work in progress issue 12

proxy/config.php

@@ -74,12 +74,12 @@ $file_cache_include = array(
 /****************************************************************
  **                   REST API OPTIONS                         **
  ****************************************************************/
-// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a default for the generic stuff that applies to all IP addresses
-// - if a request comes in and the IP does not occur in the array, the whitelisted in 'default' are used
-// - if a request comes in and the Ip does occur in the array, the whitelisted in the IP are checked first. If nothing is
-//   found ,the 'default' ones are checked next.
+// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses
+// - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used
+// - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is
+//   found ,the 'all' ones are checked next.
 $rest_allowed_actions = array(
-  'default' => array(
+  'all' => array(
     'Contact' => array(
       'getsingle' => array(
         'email' => 'string',

proxy/proxy.php

@@ -268,10 +268,10 @@ function civiproxy_get_valid_allowed_actions_key($action) {
     if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
       $valid_key = $remote_addr;
     } else {
-      $valid_key = 'default';
+      $valid_key = 'all';
     }
   } else {
-    $valid_key = 'default';
+    $valid_key = 'all';
   }
   return $valid_key;
 }

proxy/rest.php

@@ -47,13 +47,23 @@ if (!isset($action['version']) || $action['version'] != 3) {
   civiproxy_rest_error("Invalid entity/action.");
 }
 
-// get valid key for the rest_allowed_actions
-$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action);
+// in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,
+// the previous test is still used when no 'all' key is found in the array
+if (isset($relst_allowed_actions['all'] {
+	// get valid key for the rest_allowed_actions
+	$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action);
 
-if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
+	if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
 		$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
-} else {
+	} else {
 		civiproxy_rest_error("Invalid entity/action.");
+	}
+} else {
+	if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
+		$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
+	} else {
+		civiproxy_rest_error("Invalid entity/action.");
+	}
 }	
 
 // extract parameters and add credentials and action data