View Full Version : Exposed api functions

24 Feb 2017, 5:24 AM

I have a web application build on Extjs 3.2 and I have tried to find a solution for not exposing the extdirect/api.php. Because it outputs the whole api structure to non-authenticated users. I have tried to put in a Auth check and then reload the api file on login and then get the user privileges to expose the functions in the api for which privileges the user have.

I have a problem reloading the file. As Extjs do not recognize the reload after the login. Where I can see in the console alot of missing api functions calls.

Anyone with similar problem or maybe have an idea for a solution for this?

Gary Schlosberg
24 Feb 2017, 8:31 AM
Are you talking about your server-side PHP scripts?

26 Feb 2017, 11:37 PM
Are you talking about your server-side PHP scripts?

Hello Gary and thank you for your reply. Yes I am talking about extdirect/api.php which are generating the JSON array Ext.app.REMOTING_API.

As default if you access the api.php file directly www.example.com/extdirect/api.php (http://www.example.com/extdirect.api.php) you get all the classes in your appilication even without authentication.


Ext.app.REMOTING_API = {

.... etc.

I have then put in a check in the file to check of the user have logged in and which priviledges the user have. So for example if the user is not logged in, then the user can only see the Authentication class. All this is working great and api.php is outputting the correct classes. But I need to initialize/reload the api file when the user is logged in to get the new JSON array with the specified classes from api.php.

Right now I have only included the api.php in the index file.

<script type="text/javascript" src="extdirect/api.php"></script>

But as my application is not reloading the index file, when logging in, I need a way to reload the api.php output into my application.

30 Mar 2017, 1:36 AM
Any suggestions on how I update the Ext.app.REMOTING_API and create the new DOM elements, so Extjs can find my classes?