Ticket 1404. Showing the link to the members list page.

[quix0rs-gnu-social.git] / actions / api.php

diff --git a/actions/api.php b/actions/api.php
index 21fe4eea32004868e9a795422fcddb77ceaeaf73..d2f0a2eff0f7a47c1038939970d1fe0fd9a2cd32 100644 (file)
--- a/actions/api.php
+++ b/actions/api.php
@@ -127,18 +127,20 @@ class ApiAction extends Action
                                 'laconica/wadl');
 
         static $bareauth = array('statuses/user_timeline',
+                                 'statuses/friends_timeline',
                                  'statuses/friends',
+                                 'statuses/replies',
                                  'statuses/followers',
                                  'favorites/favorites');
 
-        # If the site is "private", all API methods need authentication
+        $fullname = "$this->api_action/$this->api_method";
 
+        // If the site is "private", all API methods except laconica/config
+        // need authentication
         if (common_config('site', 'private')) {
-            return true;
+            return $fullname != 'laconica/config' || false;
         }
 
-        $fullname = "$this->api_action/$this->api_method";
-
         if (in_array($fullname, $bareauth)) {
             # bareauth: only needs auth if without an argument
             if ($this->api_arg) {
@@ -178,11 +180,11 @@ class ApiAction extends Action
         }
     }
 
-    function isReadOnly()
+    function isReadOnly($args)
     {
-        # NOTE: before handle(), can't use $this->arg
-        $apiaction = $_REQUEST['apiaction'];
-        $method = $_REQUEST['method'];
+        $apiaction = $args['apiaction'];
+        $method = $args['method'];
+
         list($cmdtext, $fmt) = explode('.', $method);
 
         static $write_methods = array(
@@ -205,5 +207,4 @@ class ApiAction extends Action
 
         return false;
     }
-
 }