Commit e225881e authored by thiaramus's avatar thiaramus
Browse files

check if user has group access permission

parent 34ee9bec
......@@ -22,44 +22,65 @@
class apiEchoarea extends mainApiParent
{
private $areaName = '';
private $areaList = [];
protected $allowedHttpMethods = ['GET', 'POST', 'PATCH', 'DELETE'];
private function userHasAreaAccess() {
foreach (array_keys($this->user['groups']) as $g) {
if ($this->areaList[$this->areaName]['group'] == $g) return true;
}
return false;
}
private function getList() {
$areaName = $this->apiCallPath[1];
$jam = new jam();
$msgbase = new messagebase();
$startFrom = intval(filter_input(INPUT_GET, 'startFrom', FILTER_SANITIZE_NUMBER_INT));
$startFrom = $startFrom ? $startFrom : 0;
$areas = $msgbase->getAreaList();
$lastnum = $jam->getLastNumActive($this->areaList[$this->areaName]['filename']);
if (!array_key_exists($areaName, $areas)) {
$this->syntaxErrorMessage('Area ' . $areaName . ' not found');
if ($lastnum - $startFrom - 30 >= 0) {
$headers = $jam->getMsgHeader($this->areaList[$this->areaName]['filename'], $lastnum - $startFrom - 30, 30);
} elseif ($startFrom < $lastnum) {
$headers = $jam->getMsgHeader($this->areaList[$this->areaName]['filename'], 0, $lastnum - $startFrom);
} else {
$headers = array();
}
$jam = new jam();
$headers = $jam->getMsgHeader($areas[$areaName]['filename']);
foreach ($headers as &$r) {
if (array_search('MSG_DELETED', $r['attribute1'])) {
$r = false;
} else {
if ((array_search('MSG_PRIVATE', $r['attribute1']) !== false) OR ($this->areaList[$this->areaName]['group'] == 'netmail')) {
if ((!array_search($r['OADDRESS'][0], $this->user['groups']))
AND (!array_search($r['DADDRESS'][0], $this->user['groups']))
AND (strtolower($r['RECEIVERNAME'][0]) != strtolower($this->user['realname']))
AND (strtolower($r['SENDERNAME'][0]) != strtolower($this->user['realname']))
AND (!array_search(strtolower($r['RECEIVERNAME'][0]), $this->user['aliases']))
AND (!array_search(strtolower($r['SENDERNAME'][0]), $this->user['aliases']))) {
$r = false;
}
}
}
}
$this->response($headers);
}
private function getMessage() {
$areaName = $this->apiCallPath[1];
$msgId = $this->apiCallPath[2];
$msgbase = new messagebase();
$areas = $msgbase->getAreaList();
if (!array_key_exists($areaName, $areas)) {
$this->syntaxErrorMessage('Area ' . $areaName . ' not found');
}
$jam = new jam();
$lastMsgNum = $jam->getLastNumActive($areas[$areaName]['filename']);
$message = $jam->getMessage($areas[$areaName]['filename'], $lastMsgNum - $msgId);
$message['text'] = str_replace( '<', '&lt;', $message['text'] );
$message['text'] = str_replace( '>', '&gt;', $message['text'] );
// $lastMsgNum = $jam->getLastNumActive($this->areaList[$this->areaName]['filename']);
// $message = $jam->getMessage($this->areaList[$this->areaName]['filename'], $lastMsgNum - $msgId);
$message = $jam->getMessage($this->areaList[$this->areaName]['filename'], $msgId);
$message['text'] = str_replace('<', '&lt;', $message['text']);
$message['text'] = str_replace('>', '&gt;', $message['text']);
$this->response($message);
}
......@@ -76,9 +97,34 @@
$this->syntaxErrorMessage('Not yet implemented (POST)');
}
public function run() {
/**
* Run API call validation.
*
* @throws Exception
*/
private function initAndValidateData() {
if (!array_key_exists(1, $this->apiCallPath)) {
$this->syntaxErrorMessage();
throw new Exception('Echo area undefined');
}
$this->areaName = $this->apiCallPath[1];
$this->areaList = (new messagebase())->getAreaList();
if (!array_key_exists($this->areaName, $this->areaList)) {
throw new Exception('Area ' . $this->areaName . ' not found');
}
if (!$this->userHasAreaAccess()) {
throw new Exception('Logged user does not have a permission to access ' . $this->areaName);
}
}
public function run() {
try {
$this->initAndValidateData();
} catch (Exception $e) {
$this->syntaxErrorMessage($e->getMessage());
return;
}
if (array_key_exists(2, $this->apiCallPath)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment