mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 07:49:27 +00:00
Can check if a user is allowed to access other user informations
This commit is contained in:
parent
c3e4c79d04
commit
1a0a812519
@ -110,6 +110,27 @@ class userController
|
|||||||
return $userInfos;
|
return $userInfos;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get advanced user informations
|
||||||
|
*
|
||||||
|
* @url POST /user/getAdvancedUserInfos
|
||||||
|
*/
|
||||||
|
public function getAdvancedInfos(){
|
||||||
|
|
||||||
|
//Get the ID of the target user
|
||||||
|
if(!isset($_POST["userID"]))
|
||||||
|
Rest_fatal_error(400, "Please specify a user ID!");
|
||||||
|
|
||||||
|
$userID = toInt($_POST["userID"]);
|
||||||
|
|
||||||
|
//Check if the user is allowed to get advanced user infromations
|
||||||
|
if(!CS::get()->components->user->userAllowed(userID, $userID))
|
||||||
|
Rest_fatal_error(401, "You are not allowed to access these information !");
|
||||||
|
|
||||||
|
echo "ok";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get current user infos using tokens
|
* Get current user infos using tokens
|
||||||
*
|
*
|
||||||
|
@ -337,7 +337,7 @@ class User{
|
|||||||
* - 1 : The page is public (for signed in users)
|
* - 1 : The page is public (for signed in users)
|
||||||
* - 2 : The page is open (for everyone)
|
* - 2 : The page is open (for everyone)
|
||||||
*/
|
*/
|
||||||
public function getUserVisibilty(int $userID) : int {
|
public function getVisibilty(int $userID) : int {
|
||||||
|
|
||||||
//Perform a request on the database
|
//Perform a request on the database
|
||||||
$tableName = $this->userTable;
|
$tableName = $this->userTable;
|
||||||
@ -373,6 +373,35 @@ class User{
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if a user is allowed to access another user page content
|
||||||
|
*
|
||||||
|
* @param $userID The ID of the user attempting to get user informations (0 = no user)
|
||||||
|
* @param $targetUser Target user for the research
|
||||||
|
* @return TRUE if the user is allowed to see the page / FALSE else
|
||||||
|
*/
|
||||||
|
public function userAllowed(int $userID, int $targetUser) : bool {
|
||||||
|
|
||||||
|
//Get the visibility level of the page
|
||||||
|
$visibility = $this->getVisibilty($targetUser);
|
||||||
|
|
||||||
|
//Check if the page is public
|
||||||
|
if($visibility == 3)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if($userID == 0)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if($visibility == 2)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if(CS::get()->components->friends->are_friend($userID, $targetUser))
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Crypt user password
|
* Crypt user password
|
||||||
|
@ -11,15 +11,31 @@
|
|||||||
*
|
*
|
||||||
* @return Boolean True for a success
|
* @return Boolean True for a success
|
||||||
*/
|
*/
|
||||||
function user_login_required(){
|
function user_login_required() : bool{
|
||||||
if(!defined("userID")){
|
if(!user_signed_in()){
|
||||||
Rest_fatal_error(401, "This function requires user to be logged in!");
|
Rest_fatal_error(401, "This function requires user to be logged in!");
|
||||||
}
|
}
|
||||||
|
|
||||||
//Check if userID is the number 0
|
|
||||||
if(userID == 0)
|
|
||||||
Rest_fatal_error(401, "This function requires user to be logged in!");
|
|
||||||
|
|
||||||
//User logged in
|
//User logged in
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check wether the user is signed in or not
|
||||||
|
*
|
||||||
|
* @return TRUE if user is signed in / FALSE else
|
||||||
|
*/
|
||||||
|
function user_signed_in() : bool {
|
||||||
|
|
||||||
|
//Check constant
|
||||||
|
if(!defined("userID"))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//Check user ID
|
||||||
|
if(userID == 0)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//User seems to be signed in
|
||||||
|
return true;
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user