From: jerome Date: Fri, 23 Jan 2009 05:31:02 +0000 (+0000) Subject: web service MDL-12886 implement authentication token systemprototype X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=338bf5a7419770f152d076b881283dd1cebadcfb;p=moodle.git web service MDL-12886 implement authentication token systemprototype --- diff --git a/user/external.php b/user/external.php index 4e74939c51..b9ecce287a 100644 --- a/user/external.php +++ b/user/external.php @@ -86,15 +86,15 @@ final class user_external extends moodle_external { * @return boolean true if success */ static function tmp_delete_user($params) { - global $DB; + global $DB,$USER; + $user = $DB->get_record('user', array('username'=>$params['username'], 'mnethostid'=>$params['mnethostid'])); - /// PLEASE UNCOMMENT HERE ONCE AUTHENTICATION IS IMPLEMENTED - $USER/context need to be set here -// if (has_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM))) { + if (has_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM))) { return delete_user($user); //this function is in moodlelib.php -// } -// else { -// throw new moodle_exception('couldnotdeleteuser'); -// } + } + else { + throw new moodle_exception('couldnotdeleteuser'); + } } diff --git a/webservice/rest/locallib.php b/webservice/rest/locallib.php index de81868107..9297c9b844 100644 --- a/webservice/rest/locallib.php +++ b/webservice/rest/locallib.php @@ -14,7 +14,8 @@ * @return string xml object */ function call_moodle_function ($rest_arguments) { - global $CFG; + global $CFG, $USER; + ///REST params conversion $functionname = substr($rest_arguments,strrpos($rest_arguments,"/")+1); //retrieve the function name (it's located after the last '/') in $rest_arguments //$rest_argument @@ -24,18 +25,6 @@ function call_moodle_function ($rest_arguments) { $classname = substr($classname,1, strlen($classname) - 1); //remove first _ (e.g. _mod_forum => mod_forum) $classname .= 'external'; - require_once($CFG->dirroot.$apipath.'external.php'); - $wsapi = new $classname(); - $description = $wsapi->get_function_webservice_description($functionname); //retrieve the web service description for this function - -///This following line is only REST protocol - $params = retrieve_params ($description); //retrieve the REST params - -///Generic part to any protocols - if ($params === false) { - //return an error message, the REST params doesn't match with the web service description - } - /// Authentication process /// TODO: this use a fake token => need to implement token generation $token = optional_param('token',null,PARAM_ALPHANUM); @@ -50,11 +39,30 @@ function call_moodle_function ($rest_arguments) { } } } else { - if (!mock_check_token($token)) { + $user = mock_check_token($token); + if (empty($user)) { throw new moodle_exception('wrongidentification'); } + else { + $USER = $user; + } + } + +/// load the external class + require_once($CFG->dirroot.$apipath.'external.php'); + $wsapi = new $classname(); + $description = $wsapi->get_function_webservice_description($functionname); //retrieve the web service description for this function + +/// This following line is only REST protocol + $params = retrieve_params ($description); //retrieve the REST params + +/// Generic part to any protocols + if ($params === false) { + //return an error message, the REST params doesn't match with the web service description } + + $res = call_user_func_array ( $classname.'::'.$functionname, array($params)); ///Transform result into xml in order to send the REST response @@ -64,14 +72,23 @@ function call_moodle_function ($rest_arguments) { } /** - * TODO: remove this funcion once token implementation is done + * TODO: remove/rewrite this funcion * Mock function waiting for token system implementation * @param $token * @return */ function mock_check_token($token) { + //fake test if ($token == 465465465468468464) { - return true; + ///retrieve the user + global $DB; + $user = $DB->get_record('user', array('username'=>'admin', 'mnethostid'=>1)); + + if (empty($user)) { + return false; + } + + return $user; } else { return false; }