Refactor operator UUID handling in multiple methods to improve validation and error messaging
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
This commit is contained in:
parent
237af23690
commit
459cd1e27e
GPG key ID:
4D8629441B76E4CC
6 changed files with 36 additions and 21 deletions
|
|
@ -26,20 +26,26 @@
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions to delete operators', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions to delete operators', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!FederationServer::getParameter('uuid'))
|
if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})/delete$#', FederationServer::getPath(), $matches))
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Operator UUID is required', 400);
|
throw new RequestException('Operator UUID required', 400);
|
||||||
|
}
|
||||||
|
|
||||||
|
$operatorUuid = $matches[1];
|
||||||
|
if(!$operatorUuid)
|
||||||
|
{
|
||||||
|
throw new RequestException('Operator UUID required', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
$existingOperator = OperatorManager::getOperator(FederationServer::getParameter('uuid'));
|
$existingOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
if($existingOperator === null)
|
if($existingOperator === null)
|
||||||
{
|
{
|
||||||
throw new RequestException('Operator Not Found', 404);
|
throw new RequestException('Operator Not Found', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
OperatorManager::deleteOperator(FederationServer::getParameter('uuid'));
|
OperatorManager::deleteOperator($operatorUuid);
|
||||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_DELETED, sprintf('Operator %s (%s) deleted by %s (%s)',
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_DELETED, sprintf('Operator %s (%s) deleted by %s (%s)',
|
||||||
$existingOperator->getName(),
|
$existingOperator->getName(),
|
||||||
$existingOperator->getUuid(),
|
$existingOperator->getUuid(),
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,13 @@
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions to enable/disable operators', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions to enable/disable operators', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!FederationServer::getParameter('uuid'))
|
if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})/enable$#', FederationServer::getPath(), $matches))
|
||||||
|
{
|
||||||
|
throw new RequestException('Bad Request: Operator UUID is required', 400);
|
||||||
|
}
|
||||||
|
|
||||||
|
$operatorUuid = $matches[1];
|
||||||
|
if(!$operatorUuid)
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Operator UUID is required', 400);
|
throw new RequestException('Bad Request: Operator UUID is required', 400);
|
||||||
}
|
}
|
||||||
|
|
@ -44,7 +50,7 @@
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
$existingOperator = OperatorManager::getOperator(FederationServer::getParameter('uuid'));
|
$existingOperator = OperatorManager::getOperator($operatorUuid);
|
||||||
if($existingOperator === null)
|
if($existingOperator === null)
|
||||||
{
|
{
|
||||||
throw new RequestException('Operator Not Found', 404);
|
throw new RequestException('Operator Not Found', 404);
|
||||||
|
|
@ -52,7 +58,7 @@
|
||||||
|
|
||||||
if($enabled)
|
if($enabled)
|
||||||
{
|
{
|
||||||
OperatorManager::enableOperator(FederationServer::getParameter('uuid'));
|
OperatorManager::enableOperator($operatorUuid);
|
||||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_ENABLED, sprintf('Operator %s (%s) enabled by %s (%s)',
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_ENABLED, sprintf('Operator %s (%s) enabled by %s (%s)',
|
||||||
$existingOperator->getName(),
|
$existingOperator->getName(),
|
||||||
$existingOperator->getUuid(),
|
$existingOperator->getUuid(),
|
||||||
|
|
@ -62,7 +68,7 @@
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
OperatorManager::disableOperator(FederationServer::getParameter('uuid'));
|
OperatorManager::disableOperator($operatorUuid);
|
||||||
AuditLogManager::createEntry(AuditLogType::OPERATOR_DISABLED, sprintf('Operator %s (%s) disabled by %s (%s)',
|
AuditLogManager::createEntry(AuditLogType::OPERATOR_DISABLED, sprintf('Operator %s (%s) disabled by %s (%s)',
|
||||||
$existingOperator->getName(),
|
$existingOperator->getName(),
|
||||||
$existingOperator->getUuid(),
|
$existingOperator->getUuid(),
|
||||||
|
|
|
||||||
|
|
@ -23,13 +23,14 @@
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$operatorUuid = FederationServer::getParameter('uuid');
|
if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})/manage_blacklist$#', FederationServer::getPath(), $matches))
|
||||||
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
|
||||||
if($operatorUuid === null)
|
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Missing required parameters', 400);
|
throw new RequestException('Bad Request: Missing required parameters', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$operatorUuid = $matches[1];
|
||||||
|
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
||||||
|
|
||||||
if(!Validate::uuid($operatorUuid))
|
if(!Validate::uuid($operatorUuid))
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
||||||
|
|
|
||||||
|
|
@ -23,13 +23,13 @@
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$operatorUuid = FederationServer::getParameter('uuid');
|
if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})/manage_client$#', FederationServer::getPath(), $matches))
|
||||||
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
|
||||||
if($operatorUuid === null)
|
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Missing required parameters', 400);
|
throw new RequestException('Bad Request: Missing required parameters', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$operatorUuid = $matches[1];
|
||||||
|
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
||||||
if(!Validate::uuid($operatorUuid))
|
if(!Validate::uuid($operatorUuid))
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
||||||
|
|
|
||||||
|
|
@ -23,13 +23,14 @@
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$operatorUuid = FederationServer::getParameter('uuid');
|
if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})/manage_operators$#', FederationServer::getPath(), $matches))
|
||||||
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
|
||||||
if($operatorUuid === null)
|
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Missing required parameters', 400);
|
throw new RequestException('Bad Request: Missing required parameters', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$operatorUuid = $matches[1];
|
||||||
|
$enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
|
||||||
|
|
||||||
if(!Validate::uuid($operatorUuid))
|
if(!Validate::uuid($operatorUuid))
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
throw new RequestException('Bad Request: Invalid operator UUID', 400);
|
||||||
|
|
|
||||||
|
|
@ -18,11 +18,12 @@
|
||||||
{
|
{
|
||||||
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
|
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
|
||||||
|
|
||||||
$operatorUuid = FederationServer::getParameter('uuid');
|
$operatorUuid = null;
|
||||||
if($operatorUuid !== null)
|
if(preg_match('#^/operators/([a-fA-F0-9\-]{36,})/refresh$#', FederationServer::getPath(), $matches))
|
||||||
{
|
{
|
||||||
// Ensure the authenticated operator has permission to delete operators.
|
$operatorUuid = $matches[1];
|
||||||
if(!$authenticatedOperator->canManageOperators())
|
// Ensure the authenticated operator has permission to refresh other operators' API keys.
|
||||||
|
if($operatorUuid !== $authenticatedOperator->getUuid() && !$authenticatedOperator->canManageOperators())
|
||||||
{
|
{
|
||||||
throw new RequestException('Unauthorized: Insufficient permissions to refresh other operators API keys', 403);
|
throw new RequestException('Unauthorized: Insufficient permissions to refresh other operators API keys', 403);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue