29 lines
600 B
PHP
29 lines
600 B
PHP
<?php
|
|
|
|
class Auth
|
|
{
|
|
public static function hasPermission(string $required)
|
|
{
|
|
$db = Database::getInstance();
|
|
|
|
if (!isset($_SERVER["HTTP_TOKEN"])) return false;
|
|
$token = $_SERVER["HTTP_TOKEN"];
|
|
|
|
$query =
|
|
"SELECT
|
|
UserPermissions.Permission
|
|
FROM
|
|
UserPermissions, Users
|
|
WHERE
|
|
Users.ID = UserPermissions.fkUserID AND
|
|
Users.Token = :TOKEN";
|
|
|
|
$stmt = $db->prepare($query);
|
|
$stmt->bindValue(":TOKEN", $token);
|
|
$stmt->execute();
|
|
$perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
|
|
|
|
return in_array($required, $perms);
|
|
}
|
|
}
|