Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple roles and Swagger (API Explorer) access #528

Open
nocodelab opened this issue Mar 6, 2016 · 4 comments
Open

Multiple roles and Swagger (API Explorer) access #528

nocodelab opened this issue Mar 6, 2016 · 4 comments

Comments

@nocodelab
Copy link

Hi all,
I'm experiencing a problem with Restler 3 RC5.
I'm trying to set multiple user roles to my APIs access.

The API Endpoints are working properly in base of the authenticated user role.
The problem is on the API Explorer: after adding the API key the protected methods are not available.
Without using custom roles, everything is working fine.

<?php
use \Luracast\Restler\iAuthenticate;
use \Luracast\Restler\Resources;
use \Luracast\Restler\Defaults;
use \Luracast\Restler\User;

class AccessControl implements iAuthenticate
{
    public static $requires = '';
    public static $role = '';

    public function __isAllowed()
    {   

        $userClass = Defaults::$userIdentifierClass;

        $accessToken = md5($_GET['api_key'] . ADMIN_PASSWORD_SALT);
        $keyCheck = R::find( "accesstoken", "token = :accesstoken AND expire_at >= NOW();", [':accesstoken' => $accessToken]);

 // verify the access token
        if (!($keyCheck)) {
                $userClass::setCacheIdentifier($_GET['api_key']);
                return false;
        }

        $user_id = R::exportAll($keyCheck)[0]['admin_id'];

        $userDetails = R::getRow( 'SELECT admin.id, role.id, admin.role_id, role.name as role_name FROM admin LEFT JOIN role ON admin.role_id = role.id where admin.id = :id ', [':id' => $user_id ]);
        static::$role = $userDetails['role_name'];
        $userClass::setCacheIdentifier(static::$role);
        User::setUniqueIdentifier($user_id);

        Resources::$accessControlFunction = 'AccessControl::verifyAccess';


        if(is_array(static::$requires)){
            return in_array(static::$role,static::$requires);
        }else{
            return static::$role == static::$requires;
        }



    }

    public function __getWWWAuthenticateString()
    {
        return 'Query name="api_key"';
    }

     /**
     * @access private
     */
    public static function verifyAccess(array $m)
    {
        $requires =
            isset($m['class']['AccessControl']['properties']['requires'])
                ? $m['class']['AccessControl']['properties']['requires']
                : false;


        if(is_array($requires)){
            return in_array(static::$role,$requires);
        }else{
            return static::$role == $requires;
        }

    }
}

Anyone can help me?
Thanks
@nocodelab nocodelab changed the title Multiple roles and Swagger access Multiple roles and Swagger (API Explorer) access Mar 6, 2016
@igorsantos07
Copy link

This seems like a dup of #524

@nocodelab
Copy link
Author

@igorsantos07 Not sure if is the same issue..
Basically I would like to show/hide methods according to the user role.

@nocodelab
Copy link
Author

Hi all,
No one has hints/suggestion on this?

Cheers

@roynasser
Copy link

I have posted some examples on how I did this using comments at the function/endpoint level to require one or more permissions, and then hide methods which the user doesnt have permission for. Let me know if that works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@igorsantos07 @roynasser @nocodelab