aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php10
-rw-r--r--include/api.php5
-rw-r--r--include/oauth.php11
-rw-r--r--include/permissions.php84
-rwxr-xr-xutil/shredder/ShredOAuth.sh2
5 files changed, 106 insertions, 6 deletions
diff --git a/boot.php b/boot.php
index 8dcc3b56b..ad75a2d25 100755
--- a/boot.php
+++ b/boot.php
@@ -651,6 +651,7 @@ class App {
public $observer = null; // xchan record of the page observer
public $profile_uid = 0; // If applicable, the channel_id of the "page owner"
public $poi = null; // "person of interest", generally a referenced connection
+ private $oauth_key = null; // consumer_id of oauth request, if used
public $layout = array(); // Comanche parsed template
public $pdl = null;
private $perms = null; // observer permissions
@@ -934,6 +935,7 @@ class App {
$this->observer = $xchan;
}
+
function get_observer() {
return $this->observer;
}
@@ -946,6 +948,14 @@ class App {
return $this->perms;
}
+ function set_oauth_key($consumer_id) {
+ $this->oauth_key = $consumer_id;
+ }
+
+ function get_oauth_key() {
+ return $this->oauth_key;
+ }
+
function get_apps() {
return $this->apps;
}
diff --git a/include/api.php b/include/api.php
index 12247c183..788a84208 100644
--- a/include/api.php
+++ b/include/api.php
@@ -78,11 +78,14 @@ require_once('include/items.php');
// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
if (!is_null($token)){
$oauth->loginUser($token->uid);
+
+ $a->set_oauth_key($consumer->key);
+
call_hooks('logged_in', $a->user);
return;
}
echo __file__.__line__.__function__."<pre>";
- var_dump($consumer, $token);
+// var_dump($consumer, $token);
die();
}
catch(Exception $e) {
diff --git a/include/oauth.php b/include/oauth.php
index 8eb8a83d8..ec754db95 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore {
logger(__function__.":".$consumer_key);
// echo "<pre>"; var_dump($consumer_key); killme();
- $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+ $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
dbesc($consumer_key)
);
- if (count($r))
+ if($r) {
+ get_app()->set_oauth_key($consumer_key);
return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+ }
return null;
}
function lookup_token($consumer, $token_type, $token) {
logger(__function__.":".$consumer.", ". $token_type.", ".$token);
- $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+ $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
dbesc($consumer->key),
dbesc($token_type),
dbesc($token)
@@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore {
function lookup_nonce($consumer, $token, $nonce, $timestamp) {
// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
- $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+ $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
dbesc($consumer->key),
dbesc($nonce),
intval($timestamp)
@@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore {
}
class FKOAuth1 extends OAuthServer {
+
function __construct() {
parent::__construct(new FKOAuthDataStore());
$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
diff --git a/include/permissions.php b/include/permissions.php
index 68ff2b3d4..f63c6da18 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -65,6 +65,10 @@ function get_perms() {
*/
function get_all_perms($uid, $observer_xchan, $internal_use = true) {
+ $api = get_app()->get_oauth_key();
+ if($api)
+ return get_all_api_perms($uid,$api);
+
$global_perms = get_perms();
// Save lots of individual lookups
@@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
*/
function perm_is_allowed($uid, $observer_xchan, $permission) {
+ $api = get_app()->get_oauth_key();
+ if($api)
+ return api_perm_is_allowed($uid,$api,$permission);
+
$arr = array(
'channel_id' => $uid,
'observer_hash' => $observer_xchan,
@@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
return false;
}
+function get_all_api_perms($uid,$api) {
+
+ $global_perms = get_perms();
+
+ $ret = array();
+
+ $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d",
+ dbesc($api),
+ intval($uid)
+ );
+
+ if(! $r)
+ return false;
+
+ $allow_all = false;
+ $allowed = array();
+ foreach($r as $rr) {
+ if($rr['xp_perm'] === 'all')
+ $allow_all = true;
+ if(! in_array($rr['xp_perm'],$allowed))
+ $allowed[] = $rr['xp_perm'];
+ }
+
+ foreach($global_perms as $perm_name => $permission) {
+ if($allow_all || in_array($perm_name,$allowed))
+ $ret[$perm_name] = true;
+ else
+ $ret[$perm_name] = false;
+
+ }
+
+ $arr = array(
+ 'channel_id' => $uid,
+ 'observer_hash' => $observer_xchan,
+ 'permissions' => $ret);
+
+ call_hooks('get_all_api_perms',$arr);
+
+ return $arr['permissions'];
+
+}
+
+
+function api_perm_is_allowed($uid,$api,$permission) {
+
+ $arr = array(
+ 'channel_id' => $uid,
+ 'observer_hash' => $observer_xchan,
+ 'permission' => $permission,
+ 'result' => false
+ );
+
+ call_hooks('api_perm_is_allowed', $arr);
+ if($arr['result'])
+ return true;
+
+ $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
+ dbesc($api),
+ intval($uid),
+ dbesc($permission)
+ );
+
+ if(! $r)
+ return false;
+
+ foreach($r as $rr) {
+ if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission)
+ return true;
+
+ }
+
+ return false;
+
+}
+
+
// Check a simple array of observers against a permissions
// return a simple array of those with permission
diff --git a/util/shredder/ShredOAuth.sh b/util/shredder/ShredOAuth.sh
index 9828124c7..f39d6f7c4 100755
--- a/util/shredder/ShredOAuth.sh
+++ b/util/shredder/ShredOAuth.sh
@@ -128,7 +128,7 @@ FO_statuses_update () {
$(OAuth_param 'status' "$2")
)
- params[${#params[@]}]=$(OAuth_param 'source' "shred")
+ params[${#params[@]}]=$(OAuth_param 'source' "shredder")
[[ "$3" != "" ]] && params[${#params[@]}]=$(OAuth_param 'in_reply_to_status_id' "$3") && local in_reply_to_status_id=( '--data-urlencode' "in_reply_to_status_id=$3" )