API2 Uitbreiding SWITCHUSER/ X-FACILITOR-SWITCH-USER
svn path=/Website/branches/v5.4.1/; revision=21595
This commit is contained in:
Jos Groot Lipman
@@ -11,7 +11,7 @@
|
|||||||
<!-- #include file="../Shared/save2db.inc" -->
|
<!-- #include file="../Shared/save2db.inc" -->
|
||||||
<%
|
<%
|
||||||
api2 = {
|
api2 = {
|
||||||
authenticate: function _authenticate()
|
authenticate: function _authenticate(model)
|
||||||
{
|
{
|
||||||
var APIKEY;
|
var APIKEY;
|
||||||
if (S("fac_api_key_in_url"))
|
if (S("fac_api_key_in_url"))
|
||||||
@@ -28,8 +28,9 @@ api2 = {
|
|||||||
Session.Abandon(); // Altijd, voor de zekerheid
|
Session.Abandon(); // Altijd, voor de zekerheid
|
||||||
|
|
||||||
var sql = "SELECT prs_perslid_key, prs_perslid_naam"
|
var sql = "SELECT prs_perslid_key, prs_perslid_naam"
|
||||||
+ " FROM prs_perslid"
|
+ " FROM prs_perslid"
|
||||||
+ " WHERE prs_perslid_apikey = " + safe.quoted_sql(APIKEY);
|
+ " WHERE prs_perslid_verwijder IS NULL"
|
||||||
|
+ " AND prs_perslid_apikey = " + safe.quoted_sql(APIKEY);
|
||||||
var oRs = Oracle.Execute(sql);
|
var oRs = Oracle.Execute(sql);
|
||||||
if (oRs.Eof || !APIKEY)
|
if (oRs.Eof || !APIKEY)
|
||||||
{
|
{
|
||||||
@@ -42,6 +43,41 @@ api2 = {
|
|||||||
oRs.Close();
|
oRs.Close();
|
||||||
}
|
}
|
||||||
/* global */ user = new Perslid(user_key);
|
/* global */ user = new Perslid(user_key);
|
||||||
|
|
||||||
|
// Impersonate?
|
||||||
|
var IMPERS;
|
||||||
|
if (S("fac_api_key_in_url"))
|
||||||
|
IMPERS = getQParam("SWITCHUSER", "");
|
||||||
|
if (!IMPERS && Request.ServerVariables("HTTP_X_FACILITOR_SWITCH_USER").Count)
|
||||||
|
IMPERS = String(Request.ServerVariables("HTTP_X_FACILITOR_SWITCH_USER")); // Meegegeven als X-FACILITOR-SWITCH-USER
|
||||||
|
if (IMPERS) // && S("fac_api_allow_impersonate")
|
||||||
|
{
|
||||||
|
var sql = "SELECT prs_perslid_key, prs_perslid_naam"
|
||||||
|
+ " FROM prs_perslid"
|
||||||
|
+ " WHERE prs_perslid_verwijder IS NULL"
|
||||||
|
+ " AND prs_perslid_oslogin = " + safe.quoted_sql_upper(IMPERS);
|
||||||
|
var oRs = Oracle.Execute(sql);
|
||||||
|
if (oRs.Eof)
|
||||||
|
{
|
||||||
|
Response.Status = "412 Invalid X-Facilitor-Switch-User header";
|
||||||
|
Response.End;
|
||||||
|
};
|
||||||
|
__Log("IMPERS User is: " + oRs("prs_perslid_naam").Value);
|
||||||
|
var other_user_key = oRs("prs_perslid_key").Value;
|
||||||
|
oRs.Close();
|
||||||
|
if (model.impersonate_auth)
|
||||||
|
{
|
||||||
|
var xfunc = user.func_enabled2(model.module, { prs_key: other_user_key, isOptional: true });
|
||||||
|
var can = (xfunc && xfunc.canRead(model.impersonate_auth));
|
||||||
|
if (can)
|
||||||
|
/* global */ user_key = other_user_key;
|
||||||
|
}
|
||||||
|
if (user_key != other_user_key)
|
||||||
|
{
|
||||||
|
Response.Status = "412 Unauthorized X-Facilitor-Switch-User header";
|
||||||
|
Response.End;
|
||||||
|
}
|
||||||
|
}
|
||||||
},
|
},
|
||||||
process: function _process(model)
|
process: function _process(model)
|
||||||
{
|
{
|
||||||
@@ -50,7 +86,7 @@ api2 = {
|
|||||||
Session.Codepage = 65001; // We doen *uitsluitend* utf-8
|
Session.Codepage = 65001; // We doen *uitsluitend* utf-8
|
||||||
Response.Charset = 'utf-8';
|
Response.Charset = 'utf-8';
|
||||||
|
|
||||||
api2.authenticate();
|
api2.authenticate(model);
|
||||||
|
|
||||||
var method = String(Request.ServerVariables("REQUEST_METHOD"));
|
var method = String(Request.ServerVariables("REQUEST_METHOD"));
|
||||||
|
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ function afs_alg_onrgoed_keys(jsondata)
|
|||||||
|
|
||||||
model_appointments =
|
model_appointments =
|
||||||
{
|
{
|
||||||
|
module: "BEZ",
|
||||||
table: "bez_afspraak",
|
table: "bez_afspraak",
|
||||||
primary: "bez_afspraak_key",
|
primary: "bez_afspraak_key",
|
||||||
records_name: "appointments",
|
records_name: "appointments",
|
||||||
@@ -49,6 +50,7 @@ model_appointments =
|
|||||||
joinfield: "bez_afspraak_key"
|
joinfield: "bez_afspraak_key"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
impersonate_auth: "WEB_BEZFOF",
|
||||||
REST_GET: function _GET(params)
|
REST_GET: function _GET(params)
|
||||||
{
|
{
|
||||||
var urole = "fe"; // TODO: Moet echt niet ter zake doen
|
var urole = "fe"; // TODO: Moet echt niet ter zake doen
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ var sqlro = "SELECT rg.res_ruimte_nr || CASE WHEN res_ruimte_opstel_default = 1
|
|||||||
|
|
||||||
model_reservations =
|
model_reservations =
|
||||||
{
|
{
|
||||||
|
module: "RES",
|
||||||
table: "res_rsv_ruimte",
|
table: "res_rsv_ruimte",
|
||||||
primary: "res_rsv_ruimte_key",
|
primary: "res_rsv_ruimte_key",
|
||||||
records_name: "reservations",
|
records_name: "reservations",
|
||||||
@@ -48,6 +49,7 @@ model_reservations =
|
|||||||
{ name: "configuration", dbs: "res_ruimte_opstelling.res_opstelling_key", typ: "key", foreign: "res_opstelling" },
|
{ name: "configuration", dbs: "res_ruimte_opstelling.res_opstelling_key", typ: "key", foreign: "res_opstelling" },
|
||||||
],
|
],
|
||||||
|
|
||||||
|
impersonate_auth: "WEB_RESFOF",
|
||||||
REST_GET: function _GET(params)
|
REST_GET: function _GET(params)
|
||||||
{
|
{
|
||||||
var urole = "fe"; // TODO: Moet echt niet ter zake doen
|
var urole = "fe"; // TODO: Moet echt niet ter zake doen
|
||||||
|
|||||||
Reference in New Issue
Block a user