X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=42d32dd624e0014c4e799bc18b3395cfe3725dc1;hb=7abecb61bdbcecfbaa264af900ccf71fe18ec0f5;hp=a1c698bba969dfd3cee7d6cc7ee7046c03b16bdb;hpb=5ac694c74f1f37f8742d34efbff5e8a763090c9e;p=quix0rs-gnu-social.git

diff --git a/lib/apiauth.php b/lib/apiauth.php
index a1c698bba9..42d32dd624 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -178,8 +178,10 @@ class ApiAuthAction extends ApiAction
             }
 
             // set the source attr
+            if ($app->name != 'anonymous') {
+                $this->source = $app->name;
+            }
 
-            $this->source = $app->name;
 
             $appUser = Oauth_application_user::staticGet('token', $access_token);
 
@@ -194,7 +196,14 @@ class ApiAuthAction extends ApiAction
 
                     // Set the auth user
                     if (Event::handle('StartSetApiUser', array(&$user))) {
-                        $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                        $user = User::staticGet('id', $appUser->profile_id);
+                        if (!empty($user)) {
+                            if (!$user->hasRight(Right::API)) {
+                                // TRANS: Authorization exception thrown when a user without API access tries to access the API.
+                                throw new AuthorizationException(_('Not allowed to use API.'));
+                            }
+                        }
+                        $this->auth_user = $user;
                         Event::handle('EndSetApiUser', array($user));
                     }
 
@@ -217,7 +226,7 @@ class ApiAuthAction extends ApiAction
                     throw new OAuthException(_('Bad access token.'));
                 }
             } else {
-                // Also should not happen
+                // Also should not happen.
                 // TRANS: OAuth exception given when no user was found for a given token (no token was found).
                 throw new OAuthException(_('No user for that token.'));
             }
@@ -261,7 +270,7 @@ class ApiAuthAction extends ApiAction
 
             // show error if the user clicks 'cancel'
             // TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel".
-            $this->clientError(_("Could not authenticate you."), 401, $this->format);
+            $this->clientError(_('Could not authenticate you.'), 401, $this->format);
             exit;
 
         } else {
@@ -272,6 +281,10 @@ class ApiAuthAction extends ApiAction
             if (Event::handle('StartSetApiUser', array(&$user))) {
 
                 if (!empty($user)) {
+                    if (!$user->hasRight(Right::API)) {
+                        // TRANS: Authorization exception thrown when a user without API access tries to access the API.
+                        throw new AuthorizationException(_('Not allowed to use API.'));
+                    }
                     $this->auth_user = $user;
                 }
 
@@ -288,7 +301,7 @@ class ApiAuthAction extends ApiAction
                 );
                 $this->logAuthFailure($msg);
                 // TRANS: Client error thrown when authentication fails.
-                $this->clientError(_("Could not authenticate you."), 401, $this->format);
+                $this->clientError(_('Could not authenticate you.'), 401, $this->format);
                 exit;
             }
         }
@@ -335,12 +348,11 @@ class ApiAuthAction extends ApiAction
     }
 
     /**
-     * Log an API authentication failer. Collect the proxy and IP
+     * Log an API authentication failure. Collect the proxy and IP
      * and log them
      *
      * @param string $logMsg additional log message
      */
-
      function logAuthFailure($logMsg)
      {
         list($proxy, $ip) = common_client_ip();