Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-rest
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-rest
Commits
9d0dbf62
Commit
9d0dbf62
authored
Oct 03, 2016
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- REST:
- Added permissions to POST on im_hours
parent
c7778229
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
14 deletions
+15
-14
intranet-rest-get-procs.tcl
tcl/intranet-rest-get-procs.tcl
+4
-7
intranet-rest-post-procs.tcl
tcl/intranet-rest-post-procs.tcl
+8
-4
intranet-rest-util-procs.tcl
tcl/intranet-rest-util-procs.tcl
+3
-3
No files found.
tcl/intranet-rest-get-procs.tcl
View file @
9d0dbf62
...
...
@@ -934,16 +934,13 @@ ad_proc -private im_rest_get_im_dynfield_attributes {
aa.object_type||'.'||aa.attribute_name as rest_object_name,
da.attribute_id as rest_oid,
da.*,
aa.*,
o.*
aa.*
from im_dynfield_attributes da,
acs_attributes aa,
acs_objects o
where da.acs_attribute_id = aa.attribute_id and
da.attribute_id = o.object_id
acs_attributes aa
where da.acs_attribute_id = aa.attribute_id
$where
_clause
order by
o
.object_type,
aa
.object_type,
aa.attribute_name
"
...
...
tcl/intranet-rest-post-procs.tcl
View file @
9d0dbf62
...
...
@@ -116,20 +116,24 @@ ad_proc -private im_rest_post_object {
set content
[
im_rest_get_content
]
ns_log Notice
"im_rest_post_object: content='
$content
'"
#
Permissions for
the object type
#
Check the REST level permissions on
the object type
set rest_otype_id
[
util_memoize
[
list
db_string otype_id
"select object_type_id from im_rest_object_types where object_type = '
$rest
_otype'"
-default 0
]]
set read_p
[
im_object_permission -object_id
$rest
_otype_id -user_id
$rest
_user_id -privilege
"read"
]
if
{
!$read_p
}
{
im_rest_error -format
$format
-http_status 403 -message
"User #
$rest
_user_id has no read permission on object #
$rest
_otype_id (im_hour_interval object type)"
set write_p
[
im_object_permission -object_id
$rest
_otype_id -user_id
$rest
_user_id -privilege
"write"
]
if
{
!$write_p
}
{
set msg
"User #
$rest
_user_id has no write permission in general on object type '
$rest
_otype' - please check your REST permissions"
im_rest_error -format
$format
-http_status 403 -message
$msg
return
}
# Check if there is an object type specific permission checker
set write_p 0
if
{
0 !=
[
llength
[
info
commands
${rest_otype}
_permissions
]]}
{
ns_log Notice
"im_rest_post_object: found permission proc
${rest_otype}
_permissions - evaluating permissions"
catch
{
eval
"
${rest_otype}
_permissions
$rest
_user_id
$rest
_oid view_p read_p write_p admin_p"
}
}
else
{
ns_log Notice
"im_rest_post_object: Did not find permission proc
${rest_otype}
_permissions - POST permissions denied"
}
if
{
!$write_p
}
{
im_rest_error -format
$format
-http_status 403 -message
"User #
$rest
_user_id has no write permission on object #
$rest
_oid"
...
...
tcl/intranet-rest-util-procs.tcl
View file @
9d0dbf62
...
...
@@ -632,8 +632,7 @@ ad_proc -public im_rest_error {
ad_proc -public im_rest_get_content
{}
{
There's no
[
ns_conn content
]
so this is a hack to get the content of the
REST request.
There's no
[
ns_conn content
]
so this is a hack to get the content of the REST request.
@return string - the request
@author Dave Bauer
}
{
...
...
@@ -656,7 +655,8 @@ ad_proc -public im_rest_get_content {} {
append text
[
read
$fp
]
}
close
$fp
ns_unlink
$filename
file delete
$filename
# ns_unlink
$filename
#
;
deprecated
return
$text
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment