mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-12-28 06:28:58 +00:00
Can check if a user is allowed to access other user informations
This commit is contained in:
parent
c3e4c79d04
commit
1a0a812519
@ -110,6 +110,27 @@ class userController
|
||||
return $userInfos;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get advanced user informations
|
||||
*
|
||||
* @url POST /user/getAdvancedUserInfos
|
||||
*/
|
||||
public function getAdvancedInfos(){
|
||||
|
||||
//Get the ID of the target user
|
||||
if(!isset($_POST["userID"]))
|
||||
Rest_fatal_error(400, "Please specify a user ID!");
|
||||
|
||||
$userID = toInt($_POST["userID"]);
|
||||
|
||||
//Check if the user is allowed to get advanced user infromations
|
||||
if(!CS::get()->components->user->userAllowed(userID, $userID))
|
||||
Rest_fatal_error(401, "You are not allowed to access these information !");
|
||||
|
||||
echo "ok";
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Get current user infos using tokens
|
||||
*
|
||||
|
@ -337,7 +337,7 @@ class User{
|
||||
* - 1 : The page is public (for signed in users)
|
||||
* - 2 : The page is open (for everyone)
|
||||
*/
|
||||
public function getUserVisibilty(int $userID) : int {
|
||||
public function getVisibilty(int $userID) : int {
|
||||
|
||||
//Perform a request on the database
|
||||
$tableName = $this->userTable;
|
||||
@ -372,6 +372,35 @@ class User{
|
||||
return 2; //Public page
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user is allowed to access another user page content
|
||||
*
|
||||
* @param $userID The ID of the user attempting to get user informations (0 = no user)
|
||||
* @param $targetUser Target user for the research
|
||||
* @return TRUE if the user is allowed to see the page / FALSE else
|
||||
*/
|
||||
public function userAllowed(int $userID, int $targetUser) : bool {
|
||||
|
||||
//Get the visibility level of the page
|
||||
$visibility = $this->getVisibilty($targetUser);
|
||||
|
||||
//Check if the page is public
|
||||
if($visibility == 3)
|
||||
return true;
|
||||
|
||||
if($userID == 0)
|
||||
return false;
|
||||
|
||||
if($visibility == 2)
|
||||
return true;
|
||||
|
||||
if(CS::get()->components->friends->are_friend($userID, $targetUser))
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
@ -11,15 +11,31 @@
|
||||
*
|
||||
* @return Boolean True for a success
|
||||
*/
|
||||
function user_login_required(){
|
||||
if(!defined("userID")){
|
||||
function user_login_required() : bool{
|
||||
if(!user_signed_in()){
|
||||
Rest_fatal_error(401, "This function requires user to be logged in!");
|
||||
}
|
||||
|
||||
//Check if userID is the number 0
|
||||
if(userID == 0)
|
||||
Rest_fatal_error(401, "This function requires user to be logged in!");
|
||||
|
||||
//User logged in
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check wether the user is signed in or not
|
||||
*
|
||||
* @return TRUE if user is signed in / FALSE else
|
||||
*/
|
||||
function user_signed_in() : bool {
|
||||
|
||||
//Check constant
|
||||
if(!defined("userID"))
|
||||
return false;
|
||||
|
||||
//Check user ID
|
||||
if(userID == 0)
|
||||
return false;
|
||||
|
||||
//User seems to be signed in
|
||||
return true;
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user