search

kukua / concava-api

API for modifying ConCaVa metadata.
http://kukua.github.io/concava-api/
MIT License
1 stars 0 forks source link

Allow access to all metadata #22

Closed mauvm closed 8 years ago

mauvm commented 8 years ago

This can be done by changing the authQuery of the ConCaVa MySQL adapter to:

SELECT users.* FROM users
LEFT JOIN user_tokens ON user_tokens.user_id = users.id
LEFT JOIN user_devices ON user_devices.user_id = users.id
LEFT JOIN devices ON devices.id = user_devices.device_id
WHERE user_tokens.token = :token
AND (devices.udid = :udid OR users.is_admin = 1)
LIMIT 1`

In this way all admin accounts can pass the authentication step of ConCaVa.