Comments (6)
Actually I got it working:
//uncomment the lines below when running in stand-alone mode:
require "lib/php_crud_api_transform.php";
require_once "lib/medoo.php";
function checkPermission($action,$database,$table,$user,$pass){
$database = new medoo([
'database_type' => 'mysql',
'database_name' => '',
'server' => 'localhost',
'username' => '',
'password' => '',
'charset' => 'utf8'
]);
$uid = $database->get("Benutzer", "ID", ["Alias" => $user] );
$sid = $database->get("SecuritygroupsUsers", "Securitygroup_ID", ["User_ID" => $uid] );
$p = $database->get("SecuritygroupsPermissions", ucfirst($action), ["AND" => ["Securitygroup_ID" => $sid, "Tablename" => $table]] );
$database->insert("APILog", [
"User" => $user,
"Table" => $table,
"Action" => ucfirst($action),
"Granted" => (bool) $p
]);
return (bool) $p;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Du musst eingeloggt sein um die API nutzen zu koennen';
exit;
} elseif ($_SERVER['PHP_AUTH_USER']=='anonym' && $_SERVER['PHP_AUTH_PW']=='anonym') {
} else {
header('HTTP/1.0 403 Forbidden');
}
$api = new PHP_CRUD_API(array(
'dbengine'=>'MySQL',
'hostname'=>'localhost',
'username'=>'',
'password'=>'',
'database'=>'',
'charset'=>'utf8',
'table_authorizer' => function($action,$database,$table) {
return checkPermission($action,$database,$table, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
));
$api->executeCommand();
I only have to implement the way for other users than "anonym".
My SecurityTable-Structure is like:
I also included a table for logging api-calls:
I initially generated default permissions for new tables like this:
INSERT INTO SecuritygroupsPermissions (`Table`, `create`, `retrieve`, `update`, `delete`, `Securitygroup_ID`, Kommentar)
SELECT
Table_NAME,
0 as `create`,
0 as `retrieve`,
0 as `update`,
0 as `delete`,
Securitygroups.ID,
CONCAT(table_name,' ',Securitygroups.`Name`) as `Name`
FROM
information_schema.`TABLES`
CROSS JOIN Securitygroups
WHERE
TABLE_SCHEMA = 'd020a380'
It was a bit tricky cause first I used the api to check the security, which results in a very bad recursion, so I decided to check them with a third party mysql class and fire "stupid" sql statements.
I know, this is not the best aproach at all but if you have some better ones, I would appreciate them.
from php-crud-api.
Maybe you can check for a header value in the permission function?
from php-crud-api.
Check out: https://github.com/mevdschee/php-crud-api/blob/master/tests/tests.php#L33
You may do something like:
return ($action=='list' || $action=='read');
Hope that helps.
from php-crud-api.
Or first try to debug this callback using:
die(json_encode(array($action,$database,$table)));
Then you may better understand how it works.
from php-crud-api.
Great! I will check that and will report back :) Have a nice and sunny sunday!
from php-crud-api.
Feel free to reopen the ticket if you have further questions.
from php-crud-api.
Related Issues (20)
- Filter results if joined table has an authorization.recordHandler HOT 3
- HTML Middleware HOT 2
- Update with "where" HOT 8
- "Request Tranformer" middleware HOT 2
- Azure App Service HOT 1
- Add PHP backend to any app project with one command HOT 1
- Any advice on events integration? HOT 2
- Synchronization between local IndexedDB and MySQL Database. HOT 3
- Can the API Support Customized Cache Management for Specific Tables? HOT 9
- Question: Add property on create HOT 3
- Insights on caching with Redis HOT 2
- Using Customization handler to insert app-generated ID HOT 11
- PUT using curl comes back successful but the record is not actually updated HOT 2
- Suggestion to modify response JSON root Key (records) HOT 2
- firebase jwt public key rotation HOT 5
- "Route '' not found" HOT 3
- Additional SQL queries in authorization handlers HOT 2
- Direct usage of PHP CRUD API functions in external PHP Files HOT 8
- Failure on postgres when table name is domains HOT 10
- Returning user uploaded file using custom controller HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-crud-api.