From 70cf526d19c010c8989c7d128a1db785e1c2f15d Mon Sep 17 00:00:00 2001 From: Jos Groot Lipman Date: Thu, 15 May 2014 08:21:23 +0000 Subject: [PATCH] API2 Uitbreiding SWITCHUSER/ X-FACILITOR-SWITCH-USER svn path=/Website/branches/v5.4.1/; revision=21595 --- APPL/API2/api2.inc | 44 +++++++++++++++++++++++++++++--- APPL/API2/model_appointments.inc | 2 ++ APPL/API2/model_reservations.inc | 2 ++ 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/APPL/API2/api2.inc b/APPL/API2/api2.inc index 80c9f03db6..7984afd946 100644 --- a/APPL/API2/api2.inc +++ b/APPL/API2/api2.inc @@ -11,7 +11,7 @@ <% api2 = { - authenticate: function _authenticate() + authenticate: function _authenticate(model) { var APIKEY; if (S("fac_api_key_in_url")) @@ -28,8 +28,9 @@ api2 = { Session.Abandon(); // Altijd, voor de zekerheid var sql = "SELECT prs_perslid_key, prs_perslid_naam" - + " FROM prs_perslid" - + " WHERE prs_perslid_apikey = " + safe.quoted_sql(APIKEY); + + " FROM prs_perslid" + + " WHERE prs_perslid_verwijder IS NULL" + + " AND prs_perslid_apikey = " + safe.quoted_sql(APIKEY); var oRs = Oracle.Execute(sql); if (oRs.Eof || !APIKEY) { @@ -42,6 +43,41 @@ api2 = { oRs.Close(); } /* global */ user = new Perslid(user_key); + + // Impersonate? + var IMPERS; + if (S("fac_api_key_in_url")) + IMPERS = getQParam("SWITCHUSER", ""); + if (!IMPERS && Request.ServerVariables("HTTP_X_FACILITOR_SWITCH_USER").Count) + IMPERS = String(Request.ServerVariables("HTTP_X_FACILITOR_SWITCH_USER")); // Meegegeven als X-FACILITOR-SWITCH-USER + if (IMPERS) // && S("fac_api_allow_impersonate") + { + var sql = "SELECT prs_perslid_key, prs_perslid_naam" + + " FROM prs_perslid" + + " WHERE prs_perslid_verwijder IS NULL" + + " AND prs_perslid_oslogin = " + safe.quoted_sql_upper(IMPERS); + var oRs = Oracle.Execute(sql); + if (oRs.Eof) + { + Response.Status = "412 Invalid X-Facilitor-Switch-User header"; + Response.End; + }; + __Log("IMPERS User is: " + oRs("prs_perslid_naam").Value); + var other_user_key = oRs("prs_perslid_key").Value; + oRs.Close(); + if (model.impersonate_auth) + { + var xfunc = user.func_enabled2(model.module, { prs_key: other_user_key, isOptional: true }); + var can = (xfunc && xfunc.canRead(model.impersonate_auth)); + if (can) + /* global */ user_key = other_user_key; + } + if (user_key != other_user_key) + { + Response.Status = "412 Unauthorized X-Facilitor-Switch-User header"; + Response.End; + } + } }, process: function _process(model) { @@ -50,7 +86,7 @@ api2 = { Session.Codepage = 65001; // We doen *uitsluitend* utf-8 Response.Charset = 'utf-8'; - api2.authenticate(); + api2.authenticate(model); var method = String(Request.ServerVariables("REQUEST_METHOD")); diff --git a/APPL/API2/model_appointments.inc b/APPL/API2/model_appointments.inc index daacf4967a..43aa4ccd2f 100644 --- a/APPL/API2/model_appointments.inc +++ b/APPL/API2/model_appointments.inc @@ -30,6 +30,7 @@ function afs_alg_onrgoed_keys(jsondata) model_appointments = { + module: "BEZ", table: "bez_afspraak", primary: "bez_afspraak_key", records_name: "appointments", @@ -49,6 +50,7 @@ model_appointments = joinfield: "bez_afspraak_key" } }, + impersonate_auth: "WEB_BEZFOF", REST_GET: function _GET(params) { var urole = "fe"; // TODO: Moet echt niet ter zake doen diff --git a/APPL/API2/model_reservations.inc b/APPL/API2/model_reservations.inc index da1e0d13ac..739d818f54 100644 --- a/APPL/API2/model_reservations.inc +++ b/APPL/API2/model_reservations.inc @@ -29,6 +29,7 @@ var sqlro = "SELECT rg.res_ruimte_nr || CASE WHEN res_ruimte_opstel_default = 1 model_reservations = { + module: "RES", table: "res_rsv_ruimte", primary: "res_rsv_ruimte_key", records_name: "reservations", @@ -48,6 +49,7 @@ model_reservations = { name: "configuration", dbs: "res_ruimte_opstelling.res_opstelling_key", typ: "key", foreign: "res_opstelling" }, ], + impersonate_auth: "WEB_RESFOF", REST_GET: function _GET(params) { var urole = "fe"; // TODO: Moet echt niet ter zake doen