diff options
Diffstat (limited to 'actions/api.php')
| -rw-r--r-- | actions/api.php | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/actions/api.php b/actions/api.php index 21fe4eea3..8762b4bcd 100644 --- a/actions/api.php +++ b/actions/api.php @@ -127,18 +127,21 @@ class ApiAction extends Action 'laconica/wadl'); static $bareauth = array('statuses/user_timeline', + 'statuses/friends_timeline', 'statuses/friends', + 'statuses/replies', + 'statuses/mentions', 'statuses/followers', 'favorites/favorites'); - # If the site is "private", all API methods need authentication + $fullname = "$this->api_action/$this->api_method"; + // If the site is "private", all API methods except laconica/config + // need authentication if (common_config('site', 'private')) { - return true; + return $fullname != 'laconica/config' || false; } - $fullname = "$this->api_action/$this->api_method"; - if (in_array($fullname, $bareauth)) { # bareauth: only needs auth if without an argument if ($this->api_arg) { @@ -178,11 +181,11 @@ class ApiAction extends Action } } - function isReadOnly() + function isReadOnly($args) { - # NOTE: before handle(), can't use $this->arg - $apiaction = $_REQUEST['apiaction']; - $method = $_REQUEST['method']; + $apiaction = $args['apiaction']; + $method = $args['method']; + list($cmdtext, $fmt) = explode('.', $method); static $write_methods = array( @@ -205,5 +208,4 @@ class ApiAction extends Action return false; } - } |