Can check if a user is allowed to access other user informations

This commit is contained in:
Pierre 2017-12-16 15:30:04 +01:00
parent c3e4c79d04
commit 1a0a812519
3 changed files with 73 additions and 7 deletions

View File

@ -110,6 +110,27 @@ class userController
return $userInfos; return $userInfos;
} }
/**
* Get advanced user informations
*
* @url POST /user/getAdvancedUserInfos
*/
public function getAdvancedInfos(){
//Get the ID of the target user
if(!isset($_POST["userID"]))
Rest_fatal_error(400, "Please specify a user ID!");
$userID = toInt($_POST["userID"]);
//Check if the user is allowed to get advanced user infromations
if(!CS::get()->components->user->userAllowed(userID, $userID))
Rest_fatal_error(401, "You are not allowed to access these information !");
echo "ok";
}
/** /**
* Get current user infos using tokens * Get current user infos using tokens
* *

View File

@ -337,7 +337,7 @@ class User{
* - 1 : The page is public (for signed in users) * - 1 : The page is public (for signed in users)
* - 2 : The page is open (for everyone) * - 2 : The page is open (for everyone)
*/ */
public function getUserVisibilty(int $userID) : int { public function getVisibilty(int $userID) : int {
//Perform a request on the database //Perform a request on the database
$tableName = $this->userTable; $tableName = $this->userTable;
@ -373,6 +373,35 @@ class User{
} }
/**
* Check if a user is allowed to access another user page content
*
* @param $userID The ID of the user attempting to get user informations (0 = no user)
* @param $targetUser Target user for the research
* @return TRUE if the user is allowed to see the page / FALSE else
*/
public function userAllowed(int $userID, int $targetUser) : bool {
//Get the visibility level of the page
$visibility = $this->getVisibilty($targetUser);
//Check if the page is public
if($visibility == 3)
return true;
if($userID == 0)
return false;
if($visibility == 2)
return true;
if(CS::get()->components->friends->are_friend($userID, $targetUser))
return true;
else
return false;
}
/** /**
* Crypt user password * Crypt user password

View File

@ -11,15 +11,31 @@
* *
* @return Boolean True for a success * @return Boolean True for a success
*/ */
function user_login_required(){ function user_login_required() : bool{
if(!defined("userID")){ if(!user_signed_in()){
Rest_fatal_error(401, "This function requires user to be logged in!"); Rest_fatal_error(401, "This function requires user to be logged in!");
} }
//Check if userID is the number 0
if(userID == 0)
Rest_fatal_error(401, "This function requires user to be logged in!");
//User logged in //User logged in
return true; return true;
} }
/**
* Check wether the user is signed in or not
*
* @return TRUE if user is signed in / FALSE else
*/
function user_signed_in() : bool {
//Check constant
if(!defined("userID"))
return false;
//Check user ID
if(userID == 0)
return false;
//User seems to be signed in
return true;
}