From ff7bb9ced78577864873d8ef6ea88df52c7fad62 Mon Sep 17 00:00:00 2001 From: Hugo Wetterberg Date: Thu, 26 Mar 2009 17:16:49 +0100 Subject: [PATCH] Added created and changed timestamps for tokens and consumers. In the process of adding support for editing authorizations. In the process of adding support for authorization levels. --- services_oauth.admin.inc | 41 ++++++++++++++++++-- services_oauth.install | 40 +++++++++++++++++++ services_oauth.module | 31 +++++++++++++++ services_oauth.pages.inc | 83 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 192 insertions(+), 3 deletions(-) diff --git a/services_oauth.admin.inc b/services_oauth.admin.inc index e3a7ea4..4dc0718 100644 --- a/services_oauth.admin.inc +++ b/services_oauth.admin.inc @@ -1,13 +1,41 @@ $title) { + $set = array( + '#type' => 'fieldset', + '#title' => $key . ' - ' . $title, + '#tree' => TRUE, + 'title' => array( + '#type' => 'textfield', + '#maxlength' => 255, + '#title' => t('Title'), + '#value' => $title, + ), + ); + $form[$key] = $set; + } + + $form['submit'] = array( + '#type' => 'submit', + '#value' => t('Save'), + ); + + return $form; +} + function _services_oauth_admin_authentication() { $form = array(); - + $form['intro'] = array('#value' => '

' . t('You can change the lowest required OAuth authentication level for resources and methods here. This doesn\'t affect the access checks, so the security of your site should not be affected by changing the authentication requirements.') . '

'); $methods = services_get_all(FALSE); $resources = services_get_all_resources(FALSE); + $auth_levels = array_merge(array('*' => t('Full access')), services_oauth_authorization_levels()); foreach ($resources as $name => $resource) { $ra = array($name => $resource); @@ -25,7 +53,7 @@ function _services_oauth_admin_authentication() { '#collapsed' => TRUE, '#tree' => TRUE, ); - + $cred = $controller['#auth'] ? 'token' : ($controller['#key'] ? ($controller['#verify_key'] ? 'consumer' : 'unsigned_consumer') : 'none'); $c['credentials'] = array( '#type' => 'radios', @@ -38,7 +66,14 @@ function _services_oauth_admin_authentication() { ), '#default_value' => $cred, ); - + + $c['authorization'] = array( + '#type' => 'checkboxes', + '#title' => t('Required authorization'), + '#options' => $auth_levels, + '#default_value' => $controller['#default_auth_level'] ? $controller['#default_auth_level'] : array('*'), + ); + $res_set[$path] = $c; } diff --git a/services_oauth.install b/services_oauth.install index 13bb990..f62c107 100644 --- a/services_oauth.install +++ b/services_oauth.install @@ -1,2 +1,42 @@ 'read', ':title' => 'Read access')); + db_query($insert, array(':name' => 'update', ':title' => 'Update access')); + db_query($insert, array(':name' => 'create', ':title' => 'Create access')); + db_query($insert, array(':name' => 'delete', ':title' => 'Delete access')); +} + +function services_oauth_uninstall() { + drupal_uninstall_schema('services_oauth'); +} + +function services_oauth_schema() { + $schema = array(); + + $schema['services_oauth_authorization_levels'] = array( + 'description' => t('Stores the different authorization levels that are available for access tokens.'), + 'fields' => array( + 'name' => array( + 'description' => t('The computer-readable name of the authorization level.'), + 'type' => 'varchar', + 'length' => 32, + 'not null' => TRUE, + ), + 'title' => array( + 'description' => t('The localizable title of the authorization level.'), + 'type' => 'varchar', + 'length' => 255, + 'not null' => TRUE, + ), + ), + 'primary key' => array('name'), + ); + + return $schema; +} \ No newline at end of file diff --git a/services_oauth.module b/services_oauth.module index bfa4ea7..7bb8482 100644 --- a/services_oauth.module +++ b/services_oauth.module @@ -71,6 +71,16 @@ function services_oauth_menu() { 'type' => MENU_CALLBACK, ); + $menu['user/%user/applications/authorization/%'] = array( + 'title' => 'Edit authorization', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('_services_oauth_user_authorization_edit', 1, 4), + 'access callback' => 'oauth_services_user_access', + 'access arguments' => array(1), + 'file' => 'services_oauth.pages.inc', + 'type' => MENU_CALLBACK, + ); + $menu['admin/build/services/authentication'] = array( 'title' => 'Authentication', 'page callback' => 'drupal_get_form', @@ -80,9 +90,30 @@ function services_oauth_menu() { 'type' => MENU_LOCAL_TASK, ); + $menu['admin/build/services/authorization'] = array( + 'title' => 'Authorization levels', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('_services_oauth_admin_authorization'), + 'access arguments' => array('administer services'), + 'file' => 'services_oauth.admin.inc', + 'type' => MENU_LOCAL_TASK, + ); + return $menu; } +function services_oauth_authorization_levels() { + global $levels; + if (!$levels) { + $levels = array(); + $res = db_query("SELECT * FROM {services_oauth_authorization_levels}"); + while ($level = db_fetch_object($res)) { + $levels[$level->name] = $level->title; + } + } + return $levels; +} + function oauth_services_user_access($user) { return user_edit_access($user) && (user_access('access services', $user) || user_access('services oauth register consumers', $user)); } diff --git a/services_oauth.pages.inc b/services_oauth.pages.inc index 8a5bff9..8950bab 100644 --- a/services_oauth.pages.inc +++ b/services_oauth.pages.inc @@ -195,6 +195,36 @@ function _services_oauth_user_applications($form_state, $account) { '#type' => 'fieldset', '#title' => t('Authorizations'), ); + + $tokens = oauth_common_user_access_tokens($account->uid); + $consumers = array(); + foreach ($tokens as $token) { + if (!isset($consumers[$token->consumer_key])) { + $consumers[$token->consumer_key] = DrupalOAuthConsumer::load($token->consumer_key); + } + $consumer = $consumers[$token->consumer_key]; + + $auth[$token->key] = array( + '#prefix' => '
', + '#suffix' => '
', + 'consumer_name' => array( + '#type' => 'item', + '#title' => t('Application'), + '#value' => $consumer->name, + ), + 'access_key' => array( + '#type' => 'item', + '#title' => t('Token key'), + '#value' => $token->key, + ), + 'remove_link' => array( + '#type' => 'item', + '#value' => l('Edit authorization', 'user/' . $account->uid . + '/applications/authorization/' . $token->key), + ), + ); + } + $form['authorizations'] = $auth; } @@ -208,6 +238,59 @@ function _services_oauth_user_applications_submit($form, $form_state) { } } +function _services_oauth_user_authorization_edit($form_state, $user, $key) { + $form = array(); + + $token = DrupalOAuthToken::load($key); + $consumer = DrupalOAuthConsumer::load($token->consumer_key); + + drupal_set_title(t('Authorization for !app', array('!app' => $consumer->name))); + + $form['authorized'] = array( + '#type' => 'checkbox', + '#title' => t('Authorized'), + '#value' => $token->authorized, + ); + + $form['created'] = array( + '#type' => 'item', + '#title' => t('Created'), + '#value' => format_date($token->created), + ); + + $form['changed'] = array( + '#type' => 'item', + '#title' => t('Changed'), + '#value' => format_date($token->changed), + ); + + $form['key'] = array( + '#type' => 'item', + '#title' => t('Key'), + '#value' => $token->key, + ); + + $auth_txt = array(); + foreach ($token->services as $service) { + if ($service == '*') { + $auth_txt[] = t('Full access'); + } + } + + $form['allowed'] = array( + '#type' => 'fieldset', + '#title' => t('Permissions'), + ); + + services_oauth_permissions_form($form['allowed'], $token->services); + + return $form; +} + +function services_oauth_permissions_form(&$form, $default_services=array('*')) { + +} + function _services_oauth_user_applications_add($form_state, $account) { $form = array();