protected function EntityShareServerRestAbstract::isRequestAllowed in Entity Share 7
Security control.
To allow the call, you have to authorize the ip of the calling server in the "entity_share_server_allowed_ips" variable.
Return value
bool TRUE if the request can be performed, FALSE otherwise.
1 call to EntityShareServerRestAbstract::isRequestAllowed()
- EntityShareServerRestAbstract::handle in modules/
entity_share_server/ includes/ entity_share_server.rest.abstract.inc - Handle the server.
File
- modules/
entity_share_server/ includes/ entity_share_server.rest.abstract.inc, line 397 - Class for handling Entity Share Rest Server request.
Class
- EntityShareServerRestAbstract
- Abstract Class to manage the EntityShare Rest server.
Code
protected function isRequestAllowed() {
// IP address allowed.
$allowed_ips = variable_get(self::IP_RESTRICTED_VARIABLE, array());
if (!in_array(ip_address(), $allowed_ips)) {
watchdog(self::WATCHDOG_TYPE, 'The IP %ip is not allowed', array(
'%ip' => ip_address(),
), WATCHDOG_ERROR);
return FALSE;
}
// Do not check user if we are in the login step.
if ($this
->getParam('type') != 'login') {
// User connected and have the correct permissions.
if (!(user_is_logged_in() && user_access('access entityshare server'))) {
watchdog(self::WATCHDOG_TYPE, 'The user is not allowed', array(), WATCHDOG_ERROR);
return FALSE;
}
}
return TRUE;
}