X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=8a1af8c27d3d9048f73aa74a082cb26162263516;hb=119d0f7dbab40f30170ba263de78d7e9cea984db;hp=1dacf1409b19e42b2fb8d937905537730d6ba9bd;hpb=307c819089146a83ae3b8f3c21be692cd6297c19;p=quix0rs-gnu-social.git

diff --git a/lib/apiauth.php b/lib/apiauth.php
index 1dacf1409b..8a1af8c27d 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -196,7 +196,13 @@ class ApiAuthAction extends ApiAction
 
                     // Set the auth user
                     if (Event::handle('StartSetApiUser', array(&$user))) {
-                        $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                        $user = User::staticGet('id', $appUser->profile_id);
+                        if (!empty($user)) {
+                            if (!$user->hasRight(Right::API)) {
+                                throw new AuthorizationException(_('Not allowed to use API.'));
+                            }
+                        }
+                        $this->auth_user = $user;
                         Event::handle('EndSetApiUser', array($user));
                     }
 
@@ -274,6 +280,9 @@ class ApiAuthAction extends ApiAction
             if (Event::handle('StartSetApiUser', array(&$user))) {
 
                 if (!empty($user)) {
+                    if (!$user->hasRight(Right::API)) {
+                        throw new AuthorizationException(_('Not allowed to use API.'));
+                    }
                     $this->auth_user = $user;
                 }
 
@@ -337,7 +346,7 @@ class ApiAuthAction extends ApiAction
     }
 
     /**
-     * Log an API authentication failer. Collect the proxy and IP
+     * Log an API authentication failure. Collect the proxy and IP
      * and log them
      *
      * @param string $logMsg additional log message