Merge remote-tracking branch 'upstream/2021.12-rc' into user-banner

[friendica.git] / src / Module / BaseApi.php

diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php
index f219e56dc49cab165faca418ccf25570efe17680..b6824140db632ab8b73afbff30f0042baf6af2ea 100644 (file)
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -79,19 +79,21 @@ class BaseApi extends BaseModule
         *
         * @throws HTTPException\ForbiddenException
         */
-       public function run(array $request = []): ResponseInterface
+       public function run(array $request = [], bool $scopecheck = true): ResponseInterface
        {
-               switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
-                       case Router::DELETE:
-                       case Router::PATCH:
-                       case Router::POST:
-                       case Router::PUT:
-                               self::checkAllowedScope(self::SCOPE_WRITE);
-
-                               if (!$this->app->isLoggedIn()) {
-                                       throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-                               }
-                               break;
+               if ($scopecheck) {
+                       switch ($this->args->getMethod()) {
+                               case Router::DELETE:
+                               case Router::PATCH:
+                               case Router::POST:
+                               case Router::PUT:
+                                       self::checkAllowedScope(self::SCOPE_WRITE);
+       
+                                       if (!self::getCurrentUserID()) {
+                                               throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+                                       }
+                                       break;
+                       }       
                }
 
                return parent::run($request);