summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-14 02:38:01 +0000
committerZach Copley <zach@status.net>2010-01-14 02:41:11 +0000
commit33df3922895e61e4e347a19acba67983ed1c4c23 (patch)
tree7d949245c1c5f5e6fb0bb546dea635c3b2eb3bcc
parentc28c511438389ee160d29f29c0780dd50c81e9d5 (diff)
- Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
-rw-r--r--actions/apiaccountverifycredentials.php14
-rw-r--r--actions/apistatusesupdate.php5
-rw-r--r--lib/apiauth.php14
3 files changed, 24 insertions, 9 deletions
diff --git a/actions/apiaccountverifycredentials.php b/actions/apiaccountverifycredentials.php
index 08b201dbf..1095d5162 100644
--- a/actions/apiaccountverifycredentials.php
+++ b/actions/apiaccountverifycredentials.php
@@ -82,4 +82,18 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction
}
+ /**
+ * Is this action read only?
+ *
+ * @param array $args other arguments
+ *
+ * @return boolean true
+ *
+ **/
+
+ function isReadOnly($args)
+ {
+ return true;
+ }
+
}
diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php
index f594bbf39..f8bf7cf87 100644
--- a/actions/apistatusesupdate.php
+++ b/actions/apistatusesupdate.php
@@ -85,6 +85,11 @@ class ApiStatusesUpdateAction extends ApiAuthAction
$this->lat = $this->trimmed('lat');
$this->lon = $this->trimmed('long');
+ // try to set the source attr from OAuth app
+ if (empty($this->source)) {
+ $this->source = $this->oauth_source;
+ }
+
if (empty($this->source) || in_array($this->source, self::$reserved_sources)) {
$this->source = 'api';
}
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 8374c24a7..691db584b 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction
{
var $access_token;
var $oauth_access_type;
+ var $oauth_source;
/**
* Take arguments for running, and output basic auth header if needed
@@ -90,13 +91,6 @@ class ApiAuthAction extends ApiAction
function handle($args)
{
parent::handle($args);
-
- if ($this->isReadOnly($args) == false) {
- if ($this->access == self::READ_ONLY) {
- $this->clientError(_('API method requires write access.'), 401);
- exit();
- }
- }
}
function checkOAuthRequest()
@@ -116,8 +110,6 @@ class ApiAuthAction extends ApiAction
$req = OAuthRequest::from_request();
$server->verify_request($req);
- common_debug("Good OAuth request!");
-
$app = Oauth_application::getByConsumerKey($this->consumer_key);
if (empty($app)) {
@@ -129,6 +121,10 @@ class ApiAuthAction extends ApiAction
throw new OAuthException('No application for that consumer key.');
}
+ // set the source attr
+
+ $this->oauth_source = $app->name;
+
$appUser = Oauth_application_user::staticGet('token',
$this->access_token);