permission on getall

4968d160 · Zohten · 35b8d31b · 4968d160 · 4968d160 · 4968d160
Commit 4968d160 authored Dec 04, 2020 by Zohten
Showing with 19 additions and 7 deletions

UserController.class.php BackEnd/src/controller/UserController.class.php +5 -0

userRequests.http BackEnd/src/testRequests/userRequests.http +1 -0

user.md doc/backend/user.md +13 -7

No files found.
--- a/BackEnd/src/controller/UserController.class.php
+++ b/BackEnd/src/controller/UserController.class.php
@@ -54,6 +54,11 @@ class UserController extends Controller
    */
    protected function getAllUsers()
    {
+        // Auth with token phase
+        $authResponse = $this->authUser(-1,'admin');
+        if($authResponse->getCode()!=200){
+            return $authResponse;
+        }
        $users = User::getList();
        $response = Response::okResponse(json_encode($users, JSON_PRETTY_PRINT));
        return $response;

--- a/BackEnd/src/testRequests/userRequests.http
+++ b/BackEnd/src/testRequests/userRequests.http
 ### Récupérer tous les users
 GET http://localhost/index.php/user
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDcwOTQyNjIsImV4cCI6MTYwNzA5Nzg2MiwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.uQTflrpgfkiI3PS3PXHI2srBpNk8uqENHDHWX-48zGk
 ### Récupérer le user avec id 3
 GET http://localhost/index.php/user/3

--- a/doc/backend/user.md
+++ b/doc/backend/user.md
@@ -2,10 +2,16 @@
 [Revenir en arrière](../BackSummary.md)
-|Méthode|Token|Endpoint            |Description                            |Champs json|
+|Méthode|Token|Permission|Endpoint            |Description                            |Champs json|
-|-------|-----|--------------------|---------------------------------------|-----------|
+|-------|-----|----------|--------------------|---------------------------------------|-----------|
-|GET    | Oui |`/user`             |Récupérer tous les users               |           |
+|GET    | Non |A|`/user`             |Récupérer tous les users               |           |
-|GET    | Oui |`/user/{id}`        |Récupérer le user {id}                 |           |
+|GET    | Non | |`/user/{id}`        |Récupérer le user {id}                 |           |
-|PUT    | Oui |`/user/{id}`        |Modifie le user {id}                   |`id`,`email`|
+|PUT    | Oui |U|`/user/{id}`        |Modifie le user {id}                   |`id`,`email`|
-|POST   | Non |`/user`             |Enregistrement d'un user               |`login`,`pwd`,`avatar`, `lastname`, `firstname`, `mail`|
+|POST   | Non | |`/user`             |Enregistrement d'un user               |`login`,`pwd`,`avatar`, `lastname`, `firstname`, `mail`|
-|DELETE | Oui |`/user/{id}`        |Suppression du user {id}               |           |
+|DELETE | Oui |U|`/user/{id}`        |Suppression du user {id}               |           |
+Permissions:
+- A = Admin seulement
+- U = Admin ou utilisateur qui agit sur sa propre ressource
+- V = N'importe qui avec un token valide
\ No newline at end of file