summaryrefslogtreecommitdiff
path: root/lib/apiauth.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/apiauth.php')
-rw-r--r--lib/apiauth.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 431f3ac4f..8374c24a7 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -78,12 +78,27 @@ class ApiAuthAction extends ApiAction
$this->checkOAuthRequest();
} else {
$this->checkBasicAuthUser();
+ // By default, all basic auth users have read and write access
+
+ $this->access = self::READ_WRITE;
}
}
return true;
}
+ function handle($args)
+ {
+ parent::handle($args);
+
+ if ($this->isReadOnly($args) == false) {
+ if ($this->access == self::READ_ONLY) {
+ $this->clientError(_('API method requires write access.'), 401);
+ exit();
+ }
+ }
+ }
+
function checkOAuthRequest()
{
common_debug("We have an OAuth request.");
@@ -130,6 +145,10 @@ class ApiAuthAction extends ApiAction
if ($this->oauth_access_type != 0) {
+ // Set the read or read-write access for the api call
+ $this->access = ($appUser->access_type & Oauth_application::$writeAccess)
+ ? self::READ_WRITE : self::READ_ONLY;
+
$this->auth_user = User::staticGet('id', $appUser->profile_id);
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
@@ -220,6 +239,7 @@ class ApiAuthAction extends ApiAction
exit;
}
}
+
return true;
}