Index: services.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/services/Attic/services.module,v retrieving revision 1.8.2.6 diff -u -r1.8.2.6 services.module --- services.module 2 May 2008 23:59:33 -0000 1.8.2.6 +++ services.module 3 May 2008 00:53:27 -0000 @@ -264,6 +264,13 @@ $session_backup = services_session_load($sessid); } + // Check access + $access_arguments = isset($method['#access arguments']) ? $method['#access arguments'] : $args; + // Call default or custom access callback + if (call_user_func_array($method['#access callback'], $access_arguments) != true) { + return services_error(t('Access denied.')); + } + // Change working directory to drupal root to call drupal function, // then change it back to server module root to handle return. $server_root = getcwd(); @@ -312,6 +319,14 @@ if (!isset($methods[$key]['#auth'])) { $methods[$key]['#auth'] = true; } + + if (!isset($methods[$key]['#access callback'])) { + $methods[$key]['#access callback'] = 'user_access'; + if (!isset($methods[$key]['#access arguments'])) { + $methods[$key]['#access arguments'] = array('access services'); + } + } + if (!isset($methods[$key]['#args'])) { $methods[$key]['#args'] = array(); } Index: services/node_service/node_service.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/services/services/node_service/Attic/node_service.module,v retrieving revision 1.5.2.1 diff -u -r1.5.2.1 node_service.module --- services/node_service/node_service.module 18 Mar 2008 20:57:45 -0000 1.5.2.1 +++ services/node_service/node_service.module 3 May 2008 00:52:03 -0000 @@ -13,6 +13,10 @@ } } +function node_service_perm() { + return array('load raw node data'); +} + /** * Implementation of hook_service() */ @@ -23,6 +27,7 @@ array( '#method' => 'node.load', '#callback' => 'node_service_load', + '#access callback' => 'node_service_load_access', '#args' => array( array( '#name' => 'nid', @@ -40,6 +45,7 @@ array( '#method' => 'node.save', '#callback' => 'node_service_save', + '#access callback' => 'node_service_save_access', '#args' => array( array( '#name' => 'node', @@ -52,6 +58,7 @@ array( '#method' => 'node.delete', '#callback' => 'node_delete', + '#access callback' => 'node_service_delete_access', '#args' => array( array( '#name' => 'nid', @@ -74,6 +81,11 @@ return $node; } +function node_service_load_access($nid) { + $node = node_load($nid); + return node_access('view', $node) && user_access('load raw node data'); +} + function node_service_save($edit) { // validate node @@ -87,3 +99,15 @@ watchdog('content', t('@type: updated %title.', array('@type' => t($node->type), '%title' => $node->title)), WATCHDOG_NOTICE, l(t('view'), 'node/'. $node->nid)); return $node; } + +function node_service_save_access($node) { + if (isset($node['nid'])) { + return node_access('update', $node); + } + return node_access('create', $node['type']); +} + +function node_service_delete_access($nid) { + $node = node_load($nid); + return node_access('delete', $node); +} Index: services/system_service/system_service.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/services/services/system_service/Attic/system_service.module,v retrieving revision 1.3.2.2 diff -u -r1.3.2.2 system_service.module --- services/system_service/system_service.module 30 Mar 2008 01:39:39 -0000 1.3.2.2 +++ services/system_service/system_service.module 3 May 2008 00:52:03 -0000 @@ -13,6 +13,10 @@ } } +function system_service_perm() { + return array('send mail from remote', 'get variable from remote', 'set variable from remote', 'check module exists from remote'); +} + /** * Implementation of hook_service() */ @@ -31,6 +35,7 @@ array( '#method' => 'system.mail', '#callback' => 'system_service_mail', + '#access arguments' => array('send mail from remote'), '#args' => array( array( '#name' => 'mailkey', @@ -72,6 +77,7 @@ array( '#method' => 'system.getVariable', '#callback' => 'system_service_getvariable', + '#access arguments' => array('get variable from remote'), '#args' => array( array( '#name' => 'name', @@ -89,6 +95,7 @@ array( '#method' => 'system.setVariable', '#callback' => 'system_service_setvariable', + '#access arguments' => array('set variable from remote'), '#args' => array( array( '#name' => 'name', @@ -107,6 +114,7 @@ array( '#method' => 'system.moduleExists', '#callback' => 'system_service_module_exists', + '#access arguments' => array('check module exists from remote'), '#args' => array( array( '#name' => 'module', Index: services/views_service/views_service.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/services/services/views_service/Attic/views_service.module,v retrieving revision 1.4.2.1 diff -u -r1.4.2.1 views_service.module --- services/views_service/views_service.module 30 Mar 2008 01:30:48 -0000 1.4.2.1 +++ services/views_service/views_service.module 3 May 2008 00:52:03 -0000 @@ -23,7 +23,6 @@ array( '#method' => 'views.getView', '#callback' => 'views_service_get_view', - '#args' => array('string', 'array', 'array'), '#args' => array( array( '#name' => 'view_name', @@ -46,6 +45,7 @@ array( '#method' => 'views.exportView', '#callback' => 'views_service_export_view', + '#access arguments' => array('administer views'), '#args' => array('string'), '#args' => array( array( @@ -63,6 +63,7 @@ array( '#method' => 'views.importView', '#callback' => 'views_service_import_view', + '#access arguments' => array('administer views'), '#args' => array('string'), '#args' => array( array( @@ -86,6 +87,11 @@ return services_error('View does not exist.'); } + // Check access + if (!views_access($view)) { + return services_error('You do not have access to this view.'); + } + $result = views_build_view('result', $view, $args); while ($node = db_fetch_object($result['result'])) { $nodes[] = services_node_load(node_load(array('nid' => $node->nid)), $fields);