Skip to content
This repository was archived by the owner on Sep 10, 2021. It is now read-only.

Commit cc7183c

Browse files
zachmullenzachmullen
committed
ENH: refs #250. Allow session based authentication in web API
1 parent d993e02 commit cc7183c

File tree

1 file changed

+29
-91
lines changed

1 file changed

+29
-91
lines changed

modules/api/controllers/IndexController.php

Lines changed: 29 additions & 91 deletions
Original file line numberDiff line numberDiff line change
@@ -400,32 +400,33 @@ private function _initApiCommons()
400400
$this->uploadApi = new KwUploadAPI($this->apiSetup);
401401
}
402402

403-
/** Return the user id given the arguments */
404-
private function _getUserId($args)
403+
/** Return the user dao */
404+
private function _getUser($args)
405405
{
406-
if(!array_key_exists('token', $args))
406+
if(array_key_exists('useSession', $args))
407407
{
408-
return 0;
408+
return $this->userSession->Dao;
409409
}
410-
$token = $args['token'];
411-
$userapiDao = $this->Api_Userapi->getUserapiFromToken($token);
412-
if(!$userapiDao)
413-
{
414-
throw new Exception('Invalid token', MIDAS_INVALID_TOKEN);
415-
}
416-
return $userapiDao->getUserId();
417-
}
418-
419-
/** Return the user */
420-
private function _getUser($args)
421-
{
422-
$userid = $this->_getUserId($args);
423-
if($userid == 0)
410+
else
424411
{
425-
return false;
412+
if(!array_key_exists('token', $args))
413+
{
414+
return 0;
415+
}
416+
$token = $args['token'];
417+
$userapiDao = $this->Api_Userapi->getUserapiFromToken($token);
418+
if(!$userapiDao)
419+
{
420+
throw new Exception('Invalid token', MIDAS_INVALID_TOKEN);
421+
}
422+
$userid = $userapiDao->getUserId();
423+
if($userid == 0)
424+
{
425+
return false;
426+
}
427+
$userDao = $this->User->load($userid);
428+
return $userDao;
426429
}
427-
$userDao = $this->User->load($userid);
428-
return $userDao;
429430
}
430431

431432
/** Controller action handling REST request */
@@ -732,18 +733,9 @@ function communityGet($args)
732733
{
733734
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
734735
}
736+
$userDao = $this->_getUser($args);
735737

736738
$communityid = $args['id'];
737-
738-
if(array_key_exists('token', $args))
739-
{
740-
$userDao = $this->_getUser($args);
741-
}
742-
else
743-
{
744-
$userDao = false;
745-
}
746-
747739
$community = $this->Community->load($communityid);
748740

749741
if($community === false || !$this->Community->policyCheck($community, $userDao, MIDAS_POLICY_READ))
@@ -761,18 +753,9 @@ function folderContent($args)
761753
{
762754
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
763755
}
756+
$userDao = $this->_getUser($args);
764757

765758
$id = $args['id'];
766-
767-
if(array_key_exists('token', $args))
768-
{
769-
$userDao = $this->_getUser($args);
770-
}
771-
else
772-
{
773-
$userDao = false;
774-
}
775-
776759
$parent = $this->Folder->load($id);
777760

778761
if($parent === false || !$this->Folder->policyCheck($parent, $userDao, MIDAS_POLICY_READ))
@@ -855,18 +838,9 @@ function folderGet($args)
855838
{
856839
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
857840
}
841+
$userDao = $this->_getUser($args);
858842

859843
$id = $args['id'];
860-
861-
if(array_key_exists('token', $args))
862-
{
863-
$userDao = $this->_getUser($args);
864-
}
865-
else
866-
{
867-
$userDao = false;
868-
}
869-
870844
$folder = $this->Folder->load($id);
871845

872846
if($folder === false || !$this->Folder->policyCheck($folder, $userDao, MIDAS_POLICY_READ))
@@ -983,18 +957,9 @@ function itemGet($args)
983957
{
984958
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
985959
}
960+
$userDao = $this->_getUser($args);
986961

987962
$itemid = $args['id'];
988-
989-
if(array_key_exists('token', $args))
990-
{
991-
$userDao = $this->_getUser($args);
992-
}
993-
else
994-
{
995-
$userDao = false;
996-
}
997-
998963
$item = $this->Item->load($itemid);
999964

1000965
if($item === false || !$this->Item->policyCheck($item, $userDao, MIDAS_POLICY_READ))
@@ -1028,18 +993,9 @@ function itemGetMetadata($args)
1028993
{
1029994
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
1030995
}
996+
$userDao = $this->_getUser($args);
1031997

1032998
$itemid = $args['id'];
1033-
1034-
if(array_key_exists('token', $args))
1035-
{
1036-
$userDao = $this->_getUser($args);
1037-
}
1038-
else
1039-
{
1040-
$userDao = false;
1041-
}
1042-
1043999
$item = $this->Item->load($itemid);
10441000

10451001
if($item === false || !$this->Item->policyCheck($item, $userDao, MIDAS_POLICY_READ))
@@ -1082,18 +1038,9 @@ function folderDownload($args)
10821038
{
10831039
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
10841040
}
1041+
$userDao = $this->_getUser($args);
10851042

10861043
$id = $args['id'];
1087-
1088-
if(array_key_exists('token', $args))
1089-
{
1090-
$userDao = $this->_getUser($args);
1091-
}
1092-
else
1093-
{
1094-
$userDao = false;
1095-
}
1096-
10971044
$folder = $this->Folder->load($id);
10981045

10991046
if($folder === false || !$this->Folder->policyCheck($folder, $userDao, MIDAS_POLICY_READ))
@@ -1111,18 +1058,9 @@ function itemDownload($args)
11111058
{
11121059
throw new Exception('Parameter id is not defined', MIDAS_INVALID_PARAMETER);
11131060
}
1061+
$userDao = $this->_getUser($args);
11141062

11151063
$id = $args['id'];
1116-
1117-
if(array_key_exists('token', $args))
1118-
{
1119-
$userDao = $this->_getUser($args);
1120-
}
1121-
else
1122-
{
1123-
$userDao = false;
1124-
}
1125-
11261064
$item = $this->Item->load($id);
11271065

11281066
if($item === false || !$this->Item->policyCheck($item, $userDao, MIDAS_POLICY_READ))

0 commit comments

Comments
 (0)