Can check if a user is allowed to access other user informations

2025-11-04 04:04:20 +00:00 · 2017-12-16 15:30:04 +01:00
parent c3e4c79d04
commit 1a0a812519
3 changed files with 73 additions and 7 deletions
--- a/RestControllers/userController.php
+++ b/RestControllers/userController.php
@@ -110,6 +110,27 @@ class userController
 		return $userInfos;
 	}

+	/**
+	 * Get advanced user informations
+	 *
+	 * @url POST /user/getAdvancedUserInfos
+	 */
+	public function getAdvancedInfos(){
+
+		//Get the ID of the target user
+		if(!isset($_POST["userID"]))
+			Rest_fatal_error(400, "Please specify a user ID!");
+		
+		$userID = toInt($_POST["userID"]);
+
+		//Check if the user is allowed to get advanced user infromations
+		if(!CS::get()->components->user->userAllowed(userID, $userID))
+			Rest_fatal_error(401, "You are not allowed to access these information !");
+		
+		echo "ok";
+
+	}
+
 	/**
 	 * Get current user infos using tokens
 	 *
--- a/classes/components/user.php
+++ b/classes/components/user.php
@@ -337,7 +337,7 @@ class User{
 	 * - 1 : The page is public (for signed in users)
 	 * - 2 : The page is open (for everyone)
 	 */
-	public function getUserVisibilty(int $userID) : int {
+	public function getVisibilty(int $userID) : int {

 		//Perform a request on the database
 		$tableName = $this->userTable;
@@ -372,6 +372,35 @@ class User{
 			return 2; //Public page

 	}
+
+	/**
+	 * Check if a user is allowed to access another user page content
+	 *
+	 * @param $userID The ID of the user attempting to get user informations (0 = no user)
+	 * @param $targetUser Target user for the research
+	 * @return TRUE if the user is allowed to see the page / FALSE else
+	 */
+	public function userAllowed(int $userID, int $targetUser) : bool {
+		
+		//Get the visibility level of the page
+		$visibility = $this->getVisibilty($targetUser);
+
+		//Check if the page is public
+		if($visibility == 3)
+			return true;
+		
+		if($userID == 0)
+			return false;
+		
+		if($visibility == 2)
+			return true;
+		
+		if(CS::get()->components->friends->are_friend($userID, $targetUser))
+			return true;
+		else
+			return false;
+
+	}
 	

 	/**
--- a/functions/user.php
+++ b/functions/user.php
@@ -11,15 +11,31 @@
 *
 * @return Boolean True for a success
 */
-function user_login_required(){
-    if(!defined("userID")){
+function user_login_required() : bool{
+    if(!user_signed_in()){
        Rest_fatal_error(401, "This function requires user to be logged in!");
    }

-    //Check if userID is the number 0
-    if(userID == 0)
-        Rest_fatal_error(401, "This function requires user to be logged in!");
-
    //User logged in
    return true;
+}
+
+/**
+ * Check wether the user is signed in or not
+ *
+ * @return TRUE if user is signed in / FALSE else
+ */
+function user_signed_in() : bool {
+
+    //Check constant
+    if(!defined("userID"))
+        return false;
+    
+    //Check user ID
+    if(userID == 0)
+        return false;
+    
+    //User seems to be signed in
+    return true;
+
 }