[open-ils-commits] r11584 - trunk/Open-ILS/src/c-apps
svn at svn.open-ils.org
svn at svn.open-ils.org
Mon Dec 15 16:27:29 EST 2008
Author: miker
Date: 2008-12-15 16:27:24 -0500 (Mon, 15 Dec 2008)
New Revision: 11584
Modified:
trunk/Open-ILS/src/c-apps/oils_cstore.c
Log:
align api with Permacrud.pm; protect transaction and savepoint methods (require a valid auth token, at least ... for now)
Modified: trunk/Open-ILS/src/c-apps/oils_cstore.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_cstore.c 2008-12-15 20:53:16 UTC (rev 11583)
+++ trunk/Open-ILS/src/c-apps/oils_cstore.c 2008-12-15 21:27:24 UTC (rev 11584)
@@ -74,6 +74,7 @@
static char* getSourceDefinition( osrfHash* );
#ifdef PCRUD
+static jsonObject* verifyUserPCRUD( osrfMethodContext* );
static int verifyObjectPCRUD( osrfMethodContext*, const jsonObject* );
#endif
@@ -221,16 +222,20 @@
method_meta = osrfNewHash();
osrfHashSet(method_meta, idlClass, "class");
+ method_name = buffer_init(64);
+#ifdef PCRUD
+ buffer_fadd(method_name, "%s.%s.%s", MODULENAME, method_type, classname);
+#else
_fm = strdup( (char*)osrfHashGet(idlClass, "fieldmapper") );
part = strtok_r(_fm, ":", &st_tmp);
- method_name = buffer_init(64);
buffer_fadd(method_name, "%s.direct.%s", MODULENAME, part);
while ((part = strtok_r(NULL, ":", &st_tmp))) {
buffer_fadd(method_name, ".%s", part);
}
buffer_fadd(method_name, ".%s", method_type);
+#endif
char* method = buffer_release(method_name);
free(_fm);
@@ -461,6 +466,15 @@
int beginTransaction ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+#ifdef PRCRUD
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
dbi_result result = dbi_conn_query(writehandle, "START TRANSACTION;");
if (!result) {
osrfLogError(OSRF_LOG_MARK, "%s: Error starting transaction", MODULENAME );
@@ -486,6 +500,17 @@
int setSavepoint ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+ int spNamePos = 0;
+#ifdef PRCRUD
+ spNamePos = 1;
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
if (!osrfHashGet( (osrfHash*)ctx->session->userData, "xact_id" )) {
osrfAppSessionStatus(
ctx->session,
@@ -497,7 +522,7 @@
return -1;
}
- char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, 0));
+ char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, spNamePos));
dbi_result result = dbi_conn_queryf(writehandle, "SAVEPOINT \"%s\";", spName);
if (!result) {
@@ -523,6 +548,17 @@
int releaseSavepoint ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+ int spNamePos = 0;
+#ifdef PRCRUD
+ spNamePos = 1;
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
if (!osrfHashGet( (osrfHash*)ctx->session->userData, "xact_id" )) {
osrfAppSessionStatus(
ctx->session,
@@ -534,7 +570,7 @@
return -1;
}
- char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, 0));
+ char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, spNamePos));
dbi_result result = dbi_conn_queryf(writehandle, "RELEASE SAVEPOINT \"%s\";", spName);
if (!result) {
@@ -560,6 +596,17 @@
int rollbackSavepoint ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+ int spNamePos = 0;
+#ifdef PRCRUD
+ spNamePos = 1;
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
if (!osrfHashGet( (osrfHash*)ctx->session->userData, "xact_id" )) {
osrfAppSessionStatus(
ctx->session,
@@ -571,7 +618,7 @@
return -1;
}
- char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, 0));
+ char* spName = jsonObjectToSimpleString(jsonObjectGetIndex(ctx->params, spNamePos));
dbi_result result = dbi_conn_queryf(writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName);
if (!result) {
@@ -597,6 +644,15 @@
int commitTransaction ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+#ifdef PRCRUD
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
if (!osrfHashGet( (osrfHash*)ctx->session->userData, "xact_id" )) {
osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR, "osrfMethodException", ctx->request, "No active transaction to commit" );
return -1;
@@ -619,6 +675,15 @@
int rollbackTransaction ( osrfMethodContext* ctx ) {
OSRF_METHOD_VERIFY_CONTEXT(ctx);
+#ifdef PRCRUD
+ jsonObject* user = verifyUserPCRUD( ctx );
+ if (!user) {
+ jsonObjectFree(user);
+ return -1;
+ }
+ jsonObjectFree(user);
+#endif
+
if (!osrfHashGet( (osrfHash*)ctx->session->userData, "xact_id" )) {
osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR, "osrfMethodException", ctx->request, "No active transaction to roll back" );
return -1;
@@ -778,6 +843,36 @@
}
#ifdef PCRUD
+
+static jsonObject* verifyUserPCRUD( osrfMethodContext* ctx ) {
+ char* auth = jsonObjectToSimpleString( jsonObjectGetIndex( ctx->params, 0 ) );
+ jsonObject* auth_object = jsonNewObject(auth);
+ jsonObject* user = oilsUtilsQuickReq("open-ils.auth","open-ils.auth.session.retrieve", auth_object);
+ jsonObjectFree(auth_object);
+
+ if (!user->classname || strcmp(user->classname, "au")) {
+
+ growing_buffer* msg = buffer_init(128);
+ buffer_fadd(
+ msg,
+ "%s: permacrud received a bad auth token: %s",
+ MODULENAME,
+ auth
+ );
+
+ char* m = buffer_release(msg);
+ osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException", ctx->request, m );
+
+ free(m);
+ free(auth);
+
+ return jsonNULL;
+ }
+
+ return user;
+
+}
+
static int verifyObjectPCRUD ( osrfMethodContext* ctx, const jsonObject* obj ) {
dbhandle = writehandle;
@@ -814,31 +909,9 @@
return 0;
}
- //XXX turn this into a user id
- char* auth = jsonObjectToSimpleString( jsonObjectGetIndex( ctx->params, 0 ) );
- jsonObject* auth_object = jsonNewObject(auth);
- jsonObject* user = oilsUtilsQuickReq("open-ils.auth","open-ils.auth.session.retrieve", auth_object);
- jsonObjectFree(auth_object);
+ jsonObject user = verifyUserPCRUD( ctx );
+ if (!user) return 0;
- if (!user->classname || strcmp(user->classname, "au")) {
-
- growing_buffer* msg = buffer_init(128);
- buffer_fadd(
- msg,
- "%s: permacrud received a bad auth token: %s",
- MODULENAME,
- auth
- );
-
- char* m = buffer_release(msg);
- osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException", ctx->request, m );
-
- free(m);
- free(auth);
-
- return 0;
- }
-
int userid = atoi( oilsFMGetString( user, "id" ) );
osrfLogDebug( OSRF_LOG_MARK, "permacrud checking user %d (auth token: %s)", userid, auth );
More information about the open-ils-commits
mailing list