From 3a216db45c510f2601fcdb3b879e2e20dce63dd5 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.org.ru>
Date: Wed, 16 Dec 2009 14:36:59 +0300
Subject: [PATCH] add per-user option to enable access to API

---
 api/index.php                 | 7 +++----
 localized_schema.php          | 1 +
 sanity_check.php              | 2 +-
 schema/ttrss_schema_mysql.sql | 4 +++-
 schema/ttrss_schema_pgsql.sql | 4 +++-
 schema/versions/mysql/58.sql  | 7 +++++++
 schema/versions/pgsql/58.sql  | 7 +++++++
 7 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 schema/versions/mysql/58.sql
 create mode 100644 schema/versions/pgsql/58.sql

diff --git a/api/index.php b/api/index.php
index ff8c70f58..90ca5405c 100644
--- a/api/index.php
+++ b/api/index.php
@@ -44,11 +44,10 @@
 		return;
 	}
 
-/*	TODO: add pref key to disable/enable API
-	if ($_SESSION["uid"] && !get_pref($link, 'API_ENABLED')) {
+	if ($_SESSION["uid"] && $op != "logout" && !get_pref($link, 'ENABLE_API_ACCESS')) {
 		print json_encode(array("error" => 'API_DISABLED'));
 		return;
-	} */
+	} 
 
 	switch ($op) {
 		case "getVersion":
@@ -62,7 +61,7 @@
 			if (authenticate_user($link, $login, $password)) {
 				print json_encode(array("uid" => $_SESSION["uid"]));
 			} else {
-				print json_encode(array("uid" => 0));
+				print json_encode(array("error" => "LOGIN_ERROR"));
 			}
 
 			break;
diff --git a/localized_schema.php b/localized_schema.php
index 35fb6dc0c..8d827d1dc 100644
--- a/localized_schema.php
+++ b/localized_schema.php
@@ -81,5 +81,6 @@
 	__("Enable inline MP3 player");
 	__("Enable the Flash-based XSPF Player to play MP3-format podcast enclosures.");
 	__("Do not show images in articles");
+	__("Enable external API");
 
 ?>
diff --git a/sanity_check.php b/sanity_check.php
index 600f8d9f4..55df98141 100644
--- a/sanity_check.php
+++ b/sanity_check.php
@@ -2,7 +2,7 @@
 	require_once "functions.php";
 
 	define('EXPECTED_CONFIG_VERSION', 18);
-	define('SCHEMA_VERSION', 57);
+	define('SCHEMA_VERSION', 58);
 
 	if (!file_exists("config.php")) {
 		print "<b>Fatal Error</b>: You forgot to copy 
diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql
index d3c8b5f15..04c601fae 100644
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -226,7 +226,7 @@ create table ttrss_tags (id integer primary key auto_increment,
 
 create table ttrss_version (schema_version int not null) TYPE=InnoDB;
 
-insert into ttrss_version values (57);
+insert into ttrss_version values (58);
 
 create table ttrss_enclosures (id serial not null primary key,
 	content_url text not null,
@@ -359,6 +359,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('ENABLE_OFFLINE_READING', 1, 'false', 'Enable offline reading',1,	'Synchronize new articles for offline reading using Google Gears.');
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3);
+
 create table ttrss_user_prefs (
    owner_uid integer not null,
    pref_name varchar(250),
diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql
index 61ffcb10a..b2458d4ba 100644
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -202,7 +202,7 @@ create index ttrss_tags_owner_uid_index on ttrss_tags(owner_uid);
 
 create table ttrss_version (schema_version int not null);
 
-insert into ttrss_version values (57);
+insert into ttrss_version values (58);
 
 create table ttrss_enclosures (id serial not null primary key,
 	content_url text not null,
@@ -329,6 +329,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) valu
 
 insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('ENABLE_OFFLINE_READING', 1, 'false', 'Enable offline reading',1,	'Synchronize new articles for offline reading using Google Gears.');
 
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3);
+
 create table ttrss_user_prefs (
 	owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,
 	pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE,
diff --git a/schema/versions/mysql/58.sql b/schema/versions/mysql/58.sql
new file mode 100644
index 000000000..61173c1d5
--- /dev/null
+++ b/schema/versions/mysql/58.sql
@@ -0,0 +1,7 @@
+begin;
+
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3);
+
+update ttrss_version set schema_version = 58;
+
+commit;
diff --git a/schema/versions/pgsql/58.sql b/schema/versions/pgsql/58.sql
new file mode 100644
index 000000000..61173c1d5
--- /dev/null
+++ b/schema/versions/pgsql/58.sql
@@ -0,0 +1,7 @@
+begin;
+
+insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('ENABLE_API_ACCESS', 1, 'false', 'Enable external API', 3);
+
+update ttrss_version set schema_version = 58;
+
+commit;
-- 
GitLab