Apply group weight system to API token modifications

This commit is contained in:
2026-05-19 22:30:38 +02:00
parent 995eca4111
commit fa5459df56
5 changed files with 75 additions and 54 deletions

View File

@@ -19,14 +19,7 @@ if ($API_apitoken->request_method === 'GET') {
$API_apitoken->validateData($requiredFields);
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
$API_apitoken->checkPermissions('user-apitoken-others', 'RO');
}
$API_apitoken->checkTokenPermissions($API_apitoken->data['user_uuid']);
$apitokens = $API_apitoken->getTokens();
@@ -46,23 +39,7 @@ if ($API_apitoken->request_method === 'GET') {
$API_apitoken->validateData($requiredFields, $optionalFields);
# First retrieve the user_uuid from the post and lookup the user
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_apitoken->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($user_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->checkTokenPermissions();
$API_apitoken->createNewToken();
@@ -77,18 +54,12 @@ if ($API_apitoken->request_method === 'GET') {
'api_token_uuid' => ['type' => 'uuid'],
'api_token_revoked' => ['type' => 'boolean'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->checkTokenPermissions();
$API_apitoken->revokeToken();
@@ -103,17 +74,11 @@ if ($API_apitoken->request_method === 'GET') {
$requiredFields = [
'api_token_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->checkTokenPermissions();
$API_apitoken->deleteToken();