summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2009-11-04 22:09:46 -0800
committerZach Copley <zach@status.net>2009-11-04 22:09:46 -0800
commit3252f6ec1b0e97fe2db8b40b8236a7652f87a47e (patch)
treee1944cd2a909acb9938343482efdebc2b43ceb3d /lib
parent2149168d2995da0b89ee9eb6875d3899e04c783b (diff)
parent1ef1f59fe8ec8c3fd012838cfe0d20051287c2d6 (diff)
Merge branch 'fix-private-auth' into 0.9.x
* fix-private-auth: Fix for Ticket #1957 - API methods are not accessible when site is private (0.8->0.9 regression) Allow all API calls, even if the site is configured as private. The
Diffstat (limited to 'lib')
-rw-r--r--lib/apiauth.php1
-rw-r--r--lib/apibareauth.php2
-rw-r--r--lib/apiprivateauth.php82
3 files changed, 85 insertions, 0 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 2f2e44a26..2a3377013 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -66,6 +66,7 @@ class ApiAuthAction extends ApiAction
function prepare($args)
{
+ common_debug('ApiAction::prepare()');
parent::prepare($args);
if ($this->requiresAuth()) {
diff --git a/lib/apibareauth.php b/lib/apibareauth.php
index 2d29c1ddd..a127a5bf3 100644
--- a/lib/apibareauth.php
+++ b/lib/apibareauth.php
@@ -74,6 +74,8 @@ class ApiBareAuthAction extends ApiAuthAction
function prepare($args)
{
+ common_debug("ApiBareAuthAction::prepare()");
+
parent::prepare($args);
return true;
}
diff --git a/lib/apiprivateauth.php b/lib/apiprivateauth.php
new file mode 100644
index 000000000..5d0033005
--- /dev/null
+++ b/lib/apiprivateauth.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Base class for API actions that only require auth when a site
+ * is configured to be private
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category API
+ * @package StatusNet
+ * @author Adrian Lang <mail@adrianlang.de>
+ * @author Brenda Wallace <shiny@cpan.org>
+ * @author Craig Andrews <candrews@integralblue.com>
+ * @author Dan Moore <dan@moore.cx>
+ * @author Evan Prodromou <evan@status.net>
+ * @author mEDI <medi@milaro.net>
+ * @author Sarven Capadisli <csarven@status.net>
+ * @author Zach Copley <zach@status.net>
+ * @copyright 2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+if (!defined('STATUSNET')) {
+ exit(1);
+}
+
+require_once INSTALLDIR.'/lib/apiauth.php';
+
+/**
+ * Actions extending this class will require auth only if a site is private
+ *
+ * @category API
+ * @package StatusNet
+ * @author Adrian Lang <mail@adrianlang.de>
+ * @author Brenda Wallace <shiny@cpan.org>
+ * @author Craig Andrews <candrews@integralblue.com>
+ * @author Dan Moore <dan@moore.cx>
+ * @author Evan Prodromou <evan@status.net>
+ * @author mEDI <medi@milaro.net>
+ * @author Sarven Capadisli <csarven@status.net>
+ * @author Zach Copley <zach@status.net>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+class ApiPrivateAuthAction extends ApiAuthAction
+{
+
+ /**
+ * Does this API resource require authentication?
+ *
+ * @return boolean true or false
+ */
+
+ function requiresAuth()
+ {
+ // If the site is "private", all API methods except statusnet/config
+ // need authentication
+
+ if (common_config('site', 'private')) {
+ return true;
+ }
+
+ return false;
+ }
+
+}