How To Deny Some Api Features

hi i want to deny some api responses.

1-> disable block management

2-> denny admin user creation

how can i do that ? with my_changes addon ?

API honors the Permissions settings for Admin usergroups. So use the API key associated with the user/usergroup you want to restrict.

hi i want to deny some api responses.

1-> disable block management

2-> denny admin user creation

how can i do that ? with my_changes addon ?

Yes, you can use the api_handle_request (app/Tygh/Api.php) hook in the My changes addon to make these changes

can u make me an sample code? i try something but cant succes. please give me advice for deny adding admin user ? or disable PUT POST block content

You can find useful information about hooks here

https://docs.cs-cart.com/4.8.x/developer_guide/core/coding_standards/hooks.html

i know how can i use hooks. i just cant find any usable values on api_handle_request hooks.

Not sure what you mean. The fn_set_hook('api_handle_request', $this, $authorized); in app/Tygh/Api.php uses both thee result from authentication and 'this' (which contains the current request). You should be able to look at 'this' properties and then set 'authorized' appropriately if it needs to be restricted.

Suggest you create your hook and then dump the value of $this by using fn_print_r($this). You can then determine what properties you should use in your specific logic.

I try what u say , anyway i will play more :frowning: if anyone can help me i will be happy

I assumed the following was a statement not a question....

i know how can i use hooks.

If you don't know about hooks and PHP classes, I would suggest you hire one of the developers here on the forum (like me) to do the work for you after you clearly communicate your specific requirements. Click the link in my profile to send me your requirements and I'll be happy to give you a quote.

Mate, i check with print_r all requests. Didnt turn me post variables eg: user_type . Can i tell u now?

Mate, i check with print_r all requests. Didnt turn me post variables eg: user_type . Can i tell u now?

Start from checking the $_SERVER array. Possibly it contains some user identifiers

It's a PHP hook. It will only pass the class pointer and an integer which indicates whether to allow access or not. The $this->request should get you the actual request.

still i am no luck here. anyone can help me ?


i just want to disable blocks all features and adding admin user with api ?

Please contact us to get a quote

If you would like us to help you, please use the link in my signature and provide detailed info on "what" you want to achieve (not "how" you want to achieve it). We'll be happy to give you a reasonable quote and explain "how" we intend to accomplish it.