not have write access.
 			// Should not return users from backend, 
 			// but should only return users with authorization.
+			if ( ! can_write() )
+				simple_authfail();
+			$list = list_users();
+			print json_encode( array( 'response' => 'ok', 'list' => $list ) );
+			break;
+
 		case "/add_user":
 			// Add user to backend if backend is read-write and
 			// the current authentication has write access.