X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=8a1af8c27d3d9048f73aa74a082cb26162263516;hb=119d0f7dbab40f30170ba263de78d7e9cea984db;hp=0cc184c04c678e3ee1183fc53326d390db8a9e12;hpb=6eca8188b6f341f51cb9c741ea6785b4b35c6e84;p=quix0rs-gnu-social.git

diff --git a/lib/apiauth.php b/lib/apiauth.php
index 0cc184c04c..8a1af8c27d 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -196,7 +196,13 @@ class ApiAuthAction extends ApiAction
 
                     // Set the auth user
                     if (Event::handle('StartSetApiUser', array(&$user))) {
-                        $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                        $user = User::staticGet('id', $appUser->profile_id);
+                        if (!empty($user)) {
+                            if (!$user->hasRight(Right::API)) {
+                                throw new AuthorizationException(_('Not allowed to use API.'));
+                            }
+                        }
+                        $this->auth_user = $user;
                         Event::handle('EndSetApiUser', array($user));
                     }
 
@@ -274,6 +280,9 @@ class ApiAuthAction extends ApiAction
             if (Event::handle('StartSetApiUser', array(&$user))) {
 
                 if (!empty($user)) {
+                    if (!$user->hasRight(Right::API)) {
+                        throw new AuthorizationException(_('Not allowed to use API.'));
+                    }
                     $this->auth_user = $user;
                 }