Skip to content

Commit

Permalink
Fix: all API endpoints for /datafiles fail with the error message 'ac…
Browse files Browse the repository at this point in the history 
…cess-denied'
  • Loading branch information
@mah0001
mah0001 committed Dec 18, 2024
1 parent aa5ad36 commit 721a909
Showing 1 changed file with 11 additions and 13 deletions.
24 changes: 11 additions & 13 deletions application/controllers/api/Datafiles.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ public function __construct()

$this->load->library("Editor_acl");
$this->is_authenticated_or_die();
$this->api_user=$this->api_user();
}

//override authentication to support both session authentication + api keys
Expand Down Expand Up @@ -44,8 +45,7 @@ function index_get($id=null, $file_id=null)
return;
}


$this->editor_acl->user_has_project_access($id,$permission='view');
$this->editor_acl->user_has_project_access($id,$permission='view', $this->api_user);

$user_id=$this->get_api_user_id();
$survey_datafiles=$this->Editor_datafile_model->select_all($id,true);
Expand All @@ -70,7 +70,7 @@ function file_get($sid=null,$file_id=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='view');
$this->editor_acl->user_has_project_access($sid,$permission='view', $this->api_user);

$user_id=$this->get_api_user_id();
$survey_datafiles=$this->Editor_datafile_model->data_file_by_id($sid,$file_id);
Expand Down Expand Up @@ -100,7 +100,7 @@ function index_post($sid=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit',$this->api_user);

$options=$this->raw_json_input();
$user_id=$this->get_api_user_id();
Expand Down Expand Up @@ -183,7 +183,7 @@ function sequence_post($sid=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit', $this->api_user);

$options=$this->raw_json_input();
$user_id=$this->get_api_user_id();
Expand All @@ -200,8 +200,6 @@ function sequence_post($sid=null)
for($i=0;$i<count($options);$i++){
$row=$options[$i];

//var_dump($row);

if (!isset($row['id'])){
throw new Exception("Required field is missing: id");
}
Expand Down Expand Up @@ -252,7 +250,7 @@ function delete_post($sid=null,$file_id=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit',$this->api_user);
//$this->Editor_datafile_model->cleanup($sid,$file_id);
$this->Editor_datafile_model->delete_physical_file($sid,$file_id);
$this->Editor_datafile_model->delete($sid,$file_id);
Expand Down Expand Up @@ -284,7 +282,7 @@ function download_get($sid=null,$fid=null,$type=null)
$this->load->helper("download");
$valid_types=array('original','csv');

$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit', $this->api_user);
$files=$this->Editor_datafile_model->get_files_info($sid,$fid);

if (!$type || !in_array($type,$valid_types)){
Expand Down Expand Up @@ -334,7 +332,7 @@ function download_tmp_file_get($sid=null,$fid=null,$type=null)
throw new Exception("Invalid file type");
}

$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit',$this->api_user);
$tmp_file_info=$this->Editor_datafile_model->get_tmp_file_info($sid,$fid,$type);

if (file_exists($tmp_file_info['filepath'])){
Expand Down Expand Up @@ -363,7 +361,7 @@ function by_name_get($sid=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='view');
$this->editor_acl->user_has_project_access($sid,$permission='view', $this->api_user);
$filename=$this->input->get("filename");

if(!$filename){
Expand Down Expand Up @@ -403,7 +401,7 @@ function generate_fid_get($sid=null)
{
try{
$sid=$this->get_sid($sid);
$this->editor_acl->user_has_project_access($sid,$permission='view');
$this->editor_acl->user_has_project_access($sid,$permission='view',$this->api_user);

$user_id=$this->get_api_user_id();
$file_id=$this->Editor_model->data_file_generate_fileid($sid);
Expand Down Expand Up @@ -438,7 +436,7 @@ function cleanup_post($sid=null, $file_id=null)
$sid=$this->get_sid($sid);
$user_id=$this->get_api_user_id();

$this->editor_acl->user_has_project_access($sid,$permission='edit');
$this->editor_acl->user_has_project_access($sid,$permission='edit', $this->api_user);
$result=$this->Editor_datafile_model->cleanup($sid, $file_id);

$response=array(
Expand Down

0 comments on commit 721a909

Please sign in to comment.