Question On table_authorizer about php-crud-api HOT 19 CLOSED

Use:

'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd=='read' && $tab=='yourtable'); },

Hope that helps.

from php-crud-api.

Wow Thank You so much that was easy.

from php-crud-api.

Note that this would enable only 'read' (GET) on 'yourtable'. In order to allow 'update' (PUT) you need to alter the condition. Also you should adjust the tablename ('yourtable') to whatever is relevant.

'table_authorizer'=>function($cmd,$db,$tab) { return (($cmd=='read'||$cmd=='update') && $tab=='yourtable'); },

see: https://github.com/mevdschee/php-crud-api/blob/master/api.php#L480

from php-crud-api.

Hello
if this is the correct syntax for the function:

function table_authorizer ($cmd,$db,$tab) { return ($cmd=='read' && $tab=='yourtable');}
Where do I put it?
I am lost...

I saw on $api but is it possible to support multiple tables or/and methods
like:

'table_authorizer'=>function($cmd,$db,$tab) {
return ($cmd=='read' && $tab=='cities',$cmd=='read' && $tab=='customers');
}

Error: Not found (entity)

Great work by the way!

from php-crud-api.

Thank you for your compliments, much appreciated!

The "or" in your function should be written as "||" not as ",". Something like:

return (($cmd=='read' && $tab=='cities')||($cmd=='read' && $tab=='customers'));

or:

return ($cmd=='read' && in_array($tab,array('cities','customers')));

Note that you are not limited to a single statement and that you may want to allow 'list' as well. To debug try adding:

var_dump($cmd,$db,$tab);

and check the output. I hope this helps.

from php-crud-api.

When I uncomment the:
'table_authorizer'=>function($cmd,$db,$tab) { return (($cmd=='read' && $tab=='cities')||($cmd=='read' && $tab=='members'));}

The output is:
Error: Not found (entity)

The var_dump shows:
NULL
NULL
NYLL

without the table_authorizer works perfectly!

from php-crud-api.

I've added (NB: Please note the 'list' command!):

'table_authorizer'=>function($cmd,$db,$tab) { var_dump($cmd,$db,$tab); return (($cmd=='read'||$cmd=='list') && $tab=='posts'); },

When I request

http://localhost:8000/blog.php/posts

It shows:

string(4) "list"
string(12) "php-crud-api"
string(5) "posts"
{"posts":{"columns":["id","user_id","category_id","content"],"records":[["1","1","1","blog started"],["2","1","2","\u20ac Hello world, \u039a\u03b1\u03bb\u03b7\u03bc\u1f73\u03c1\u03b1 \u03ba\u1f79\u03c3\u03bc\u03b5, \u30b3\u30f3\u30cb\u30c1\u30cf"],["5","1","1","#1"],["6","1","1","#2"],["7","1","1","#3"],["8","1","1","#4"],["9","1","1","#5"],["10","1","1","#6"],["11","1","1","#7"],["12","1","1","#8"],["13","1","1","#9"],["14","1","1","#10"]]}}

What does it do for you? I guess you want:

'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd!='delete' && $tab=='posts'); },

Let me know whether or not this works for you.

from php-crud-api.

Perfect!
My problem was incorect syntax!
'table_authorizer'=>function($cmd,$db,$tab) { return

($cmd!='delete' && $tab=='inventory') || ($cmd!='delete' && $tab=='cities')

;},

for multiple tables...
Let me extend it for a little bit:

On top of the api.php:

$access_key = $_GET["access_key"]; //Common call GET for the api

if (!$access_key){
$access_key = $_POST["access_key"]; //another method POST
}

if (!$access_key){ // if everything is null
die();
}

// Do some mysql querys and find if this key is right...

from php-crud-api.

Thank you for letting me know it worked out!

For the access key I suggest you take a look at: http://jwt.io/

I'm thinking of adding support for a JWT authentication service in the future.

from php-crud-api.

Where should I declare my own table_authorizer? Could I do this in separate file (without altering api.php to make it easier to maintain)? Never mind, found a solution.

However, is there a way to protect certain operations (with auth) and some not (without auth)?

from php-crud-api.

@loup-brun Maybe by having 2 api.php files, each giving access to different tables?

from php-crud-api.

That's what I ended up doing, but it feels wrong to make two files for basically one API, with minor differences between the two, since I am accessing the same table with different operations (read/create). Any suggestions on how this could be done in the same file, juste for the sake of making one URL for the API?

from php-crud-api.

You could let the table_authorizer be based on a combination of the table name and the session variable.

from php-crud-api.

All right, thanks!

from php-crud-api.

I'm trying this out and I'm glad I found it.
As is, it runs fine. At this time I have a table called Profiles and a few other ones. I am only interested in allowing the Profiles table to be read.

When I attempt to use the table_authorizer using the following format:
'table_authorizer'=>function($cmd,$db,$tab) { return ($cmd=='read' && $tab=='Profiles'); },

I get the following message:
Not found (entity)

If I remove the table_authorizer line, I can see the output.

I am sure it's something I am not doing correctly. Am I suppose to include all the other config options as well? Or can I just pick and choose which one to use?

Thanks for any help on this.

from php-crud-api.

can I just pick and choose which one to use?

Yes, you can.

Did you maybe mean $cmd=='list' instead of $cmd=='read'?

from php-crud-api.

@mevdschee yes that's it.

It worked. My syntax was incorrect. I was following the example from the earlier response to this thread. So is $cmd==read no longer valid?

May I ask where to I can find other examples. For other items like adding, updating, deleting? What would I use for those?

Thank you.

from php-crud-api.

In the code you can see that:

case 'list': $this->listCommand($parameters); break;
case 'read': $this->readCommand($parameters); break;
case 'create': $this->createCommand($parameters); break;
case 'update': $this->updateCommand($parameters); break;
case 'delete': $this->deleteCommand($parameters); break;
case 'headers': $this->headersCommand($parameters); break;

see: https://github.com/mevdschee/php-crud-api/blob/master/api.php#L2216

from php-crud-api.

Thank you so much. You've made my day. This is what I'm looking for.

from php-crud-api.