Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-19 07:10:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Issue 11101: Fix API authentification

Browse source
This commit is contained in:
Michael 2021-12-17 07:04:52 +00:00
parent 0165811f09
commit 0a3026abce
2 changed files with 19 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/Module/BaseApi.php
View file

@ -79,19 +79,21 @@ class BaseApi extends BaseModule
*
* @throws HTTPException\ForbiddenException
*/
public function run(array $request = []): ResponseInterface
public function run(array $request = [], bool $scopecheck = true): ResponseInterface
{
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
case Router::DELETE:
case Router::PATCH:
case Router::POST:
case Router::PUT:
self::checkAllowedScope(self::SCOPE_WRITE);
if (!self::getCurrentUserID()) {
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
}
break;
if ($scopecheck) {
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
case Router::DELETE:
case Router::PATCH:
case Router::POST:
case Router::PUT:
self::checkAllowedScope(self::SCOPE_WRITE);
if (!self::getCurrentUserID()) {
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
}
break;
}
}
return parent::run($request);