hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-26 03:13:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1509 from aztech-dev/3.8

Browse Source 
Require admin right for user management via API
This commit is contained in:
Benoît Burnichon
2015-09-25 16:23:44 +02:00
parent 7bddf56d69 476a3aa67c
commit 89f705eebe
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/Alchemy/Phrasea/Controller/Api/V1.php
View File

@@ -110,6 +110,12 @@ class V1 implements ControllerProviderInterface
} }
}; };
$requireUserManagementRight = function () use ($app) {
$app['firewall']
->requireAccessToModule('admin')
->requireRight('manageusers');
};
/** /**
* OAuth log process * OAuth log process
* *
@@ -1016,7 +1022,9 @@ class V1 implements ControllerProviderInterface
$result = $app['api']->reset_password($login); $result = $app['api']->reset_password($login);
return $result->get_response(); return $result->get_response();
})->before($requirePasswordGrant); })
->before($requirePasswordGrant)
->before($requireUserManagementRight);
/** /**
* Route : /accounts/update-password/{token}/ * Route : /accounts/update-password/{token}/
@@ -1030,20 +1038,26 @@ class V1 implements ControllerProviderInterface
$result = $app['api']->set_new_password($token, $request->request->get('password', null)); $result = $app['api']->set_new_password($token, $request->request->get('password', null));
return $result->get_response(); return $result->get_response();
})->before($requirePasswordGrant); })
->before($requirePasswordGrant)
->before($requireUserManagementRight);
$controllers->post('/accounts/access-demand/', function (Request $request) use ($app) { $controllers->post('/accounts/access-demand/', function (Request $request) use ($app) {
$data = json_decode($request->getContent(false), true); $data = json_decode($request->getContent(false), true);
$result = $app['api']->create_account($data); $result = $app['api']->create_account($data);
return $result->get_response(); return $result->get_response();
})->before($requirePasswordGrant); })
->before($requirePasswordGrant)
->before($requireUserManagementRight);
$controllers->post('/accounts/unlock/{token}/', function ($token) use ($app) { $controllers->post('/accounts/unlock/{token}/', function ($token) use ($app) {
$result = $app['api']->unlock_account($token); $result = $app['api']->unlock_account($token);
return $result->get_response(); return $result->get_response();
})->before($requirePasswordGrant); })
->before($requirePasswordGrant)
->before($requireUserManagementRight);
return $controllers; return $controllers;
} }