function _invoice_api_check_allowed_templates in Invoice 7

Checks if the authenticated username has access to the defined template name

2 calls to _invoice_api_check_allowed_templates()

_invoice_api_invoice_post in ./invoice_api.inc

Handles POST request

_invoice_api_invoice_put in ./invoice_api.inc

Handles PUT request

File

./invoice_api.inc, line 153

Code

function _invoice_api_check_allowed_templates() {
  $templateAllowed = false;
  $data = _invoice_api_get_request_data();
  if (!isset($data['template']) || '' == trim($data['template'])) {
    _invoice_api_http_response_code(400);
    echo json_encode(array(
      'code' => 400,
      'message' => 'Template is required',
    ));
    exit;
  }
  if (variable_get('invoice_api_root_username') == $GLOBALS['user']->name) {
    $templateAllowed = true;
  }
  if (true !== $templateAllowed) {
    $templates = _invoice_get_templates();
    foreach ($templates as $template) {
      $username = _invoice_get_variable($template, 'api_username', '');
      if ('' != trim($username) && $username == $GLOBALS['user']->name && strtolower($template) == strtolower($data['template'])) {
        $templateAllowed = true;
        break;
      }
    }
  }
  if (true !== $templateAllowed) {
    _invoice_api_http_response_code(403);
    echo json_encode(array(
      'code' => 403,
      'message' => 'Permission denied for this template',
    ));
    exit;
  }
}