diff options
| -rwxr-xr-x | boot.php | 10 | ||||
| -rw-r--r-- | include/api.php | 5 | ||||
| -rw-r--r-- | include/oauth.php | 11 | ||||
| -rw-r--r-- | include/permissions.php | 84 | ||||
| -rwxr-xr-x | util/shredder/ShredOAuth.sh | 2 |
5 files changed, 106 insertions, 6 deletions
@@ -651,6 +651,7 @@ class App { public $observer = null; // xchan record of the page observer public $profile_uid = 0; // If applicable, the channel_id of the "page owner" public $poi = null; // "person of interest", generally a referenced connection + private $oauth_key = null; // consumer_id of oauth request, if used public $layout = array(); // Comanche parsed template public $pdl = null; private $perms = null; // observer permissions @@ -934,6 +935,7 @@ class App { $this->observer = $xchan; } + function get_observer() { return $this->observer; } @@ -946,6 +948,14 @@ class App { return $this->perms; } + function set_oauth_key($consumer_id) { + $this->oauth_key = $consumer_id; + } + + function get_oauth_key() { + return $this->oauth_key; + } + function get_apps() { return $this->apps; } diff --git a/include/api.php b/include/api.php index 12247c183..788a84208 100644 --- a/include/api.php +++ b/include/api.php @@ -78,11 +78,14 @@ require_once('include/items.php'); // list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)){ $oauth->loginUser($token->uid); + + $a->set_oauth_key($consumer->key); + call_hooks('logged_in', $a->user); return; } echo __file__.__line__.__function__."<pre>"; - var_dump($consumer, $token); +// var_dump($consumer, $token); die(); } catch(Exception $e) { diff --git a/include/oauth.php b/include/oauth.php index 8eb8a83d8..ec754db95 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore { logger(__function__.":".$consumer_key); // echo "<pre>"; var_dump($consumer_key); killme(); - $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'", + $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'", dbesc($consumer_key) ); - if (count($r)) + if($r) { + get_app()->set_oauth_key($consumer_key); return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']); + } return null; } function lookup_token($consumer, $token_type, $token) { logger(__function__.":".$consumer.", ". $token_type.", ".$token); - $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'", + $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'", dbesc($consumer->key), dbesc($token_type), dbesc($token) @@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore { function lookup_nonce($consumer, $token, $nonce, $timestamp) { // echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme(); - $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d", + $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d", dbesc($consumer->key), dbesc($nonce), intval($timestamp) @@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore { } class FKOAuth1 extends OAuthServer { + function __construct() { parent::__construct(new FKOAuthDataStore()); $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT()); diff --git a/include/permissions.php b/include/permissions.php index 68ff2b3d4..f63c6da18 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -65,6 +65,10 @@ function get_perms() { */ function get_all_perms($uid, $observer_xchan, $internal_use = true) { + $api = get_app()->get_oauth_key(); + if($api) + return get_all_api_perms($uid,$api); + $global_perms = get_perms(); // Save lots of individual lookups @@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { */ function perm_is_allowed($uid, $observer_xchan, $permission) { + $api = get_app()->get_oauth_key(); + if($api) + return api_perm_is_allowed($uid,$api,$permission); + $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { return false; } +function get_all_api_perms($uid,$api) { + + $global_perms = get_perms(); + + $ret = array(); + + $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d", + dbesc($api), + intval($uid) + ); + + if(! $r) + return false; + + $allow_all = false; + $allowed = array(); + foreach($r as $rr) { + if($rr['xp_perm'] === 'all') + $allow_all = true; + if(! in_array($rr['xp_perm'],$allowed)) + $allowed[] = $rr['xp_perm']; + } + + foreach($global_perms as $perm_name => $permission) { + if($allow_all || in_array($perm_name,$allowed)) + $ret[$perm_name] = true; + else + $ret[$perm_name] = false; + + } + + $arr = array( + 'channel_id' => $uid, + 'observer_hash' => $observer_xchan, + 'permissions' => $ret); + + call_hooks('get_all_api_perms',$arr); + + return $arr['permissions']; + +} + + +function api_perm_is_allowed($uid,$api,$permission) { + + $arr = array( + 'channel_id' => $uid, + 'observer_hash' => $observer_xchan, + 'permission' => $permission, + 'result' => false + ); + + call_hooks('api_perm_is_allowed', $arr); + if($arr['result']) + return true; + + $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )", + dbesc($api), + intval($uid), + dbesc($permission) + ); + + if(! $r) + return false; + + foreach($r as $rr) { + if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission) + return true; + + } + + return false; + +} + + // Check a simple array of observers against a permissions // return a simple array of those with permission diff --git a/util/shredder/ShredOAuth.sh b/util/shredder/ShredOAuth.sh index 9828124c7..f39d6f7c4 100755 --- a/util/shredder/ShredOAuth.sh +++ b/util/shredder/ShredOAuth.sh @@ -128,7 +128,7 @@ FO_statuses_update () { $(OAuth_param 'status' "$2") ) - params[${#params[@]}]=$(OAuth_param 'source' "shred") + params[${#params[@]}]=$(OAuth_param 'source' "shredder") [[ "$3" != "" ]] && params[${#params[@]}]=$(OAuth_param 'in_reply_to_status_id' "$3") && local in_reply_to_status_id=( '--data-urlencode' "in_reply_to_status_id=$3" ) |