Twitter-compatible API - checks for is_readonly() now work!

darcs-hash:20081024213745-462f3-7c26611e7f75265affafd471c3d66e02ec7e686e.gz

1 files changed, 30 insertions, 23 deletions

diff --git a/actions/api.php b/actions/api.php
index ea4553543..4cdda5ff6 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -10,11 +10,11 @@
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
  * GNU Affero General Public License for more details.
  *
  * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ * along with this program.	 If not, see <http://www.gnu.org/licenses/>.
  */
 
 if (!defined('LACONICA')) { exit(1); }
@@ -40,7 +40,7 @@ class ApiAction extends Action {
 			$this->api_method = $method;
 			$this->content_type = strtolower($cmdext[1]);
 		} else {
-			
+
 			# Requested format / content-type will be an extension on the method
 			$cmdext = explode('.', $method);
 			$this->api_method = $cmdext[0];
@@ -72,13 +72,13 @@ class ApiAction extends Action {
 
 			# Caller might give us a username even if not required
 			if (isset($_SERVER['PHP_AUTH_USER'])) {
-				$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);	
+				$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
 				if ($user) {
 					$this->user = $user;
 				}
 				# Twitter doesn't throw an error if the user isn't found
 			}
-			
+
 			$this->process_command();
 		}
 	}
@@ -109,7 +109,7 @@ class ApiAction extends Action {
 
 	# Whitelist of API methods that don't need authentication
 	function requires_auth() {
-		static $noauth = array(	'statuses/public_timeline',
+		static $noauth = array( 'statuses/public_timeline',
 								'statuses/show',
 								'users/show',
 								'help/test',
@@ -138,10 +138,10 @@ class ApiAction extends Action {
 		}
 	}
 
-	function show_basic_auth_error() {	
-	  	header('HTTP/1.1 401 Unauthorized');
-	   	$msg = 'Could not authenticate you.';
-	
+	function show_basic_auth_error() {
+		header('HTTP/1.1 401 Unauthorized');
+		$msg = 'Could not authenticate you.';
+
 		if ($this->content_type == 'xml') {
 			header('Content-Type: application/xml; charset=utf-8');
 			common_start_xml();
@@ -151,7 +151,7 @@ class ApiAction extends Action {
 			common_element_end('hash');
 			common_end_xml();
 		} else if ($this->content_type == 'json')  {
-			header('Content-Type: application/json; charset=utf-8');			
+			header('Content-Type: application/json; charset=utf-8');
 			$error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']);
 			print(json_encode($error_array));
 		} else {
@@ -165,20 +165,27 @@ class ApiAction extends Action {
 		$apiaction = $_REQUEST['apiaction'];
 		$method = $_REQUEST['method'];
 		list($cmdtext, $fmt) = explode('.', $method);
-		
-		# FIXME: probably need a table here, instead of this switch
-		
-		switch ($apiaction) {
-		 case 'statuses':
-			switch ($cmdtext) {
-			 case 'update':
-			 case 'destroy':
-				return false;
-			 default:
+
+		static $write_methods = array(
+			'account' => array('update_location', 'update_delivery_device', 'end_session'),
+			'blocks' => array('create', 'destroy'),
+			'direct_messages' => array('create', 'destroy'),
+			'favorites' => array('create', 'destroy'),
+			'friendships' => array('create', 'destroy'),
+			'help' => array(),
+			'notifications' => array('follow', 'leave'),
+			'statuses' => array('update', 'destroy'),
+			'users' => array()
+		);
+
+		if (array_key_exists($apiaction, $write_methods)) {
+			common_debug("checking method");
+			if (!in_array($cmdtext, $write_methods[$apiaction])) {
 				return true;
 			}
-		 default: 
-			return false;
 		}
+
+		return false;
 	}
+
 }