refactoring

309e903b · Zohten · 2deefeeb · 309e903b · 309e903b
Commit 309e903b authored Dec 03, 2020 by Zohten
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 24 deletions

Controller.class.php BackEnd/src/controller/Controller.class.php +34 -0

UserController.class.php BackEnd/src/controller/UserController.class.php +0 -24

No files found.
--- a/BackEnd/src/controller/Controller.class.php
+++ b/BackEnd/src/controller/Controller.class.php
@@ -40,4 +40,38 @@ abstract class Controller
        }
        return $response;
    }
+
+    /**
+    * Authentificate a user if he has the same id as the one in token, bypassed by admin
+    *
+    * @param    int    $id    id of the User
+    * @return    Response
+    */
+    public function authUser($id, $perm='user&admin'){
+        // Token phase
+        $verifyArray = $this->request->verifyJwtToken();
+        if ($verifyArray['message']!=="Valid token.") {
+            $message = json_encode($verifyArray['error']);
+            return Response::unauthorizedResponse($message);
+        }
+
+        // Auth phase
+        $data = $verifyArray['decodedJWT']->data;
+        switch ($perm) {
+            case 'user&admin':
+                if (($data->id != $id) && ($data->role != 2)) {
+                    $message = json_encode(["message" => "You don't have access to this ressource."]);
+                    return Response::unauthorizedResponse($message);
+                }
+            case 'admin':
+                if (($data->role != 2)) {
+                    $message = json_encode(["message" => "You are not admin."]);
+                    return Response::unauthorizedResponse($message);
+                }
+            case 'validtoken':
+                break;
+        }
+        $message = json_encode(["message" => "Authentified."]);
+        return Response::okResponse($message);
+    }
 }
--- a/BackEnd/src/controller/UserController.class.php
+++ b/BackEnd/src/controller/UserController.class.php
@@ -47,30 +47,6 @@ class UserController extends Controller
        return Response::errorResponse($message);
    }

-    /**
-    * Authentificate a user if he has the same id as the one in token, bypassed by admin
-    *
-    * @param    int    $id    id of the User
-    * @return    Response
-    */
-    public function authUser($id){
-        // Token phase
-        $verifyArray = $this->request->verifyJwtToken();
-        if ($verifyArray['message']!=="Valid token.") {
-            $message = json_encode($verifyArray['error']);
-            return Response::unauthorizedResponse($message);
-        }
-        // Auth phase
-        $data = $verifyArray['decodedJWT']->data;
-        if (($data->id != $id) && ($data->role != 2)) {
-            $message = json_encode(["message" => "You don't have access to this account."]);
-            return Response::unauthorizedResponse($message);
-        }
-
-        $message = json_encode(["message" => "Authentified."]);
-        return Response::okResponse($message);
-    }
-
    /**
    * (GET) Get all users in USER table
    *