themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

REST resolves the user's group on each request now.

Browse source
This commit is contained in:
CoderCow 2013-07-27 20:01:48 +02:00
parent 125884cc4d
commit d9ff9a6ac5
3 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

21
TShockAPI/Rest/SecureRest.cs
View file

@ -33,7 +33,7 @@ namespace Rests
public static readonly TokenData None = default(TokenData);
public string Username { get; set; }
public Group UserGroup { get; set; }
public string UserGroupName { get; set; }
}
public Dictionary<string,TokenData> Tokens { get; protected set; }
@ -112,7 +112,7 @@ namespace Rests
tokenHash = randbytes.Aggregate("", (s, b) => s + b.ToString("X2"));
} while (Tokens.ContainsKey(tokenHash));
Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroup = userGroup });
Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroupName = userGroup.Name });
RestObject response = new RestObject("200") { Response = "Successful login" };
response["token"] = tokenHash;
@ -141,7 +141,22 @@ namespace Rests
}
};
if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !tokenData.UserGroup.HasPermission(perm)))
Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);
if (userGroup == null)
{
Tokens.Remove(token);
return new Dictionary<string, string>
{
{"status", "403"},
{
"error",
"Not authorized. The provided token became invalid due to group changes, please create a new token."
}
};
}
if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
{
return new Dictionary<string, string>
{