From 1f9836d1cb93e1681150bbb06bcb8e7f3fde501f Mon Sep 17 00:00:00 2001
From: Armand Bahi <armand.bahi@veremes.com>
Date: Wed, 5 Dec 2018 09:40:30 +0100
Subject: [PATCH] =?UTF-8?q?Interdire=20l'acc=C3=A8s=20=C3=A0=20vitis/webse?=
=?UTF-8?q?rvices=20aux=20non=20vitis=20admin?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
vas/rest/ws/vitis/WebServices.class.inc | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/vas/rest/ws/vitis/WebServices.class.inc b/vas/rest/ws/vitis/WebServices.class.inc
index 09331cbb..47888454 100755
--- a/vas/rest/ws/vitis/WebServices.class.inc
+++ b/vas/rest/ws/vitis/WebServices.class.inc
@@ -10,7 +10,7 @@
* \brief This file contains the WebServices php class
*
* This class defines Rest Api to Vitis WebServices
- *
+ *
*/
require_once 'Vitis.class.inc';
require_once __DIR__ . '/../../class/vitis_lib/Connection.class.inc';
@@ -73,7 +73,7 @@ class WebServices extends Vitis {
* )
*/
/**
- * @SWG\Get(path="/webservices/{web_service}",
+ * @SWG\Get(path="/webservices/{web_service}",
* tags={"WebServices"},
* summary="Get WebService",
* description="Request to get WebService by id",
@@ -108,7 +108,7 @@ class WebServices extends Vitis {
* )
*/
/**
- * @SWG\Get(path="/webservices/{web_service}/ressources",
+ * @SWG\Get(path="/webservices/{web_service}/ressources",
* tags={"WebServices"},
* summary="Get ressources list",
* description="Request to get ressources list",
@@ -143,7 +143,7 @@ class WebServices extends Vitis {
* )
*/
/**
- * @SWG\Get(path="/webservices/{web_service}/ressources/{ressource}",
+ * @SWG\Get(path="/webservices/{web_service}/ressources/{ressource}",
* tags={"WebServices"},
* summary="Get ressources infos",
* description="Request to get ressources infos",
@@ -190,6 +190,14 @@ class WebServices extends Vitis {
* @return Columns
*/
function GET() {
+ // Privilège "vitis_admin" requis.
+ if (!in_array('vitis_admin', $this->oConnection->aPrivileges)) {
+ $oError = new VitisError(1, "Rights problem : you don't have rights to list webservices");
+ $aXmlRacineAttribute['status'] = 0;
+ $sMessage = $oError->asDocument('', 'vitis', $this->aValues['sEncoding'], True, $aXmlRacineAttribute, $this->aValues['sSourceEncoding'], $this->aValues['output']);
+ return $sMessage;
+ }
+
if ($this->oConnection->oError == null) {
require("../doc/vendor/autoload.php");
@@ -449,4 +457,4 @@ class RessourceList extends WebServices {
}
-?>
\ No newline at end of file
+?>
--
GitLab