3.4.0

2020-07-07 12:40:13 +02:00
parent 5f025ac2c2
commit f79d2e960c
176 changed files with 10532 additions and 5343 deletions
--- a/kirby/config/api/authentication.php
+++ b/kirby/config/api/authentication.php
@@ -3,15 +3,16 @@
 use Kirby\Exception\PermissionException;

 return function () {
-    $auth = $this->kirby()->auth();
+    $auth               = $this->kirby()->auth();
+    $allowImpersonation = $this->kirby()->option('api.allowImpersonation') ?? false;

    // csrf token check
-    if ($auth->type() === 'session' && $auth->csrf() === false) {
+    if ($auth->type($allowImpersonation) === 'session' && $auth->csrf() === false) {
        throw new PermissionException('Unauthenticated');
    }

    // get user from session or basic auth
-    if ($user = $auth->user()) {
+    if ($user = $auth->user(null, $allowImpersonation)) {
        if ($user->role()->permissions()->for('access', 'panel') === false) {
            throw new PermissionException(['key' => 'access.panel']);
        }
--- a/kirby/config/api/models/System.php
+++ b/kirby/config/api/models/System.php
@@ -71,7 +71,13 @@ return [
            return $this->user();
        },
        'version' => function () {
-            return $this->kirby()->version();
+            $user = $this->user();
+
+            if ($user && $user->role()->permissions()->for('access', 'settings') === true) {
+                return $this->kirby()->version();
+            } else {
+                return null;
+            }
        }
    ],
    'type'   => 'Kirby\Cms\System',
--- a/kirby/config/api/models/User.php
+++ b/kirby/config/api/models/User.php
@@ -50,6 +50,9 @@ return [
        'role' => function (User $user) {
            return $user->role();
        },
+        'roles' => function (User $user) {
+            return $user->roles();
+        },
        'username' => function (User $user) {
            return $user->username();
        }
--- a/kirby/config/api/routes/files.php
+++ b/kirby/config/api/routes/files.php
@@ -103,5 +103,21 @@ return [
            return $this->file($path, $filename)->changeName($this->requestBody('name'));
        }
    ],
+    [
+        'pattern' => 'files/search',
+        'method'  => 'GET|POST',
+        'action'  => function () {
+            $files = $this
+                ->site()
+                ->index(true)
+                ->filterBy('isReadable', true)
+                ->files();

+            if ($this->requestMethod() === 'GET') {
+                return $files->search($this->requestQuery('q'));
+            } else {
+                return $files->query($this->requestBody());
+            }
+        }
+    ],
 ];
--- a/kirby/config/api/routes/users.php
+++ b/kirby/config/api/routes/users.php
@@ -119,6 +119,12 @@ return [
            return $this->user($id)->changeRole($this->requestBody('role'));
        }
    ],
+    [
+        'pattern' => 'users/(:any)/roles',
+        'action'  => function (string $id) {
+            return $this->user($id)->roles();
+        }
+    ],
    [
        'pattern' => 'users/(:any)/sections/(:any)',
        'method'  => 'GET',