From 3a216db45c510f2601fcdb3b879e2e20dce63dd5 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 16 Dec 2009 14:36:59 +0300 Subject: [PATCH] add per-user option to enable access to API --- api/index.php | 7 +++---- localized_schema.php | 1 + sanity_check.php | 2 +- schema/ttrss_schema_mysql.sql | 4 +++- schema/ttrss_schema_pgsql.sql | 4 +++- schema/versions/mysql/58.sql | 7 +++++++ schema/versions/pgsql/58.sql | 7 +++++++ 7 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 schema/versions/mysql/58.sql create mode 100644 schema/versions/pgsql/58.sql diff --git a/api/index.php b/api/index.php index ff8c70f58..90ca5405c 100644 --- a/api/index.php +++ b/api/index.php @@ -44,11 +44,10 @@ return; } -/* TODO: add pref key to disable/enable API - if ($_SESSION["uid"] && !get_pref($link, 'API_ENABLED')) { + if ($_SESSION["uid"] && $op != "logout" && !get_pref($link, 'ENABLE_API_ACCESS')) { print json_encode(array("error" => 'API_DISABLED')); return; - } */ + } switch ($op) { case "getVersion": @@ -62,7 +61,7 @@ if (authenticate_user($link, $login, $password)) { print json_encode(array("uid" => $_SESSION["uid"])); } else { - print json_encode(array("uid" => 0)); + print json_encode(array("error" => "LOGIN_ERROR")); } break; diff --git a/localized_schema.php b/localized_schema.php index 35fb6dc0c..8d827d1dc 100644 --- a/localized_schema.php +++ b/localized_schema.php @@ -81,5 +81,6 @@ __("Enable inline MP3 player"); __("Enable the Flash-based XSPF Player to play MP3-format podcast enclosures."); __("Do not show images in articles"); + __("Enable external API"); ?> diff --git a/sanity_check.php b/sanity_check.php index 600f8d9f4..55df98141 100644 --- a/sanity_check.php +++ b/sanity_check.php @@ -2,7 +2,7 @@ require_once "functions.php"; define('EXPECTED_CONFIG_VERSION', 18); - define('SCHEMA_VERSION', 57); + define('SCHEMA_VERSION', 58); if (!file_exists("config.php")) { print "Fatal Error: You forgot to copy diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql index d3c8b5f15..04c601fae 100644 --- a/schema/ttrss_schema_mysql.sql +++ b/schema/ttrss_schema_mysql.sql @@ -226,7 +226,7 @@ create table ttrss_tags (id integer primary key auto_increment, create table ttrss_version (schema_version int not null) TYPE=InnoDB; -insert into ttrss_version values (57); +insert into ttrss_version values (58); create table ttrss_enclosures (id serial not null primary key, content_url text not null, @@ -359,6 +359,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('ENABLE_OFFLINE_READING', 1, 'false', 'Enable offline reading',1, 'Synchronize new articles for offline reading using Google Gears.'); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3); + create table ttrss_user_prefs ( owner_uid integer not null, pref_name varchar(250), diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql index 61ffcb10a..b2458d4ba 100644 --- a/schema/ttrss_schema_pgsql.sql +++ b/schema/ttrss_schema_pgsql.sql @@ -202,7 +202,7 @@ create index ttrss_tags_owner_uid_index on ttrss_tags(owner_uid); create table ttrss_version (schema_version int not null); -insert into ttrss_version values (57); +insert into ttrss_version values (58); create table ttrss_enclosures (id serial not null primary key, content_url text not null, @@ -329,6 +329,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('ENABLE_OFFLINE_READING', 1, 'false', 'Enable offline reading',1, 'Synchronize new articles for offline reading using Google Gears.'); +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3); + create table ttrss_user_prefs ( owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE, pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE, diff --git a/schema/versions/mysql/58.sql b/schema/versions/mysql/58.sql new file mode 100644 index 000000000..61173c1d5 --- /dev/null +++ b/schema/versions/mysql/58.sql @@ -0,0 +1,7 @@ +begin; + +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3); + +update ttrss_version set schema_version = 58; + +commit; diff --git a/schema/versions/pgsql/58.sql b/schema/versions/pgsql/58.sql new file mode 100644 index 000000000..61173c1d5 --- /dev/null +++ b/schema/versions/pgsql/58.sql @@ -0,0 +1,7 @@ +begin; + +insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3); + +update ttrss_version set schema_version = 58; + +commit;