X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=42d32dd624e0014c4e799bc18b3395cfe3725dc1;hb=b6b9baa9a240db9f10c41dc0c0aae81dad0d744a;hp=1dacf1409b19e42b2fb8d937905537730d6ba9bd;hpb=8ff44a1fb9f54ce61a91987ca44cbd4fccf0a012;p=quix0rs-gnu-social.git diff --git a/lib/apiauth.php b/lib/apiauth.php index 1dacf1409b..42d32dd624 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -196,7 +196,14 @@ class ApiAuthAction extends ApiAction // Set the auth user if (Event::handle('StartSetApiUser', array(&$user))) { - $this->auth_user = User::staticGet('id', $appUser->profile_id); + $user = User::staticGet('id', $appUser->profile_id); + if (!empty($user)) { + if (!$user->hasRight(Right::API)) { + // TRANS: Authorization exception thrown when a user without API access tries to access the API. + throw new AuthorizationException(_('Not allowed to use API.')); + } + } + $this->auth_user = $user; Event::handle('EndSetApiUser', array($user)); } @@ -219,7 +226,7 @@ class ApiAuthAction extends ApiAction throw new OAuthException(_('Bad access token.')); } } else { - // Also should not happen + // Also should not happen. // TRANS: OAuth exception given when no user was found for a given token (no token was found). throw new OAuthException(_('No user for that token.')); } @@ -274,6 +281,10 @@ class ApiAuthAction extends ApiAction if (Event::handle('StartSetApiUser', array(&$user))) { if (!empty($user)) { + if (!$user->hasRight(Right::API)) { + // TRANS: Authorization exception thrown when a user without API access tries to access the API. + throw new AuthorizationException(_('Not allowed to use API.')); + } $this->auth_user = $user; } @@ -337,7 +348,7 @@ class ApiAuthAction extends ApiAction } /** - * Log an API authentication failer. Collect the proxy and IP + * Log an API authentication failure. Collect the proxy and IP * and log them * * @param string $logMsg additional log message