Commit 309e903b authored by Zohten's avatar Zohten

refactoring

parent 2deefeeb
...@@ -40,4 +40,38 @@ abstract class Controller ...@@ -40,4 +40,38 @@ abstract class Controller
} }
return $response; return $response;
} }
/**
* Authentificate a user if he has the same id as the one in token, bypassed by admin
*
* @param int $id id of the User
* @return Response
*/
public function authUser($id, $perm='user&admin'){
// Token phase
$verifyArray = $this->request->verifyJwtToken();
if ($verifyArray['message']!=="Valid token.") {
$message = json_encode($verifyArray['error']);
return Response::unauthorizedResponse($message);
}
// Auth phase
$data = $verifyArray['decodedJWT']->data;
switch ($perm) {
case 'user&admin':
if (($data->id != $id) && ($data->role != 2)) {
$message = json_encode(["message" => "You don't have access to this ressource."]);
return Response::unauthorizedResponse($message);
}
case 'admin':
if (($data->role != 2)) {
$message = json_encode(["message" => "You are not admin."]);
return Response::unauthorizedResponse($message);
}
case 'validtoken':
break;
}
$message = json_encode(["message" => "Authentified."]);
return Response::okResponse($message);
}
} }
...@@ -47,30 +47,6 @@ class UserController extends Controller ...@@ -47,30 +47,6 @@ class UserController extends Controller
return Response::errorResponse($message); return Response::errorResponse($message);
} }
/**
* Authentificate a user if he has the same id as the one in token, bypassed by admin
*
* @param int $id id of the User
* @return Response
*/
public function authUser($id){
// Token phase
$verifyArray = $this->request->verifyJwtToken();
if ($verifyArray['message']!=="Valid token.") {
$message = json_encode($verifyArray['error']);
return Response::unauthorizedResponse($message);
}
// Auth phase
$data = $verifyArray['decodedJWT']->data;
if (($data->id != $id) && ($data->role != 2)) {
$message = json_encode(["message" => "You don't have access to this account."]);
return Response::unauthorizedResponse($message);
}
$message = json_encode(["message" => "Authentified."]);
return Response::okResponse($message);
}
/** /**
* (GET) Get all users in USER table * (GET) Get all users in USER table
* *
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment