Comments (19)
Use:
'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd=='read' && $tab=='yourtable'); },
Hope that helps.
from php-crud-api.
Wow Thank You so much that was easy.
from php-crud-api.
Note that this would enable only 'read' (GET) on 'yourtable'. In order to allow 'update' (PUT) you need to alter the condition. Also you should adjust the tablename ('yourtable') to whatever is relevant.
'table_authorizer'=>function($cmd,$db,$tab) { return (($cmd=='read'||$cmd=='update') && $tab=='yourtable'); },
see: https://github.com/mevdschee/php-crud-api/blob/master/api.php#L480
from php-crud-api.
Hello
if this is the correct syntax for the function:
function table_authorizer ($cmd,$db,$tab) { return ($cmd=='read' && $tab=='yourtable');}
Where do I put it?
I am lost...
I saw on $api but is it possible to support multiple tables or/and methods
like:
'table_authorizer'=>function($cmd,$db,$tab) {
return ($cmd=='read' && $tab=='cities',$cmd=='read' && $tab=='customers');
}
Error: Not found (entity)
Great work by the way!
from php-crud-api.
Thank you for your compliments, much appreciated!
The "or" in your function should be written as "||" not as ",". Something like:
return (($cmd=='read' && $tab=='cities')||($cmd=='read' && $tab=='customers'));
or:
return ($cmd=='read' && in_array($tab,array('cities','customers')));
Note that you are not limited to a single statement and that you may want to allow 'list' as well. To debug try adding:
var_dump($cmd,$db,$tab);
and check the output. I hope this helps.
from php-crud-api.
When I uncomment the:
'table_authorizer'=>function($cmd,$db,$tab) { return (($cmd=='read' && $tab=='cities')||($cmd=='read' && $tab=='members'));}
The output is:
Error: Not found (entity)
The var_dump shows:
NULL
NULL
NYLL
without the table_authorizer works perfectly!
from php-crud-api.
I've added (NB: Please note the 'list' command!):
'table_authorizer'=>function($cmd,$db,$tab) { var_dump($cmd,$db,$tab); return (($cmd=='read'||$cmd=='list') && $tab=='posts'); },
When I request
http://localhost:8000/blog.php/posts
It shows:
string(4) "list"
string(12) "php-crud-api"
string(5) "posts"
{"posts":{"columns":["id","user_id","category_id","content"],"records":[["1","1","1","blog started"],["2","1","2","\u20ac Hello world, \u039a\u03b1\u03bb\u03b7\u03bc\u1f73\u03c1\u03b1 \u03ba\u1f79\u03c3\u03bc\u03b5, \u30b3\u30f3\u30cb\u30c1\u30cf"],["5","1","1","#1"],["6","1","1","#2"],["7","1","1","#3"],["8","1","1","#4"],["9","1","1","#5"],["10","1","1","#6"],["11","1","1","#7"],["12","1","1","#8"],["13","1","1","#9"],["14","1","1","#10"]]}}
What does it do for you? I guess you want:
'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd!='delete' && $tab=='posts'); },
Let me know whether or not this works for you.
from php-crud-api.
Perfect!
My problem was incorect syntax!
'table_authorizer'=>function($cmd,$db,$tab) { return
($cmd!='delete' && $tab=='inventory') || ($cmd!='delete' && $tab=='cities')
;},
for multiple tables...
Let me extend it for a little bit:
On top of the api.php:
$access_key = $_GET["access_key"]; //Common call GET for the api
if (!$access_key){
$access_key = $_POST["access_key"]; //another method POST
}
if (!$access_key){ // if everything is null
die();
}
// Do some mysql querys and find if this key is right...
from php-crud-api.
Thank you for letting me know it worked out!
For the access key I suggest you take a look at: http://jwt.io/
I'm thinking of adding support for a JWT authentication service in the future.
from php-crud-api.
Where should I declare my own Never mind, found a solution.table_authorizer
? Could I do this in separate file (without altering api.php
to make it easier to maintain)?
However, is there a way to protect certain operations (with auth) and some not (without auth)?
from php-crud-api.
@loup-brun Maybe by having 2 api.php files, each giving access to different tables?
from php-crud-api.
That's what I ended up doing, but it feels wrong to make two files for basically one API, with minor differences between the two, since I am accessing the same table with different operations (read/create). Any suggestions on how this could be done in the same file, juste for the sake of making one URL for the API?
from php-crud-api.
You could let the table_authorizer be based on a combination of the table name and the session variable.
from php-crud-api.
All right, thanks!
from php-crud-api.
I'm trying this out and I'm glad I found it.
As is, it runs fine. At this time I have a table called Profiles and a few other ones. I am only interested in allowing the Profiles table to be read.
When I attempt to use the table_authorizer using the following format:
'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd=='read' && $tab=='Profiles'); },
I get the following message:
Not found (entity)
If I remove the table_authorizer line, I can see the output.
I am sure it's something I am not doing correctly. Am I suppose to include all the other config options as well? Or can I just pick and choose which one to use?
Thanks for any help on this.
from php-crud-api.
can I just pick and choose which one to use?
Yes, you can.
Did you maybe mean $cmd=='list'
instead of $cmd=='read'
?
from php-crud-api.
@mevdschee yes that's it.
It worked. My syntax was incorrect. I was following the example from the earlier response to this thread. So is $cmd==read no longer valid?
May I ask where to I can find other examples. For other items like adding, updating, deleting? What would I use for those?
Thank you.
from php-crud-api.
In the code you can see that:
case 'list': $this->listCommand($parameters); break;
case 'read': $this->readCommand($parameters); break;
case 'create': $this->createCommand($parameters); break;
case 'update': $this->updateCommand($parameters); break;
case 'delete': $this->deleteCommand($parameters); break;
case 'headers': $this->headersCommand($parameters); break;
see: https://github.com/mevdschee/php-crud-api/blob/master/api.php#L2216
from php-crud-api.
Thank you so much. You've made my day. This is what I'm looking for.
from php-crud-api.
Related Issues (20)
- Filter results if joined table has an authorization.recordHandler HOT 3
- HTML Middleware HOT 2
- Update with "where" HOT 8
- "Request Tranformer" middleware HOT 2
- Azure App Service HOT 1
- Add PHP backend to any app project with one command HOT 1
- Any advice on events integration? HOT 2
- Synchronization between local IndexedDB and MySQL Database. HOT 3
- Can the API Support Customized Cache Management for Specific Tables? HOT 9
- Question: Add property on create HOT 3
- Insights on caching with Redis HOT 2
- Using Customization handler to insert app-generated ID HOT 11
- PUT using curl comes back successful but the record is not actually updated HOT 2
- Suggestion to modify response JSON root Key (records) HOT 2
- firebase jwt public key rotation HOT 5
- "Route '' not found" HOT 3
- Additional SQL queries in authorization handlers HOT 2
- Direct usage of PHP CRUD API functions in external PHP Files HOT 8
- Failure on postgres when table name is domains HOT 10
- Returning user uploaded file using custom controller HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-crud-api.