diff options
| author | brantje <brantje@gmail.com> | 2016-12-23 15:46:43 +0300 |
|---|---|---|
| committer | brantje <brantje@gmail.com> | 2016-12-23 15:46:43 +0300 |
| commit | d589bbda616ed3acd9d629ef690524f1d2de1169 (patch) | |
| tree | a67111de0fa06bf0fae08e03f3206e466b5ef944 /controller | |
| parent | 35000a68145cdc9b88ef8da66fba6b0ebd5e57bc (diff) | |
Make api endpoints available to extensions
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/credentialcontroller.php | 7 | ||||
| -rw-r--r-- | controller/filecontroller.php | 3 | ||||
| -rw-r--r-- | controller/sharecontroller.php | 13 | ||||
| -rw-r--r-- | controller/vaultcontroller.php | 13 |
4 files changed, 35 insertions, 1 deletions
diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index 4a6d0a8f..45a6499a 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -52,6 +52,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function createCredential($changed, $created, $credential_id, $custom_fields, $delete_time, @@ -95,6 +96,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function getCredential($credential_guid) { return new JSONResponse($this->credentialService->getCredentialByGUID($credential_guid, $this->userId)); @@ -102,6 +104,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function updateCredential($changed, $created, $credential_id, $custom_fields, $delete_time, $credential_guid, @@ -234,6 +237,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function deleteCredential($credential_guid) { $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); @@ -252,6 +256,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function getRevision($credential_guid) { try { @@ -280,6 +285,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function deleteRevision($credential_id, $revision_id) { $result = $this->credentialRevisionService->deleteRevision($revision_id, $this->userId); @@ -288,6 +294,7 @@ class CredentialController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function updateRevision($credential_guid, $revision_id, $credential_data){ $revision = null; diff --git a/controller/filecontroller.php b/controller/filecontroller.php index dd118ef9..618133ea 100644 --- a/controller/filecontroller.php +++ b/controller/filecontroller.php @@ -32,6 +32,7 @@ class FileController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function uploadFile($data, $filename, $mimetype, $size) { $file = array( @@ -45,12 +46,14 @@ class FileController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function getFile($file_id) { return new JSONResponse($this->fileService->getFile($file_id, $this->userId)); } /** * @NoAdminRequired + * @NoCSRFRequired */ public function deleteFile($file_id) { return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId)); diff --git a/controller/sharecontroller.php b/controller/sharecontroller.php index 24b92f0a..361d5351 100644 --- a/controller/sharecontroller.php +++ b/controller/sharecontroller.php @@ -84,6 +84,7 @@ class ShareController extends ApiController { * @param $permissions * @param $expire_timestamp * @NoAdminRequired + * @NoCSRFRequired */ public function createPublicShare($item_id, $item_guid, $permissions, $expire_timestamp, $expire_views) { @@ -120,6 +121,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function applyIntermediateShare($item_id, $item_guid, $vaults, $permissions) { /** @@ -190,6 +192,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function searchUsers($search) { $users = array(); @@ -210,6 +213,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function unshareCredential($item_guid) { $acl_list = $this->shareService->getCredentialAclList($item_guid); @@ -261,6 +265,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function search($search) { $user_search = $this->searchUsers($search); @@ -270,6 +275,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function getVaultsByUser($user_id) { $user_vaults = $this->vaultService->getByUser($user_id); @@ -288,6 +294,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function savePendingRequest($item_guid, $target_vault_guid, $final_shared_key) { try { @@ -320,6 +327,7 @@ class ShareController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function getPendingRequests() { try { @@ -341,6 +349,7 @@ class ShareController extends ApiController { * @param $item_guid * @return JSONResponse * @NoAdminRequired + * @NoCSRFRequired */ public function getRevisions($item_guid) { try { @@ -354,6 +363,7 @@ class ShareController extends ApiController { * Obtains the list of credentials shared with this vault * * @NoAdminRequired + * @NoCSRFRequired */ public function getVaultItems($vault_guid) { try { @@ -367,6 +377,7 @@ class ShareController extends ApiController { * @param $share_request_id * @return JSONResponse * @NoAdminRequired + * @NoCSRFRequired */ public function deleteShareRequest($share_request_id) { try { @@ -435,6 +446,7 @@ class ShareController extends ApiController { * @param $item_guid * @return JSONResponse * @NoAdminRequired + * @NoCSRFRequired */ public function getItemAcl($item_guid) { $acl = $this->shareService->getCredentialAclList($item_guid); @@ -484,6 +496,7 @@ class ShareController extends ApiController { * @param $permission * @return JSONResponse * @NoAdminRequired + * @NoCSRFRequired */ public function updateSharedCredentialACL($item_guid, $user_id, $permission) { try { diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php index 9bb3f7f8..40f051c1 100644 --- a/controller/vaultcontroller.php +++ b/controller/vaultcontroller.php @@ -30,7 +30,12 @@ class VaultController extends ApiController { $UserId, VaultService $vaultService, CredentialService $credentialService) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH', + 'Authorization, Content-Type, Accept', + 86400); $this->userId = $UserId; $this->vaultService = $vaultService; $this->credentialService = $credentialService; @@ -38,6 +43,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function listVaults() { $result = array(); @@ -64,6 +70,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function create($vault_name) { $vault = $this->vaultService->createVault($vault_name, $this->userId); @@ -72,6 +79,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function get($vault_guid) { //$vault_guid @@ -107,6 +115,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function update($vault_guid, $name, $vault_settings) { $vault = $this->vaultService->getByGuid($vault_guid, $this->userId); @@ -121,6 +130,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function updateSharingKeys($vault_guid, $private_sharing_key, $public_sharing_key) { $vault = null; @@ -136,6 +146,7 @@ class VaultController extends ApiController { /** * @NoAdminRequired + * @NoCSRFRequired */ public function delete($vault_id) { return; |