app/controllers/admin/webservice_access.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

<?php
# Lifter010: TODO
/**
 * webservice_access.php - access rules für webservices admin controller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of
 * the License, or (at your option) any later version.
 *
 * @author      André Noack <noack@data-quest.de>
 * @license     http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
 * @category    Stud.IP
 * @package     admin
 */

class Admin_WebserviceAccessController extends AuthenticatedController
{
    /**
     * common tasks for all actions
     */
    function before_filter (&$action, &$args)
    {
        global $perm, $template_factory;

        parent::before_filter($action, $args);

        $perm->check('root');

        if (!Config::get()->WEBSERVICES_ENABLE) {
            throw new AccessDeniedException(_("Die Webservices sind in diesem System nicht aktiviert."));
        }

        PageLayout::setTitle(_('Verwaltung der Zugriffsregeln für Webservices'));
        Navigation::activateItem('/admin/config/webservice_access');

        $this->get_all_rules();
    }

    /**
     * Display the list of ws access rules
     */
    function index_action()
    {
    }

     /**
     * Mark one rule as editable and display the list of ws access rules
     */
    function edit_action($id)
    {
        $this->edit = $id;
        $this->render_action('index');
    }

     /**
     * Add a new rule on top, mark as editable and display the list of ws access rules
     */
    function new_action()
    {
        array_unshift($this->ws_rules, new WebserviceAccessRule());
        $this->edit = 0;
        $this->render_action('index');
    }

    function delete_action($id)
    {
        $rule = $this->ws_rules[$id];
        if ($rule && !$rule->isNew() && $rule->delete()) {
            PageLayout::postMessage(MessageBox::success(_("Die Regel wurde gelöscht.")));
        }
        $this->redirect($this->url_for('admin/webservice_access'));
    }

    function update_action()
    {
        CSRFProtection::verifyUnsafeRequest();
        if (Request::submitted('ok')) {
            if (!($rule = $this->ws_rules[Request::int('ws_rule_id')])) {
                $rule = new WebserviceAccessRule();
                $rule->id = 0;
                array_unshift($this->ws_rules, $rule);
            }
            $rule->api_key = trim(Request::get('ws_rule_api_key'));
            $rule->method = trim(Request::get('ws_rule_method'));
            $rule->ip_range = trim(Request::get('ws_rule_ip_range'));
            $rule->type = trim(Request::get('ws_rule_type'));

            $msg = [];

            if (mb_strlen($rule->api_key) < 5) {
                $msg['error'][] = _("Bitte geben Sie einen API-Key mit min. 5 Zeichen an.");
            }
            foreach ($rule->ip_range as $key => $ip) {
                if (!$ip) {
                    unset($rule->ip_range[$key]);
                    continue;
                }
                list($ip_address, $mask) = explode('/', $ip);
                if (!ip2long($ip_address) || ($mask && ($mask < 8 || $mask > 30))) {
                    $msg['error'][] = sprintf(_("Der IP Bereich %s ist ungültig."), htmlready($ip));
                    unset($rule->ip_range[$key]);
                }
            }
            if (!$rule->method) {
                $msg['info'][] = _("Eine Regel ohne angegebene Methode gilt für alle Methoden!");
            }
            if (!count($rule->ip_range)) {
                $msg['info'][] = _("Eine Regel ohne IP Bereich gilt für alle IP Adressen!");
            }
            if ($msg['error']) {
                PageLayout::postMessage(MessageBox::error(_("Die Regel wurde nicht gespeichert."), $msg['error']));
                $this->edit = $rule->id;
                $this->render_action('index');
                return;
            } else {
                if ($rule->store()) {
                    PageLayout::postMessage(MessageBox::success(_("Die Regel wurde gespeichert."), $msg['info']));
                }
            }
        }
        $this->redirect($this->url_for('admin/webservice_access'));
    }

    function test_action()
    {
        if (Request::submitted('ok')) {
            CSRFProtection::verifyUnsafeRequest();

            $test_api_key = trim(Request::get("test_api_key"));
            $test_method = trim(Request::get("test_method"));
            $test_ip = trim(Request::get("test_ip"));

            if ($test_api_key && $test_method && $test_ip) {
                if (WebserviceAccessRule::checkAccess($test_api_key, $test_method, $test_ip)) {
                    PageLayout::postMessage(MessageBox::success(_("Zugriff erlaubt.")));
                } else {
                    PageLayout::postMessage(MessageBox::error(_("Zugriff verboten.")));
                }
            }
        }
    }

     /**
     * reload all rules from database
     */
    function get_all_rules()
    {
        $this->ws_rules = [];
        foreach (WebserviceAccessRule::findAll() as $rule) {
            $this->ws_rules[$rule->id] = $rule;
        }
    }

}