Skip to:
Content

bbPress.org

Changeset 1836


Ignore:
Timestamp:
12/09/2008 10:40:10 AM (17 years ago)
Author:
sambauers
Message:

Some small XMLRPC fixes and new user switching functionality. A user making an XMLRPC request with 'edit_user' privileges can now switch to another user before executing an XMLRPC method. Simple specify an array containing two users for the username. The first is the authenticating user, the second the user to be switched to. The second parameter remains the password of the authenticating user. The password of the user being switched to is not passed.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/bb-includes/functions.bb-posts.php

    r1797 r1836  
    243243        return false;
    244244
    245     if ( !defined('XMLRPC_REQUEST') || !XMLRPC_REQUEST )
    246         if ( !$user = bb_get_user( $poster_id ) )
    247             return false;
     245    if ( !$user = bb_get_user( $poster_id ) )
     246        return false;
    248247
    249248    $topic_id = (int) $topic->topic_id;

  • trunk/xmlrpc.php

    r1806 r1836  
    9494     **/
    9595    var $auth_readonly = false;
     96
     97    /**
     98     * Whether user switching is allowed
     99     *
     100     * @since 1.0
     101     * @var boolean
     102     **/
     103    var $allow_user_switching = false;
    96104
    97105    /**
     
    160168        $this->auth_readonly = apply_filters( 'bb_xmlrpc_auth_readonly', $this->auth_readonly );
    161169
     170        // Whether or not to allow user switching
     171        $this->allow_user_switching = bb_get_option( 'bb_xmlrpc_allow_user_switching' );
     172
    162173        $this->initialise_site_option_info();
    163174        $this->methods = apply_filters( 'bb_xmlrpc_methods', $this->methods );
     
    181192    function authenticate( $user_login, $user_pass, $capability = 'read', $message = false )
    182193    {
     194        if ( is_array( $user_login ) ) {
     195            $auth_user_login = (string) $user_login[0];
     196            $switch_user_login = (string) $user_login[1];
     197        } else {
     198            $auth_user_login = (string) $user_login;
     199            $switch_user_login = false;
     200        }
     201       
    183202        // Check the login
    184         $user = bb_check_login( $user_login, $user_pass );
     203        $user = bb_check_login( $auth_user_login, $user_pass );
    185204        if ( !$user || is_wp_error( $user ) ) {
    186205            $this->error = new IXR_Error( 403, __( 'Authentication failed.' ) );
     206            return false;
     207        }
     208
     209        // Set the current user
     210        $user = bb_set_current_user( $user->ID );
     211
     212        // Make sure they are allowed to do this
     213        if ( !bb_current_user_can( $capability ) ) {
     214            if ( !$message ) {
     215                $message = __( 'You do not have permission to read this.' );
     216            }
     217            $this->error = new IXR_Error( 403, $message );
     218            return false;
     219        }
     220
     221        // Switch the user if requested and allowed
     222        if ( $switch_user_login && $this->allow_user_switching && bb_current_user_can( 'edit_users' ) ) {
     223            $user = $this->switch_user( $switch_user_login, $capability, $message );
     224        }
     225
     226        return $user;
     227    }
     228
     229    function switch_user( $user_login, $capability = 'read', $message = false )
     230    {
     231        // Just get the user, authentication has already been established by the
     232        $user = bb_get_user( $user_login );
     233        if ( !$user || is_wp_error( $user ) ) {
     234            $this->error = new IXR_Error( 400, __( 'User switching failed, the requested user does not exist.' ) );
    187235            return false;
    188236        }
     
    380428
    381429        // Get the login credentials
    382         $username = (string) $args[0];
     430        $username = $args[0];
    383431        $password = (string) $args[1];
    384432
     
    419467
    420468        // Get the login credentials
    421         $username = (string) $args[0];
     469        $username = $args[0];
    422470        $password = (string) $args[1];
    423471
     
    498546
    499547        // Get the login credentials
    500         $username = (string) $args[0];
     548        $username = $args[0];
    501549        $password = (string) $args[1];
    502550
     
    542590
    543591        if ( $depth > 0 ) {
    544             // Add the depth to traverse to to the arguments
     592            // Add the depth to traverse to the arguments
    545593            $get_forums_args['depth'] = $depth;
    546594            // Only make it hierarchical if the depth > 1
     
    619667
    620668        // Get the login credentials
    621         $username = (string) $args[0];
     669        $username = $args[0];
    622670        $password = (string) $args[1];
    623671
     
    729777
    730778        // Get the login credentials
    731         $username = (string) $args[0];
     779        $username = $args[0];
    732780        $password = (string) $args[1];
    733781
     
    810858
    811859        // Get the login credentials
    812         $username = (string) $args[0];
     860        $username = $args[0];
    813861        $password = (string) $args[1];
    814862
     
    910958
    911959        // Get the login credentials
    912         $username = (string) $args[0];
     960        $username = $args[0];
    913961        $password = (string) $args[1];
    914962
     
    10441092
    10451093        // Get the login credentials
    1046         $username = (string) $args[0];
     1094        $username = $args[0];
    10471095        $password = (string) $args[1];
    10481096
     
    11521200
    11531201        // Get the login credentials
    1154         $username = (string) $args[0];
     1202        $username = $args[0];
    11551203        $password = (string) $args[1];
    11561204
     
    12561304
    12571305        // Get the login credentials
    1258         $username = (string) $args[0];
     1306        $username = $args[0];
    12591307        $password = (string) $args[1];
    12601308
     
    13601408
    13611409        // Get the login credentials
    1362         $username = (string) $args[0];
     1410        $username = $args[0];
    13631411        $password = (string) $args[1];
    13641412
     
    14481496
    14491497        // Get the login credentials
    1450         $username = (string) $args[0];
     1498        $username = $args[0];
    14511499        $password = (string) $args[1];
    14521500
     
    15861634
    15871635        // Get the login credentials
    1588         $username = (string) $args[0];
     1636        $username = $args[0];
    15891637        $password = (string) $args[1];
    15901638
     
    17131761
    17141762        // Get the login credentials
    1715         $username = (string) $args[0];
     1763        $username = $args[0];
    17161764        $password = (string) $args[1];
    17171765
     
    18001848
    18011849        // Get the login credentials
    1802         $username = (string) $args[0];
     1850        $username = $args[0];
    18031851        $password = (string) $args[1];
    18041852
     
    18991947
    19001948        // Get the login credentials
    1901         $username = (string) $args[0];
     1949        $username = $args[0];
    19021950        $password = (string) $args[1];
    19031951
     
    19992047
    20002048        // Get the login credentials
    2001         $username = (string) $args[0];
     2049        $username = $args[0];
    20022050        $password = (string) $args[1];
    20032051
     
    20972145
    20982146        // Get the login credentials
    2099         $username = (string) $args[0];
     2147        $username = $args[0];
    21002148        $password = (string) $args[1];
    21012149
     
    21892237
    21902238        // Get the login credentials
    2191         $username = (string) $args[0];
     2239        $username = $args[0];
    21922240        $password = (string) $args[1];
    21932241
     
    22812329
    22822330        // Get the login credentials
    2283         $username = (string) $args[0];
     2331        $username = $args[0];
    22842332        $password = (string) $args[1];
    22852333
     
    23592407
    23602408        // Get the login credentials
    2361         $username = (string) $args[0];
     2409        $username = $args[0];
    23622410        $password = (string) $args[1];
    23632411
     
    24692517
    24702518        // Get the login credentials
    2471         $username = (string) $args[0];
     2519        $username = $args[0];
    24722520        $password = (string) $args[1];
    24732521
     
    25692617
    25702618        // Get the login credentials
    2571         $username = (string) $args[0];
     2619        $username = $args[0];
    25722620        $password = (string) $args[1];
    25732621
     
    26592707
    26602708        // Get the login credentials
    2661         $username = (string) $args[0];
     2709        $username = $args[0];
    26622710        $password = (string) $args[1];
    26632711
     
    27342782
    27352783        // Get the login credentials
    2736         $username = (string) $args[0];
     2784        $username = $args[0];
    27372785        $password = (string) $args[1];
    27382786
     
    28162864
    28172865        // Get the login credentials
    2818         $username = (string) $args[0];
     2866        $username = $args[0];
    28192867        $password = (string) $args[1];
    28202868
     
    29392987
    29402988        // Get the login credentials
    2941         $username = (string) $args[0];
     2989        $username = $args[0];
    29422990        $password = (string) $args[1];
    29432991
     
    30573105
    30583106        // Get the login credentials
    3059         $username = (string) $args[0];
     3107        $username = $args[0];
    30603108        $password = (string) $args[1];
    30613109
     
    31463194
    31473195        // Get the login credentials
    3148         $username = (string) $args[0];
     3196        $username = $args[0];
    31493197        $password = (string) $args[1];
    31503198
     
    33323380
    33333381        // Get the login credentials
    3334         $username = (string) $args[0];
     3382        $username = $args[0];
    33353383        $password = (string) $args[1];
    33363384
     
    33973445
    33983446        // Get the login credentials
    3399         $username = (string) $args[0];
     3447        $username = $args[0];
    34003448        $password = (string) $args[1];
    34013449
Note: See TracChangeset for help on using the changeset viewer.