X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=8a1af8c27d3d9048f73aa74a082cb26162263516;hb=b7178d2197d225b5fcb605b1c4d9df14d8b278a1;hp=0ebd7aa10560d964240f940b2f178e563eaf435f;hpb=e8b6d7c946da5fb2ce5397bccfd332de8ca1f9dd;p=quix0rs-gnu-social.git

diff --git a/lib/apiauth.php b/lib/apiauth.php
index 0ebd7aa105..8a1af8c27d 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -196,7 +196,13 @@ class ApiAuthAction extends ApiAction
 
                     // Set the auth user
                     if (Event::handle('StartSetApiUser', array(&$user))) {
-                        $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                        $user = User::staticGet('id', $appUser->profile_id);
+                        if (!empty($user)) {
+                            if (!$user->hasRight(Right::API)) {
+                                throw new AuthorizationException(_('Not allowed to use API.'));
+                            }
+                        }
+                        $this->auth_user = $user;
                         Event::handle('EndSetApiUser', array($user));
                     }
 
@@ -263,7 +269,7 @@ class ApiAuthAction extends ApiAction
 
             // show error if the user clicks 'cancel'
             // TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel".
-            $this->clientError(_("Could not authenticate you."), 401, $this->format);
+            $this->clientError(_('Could not authenticate you.'), 401, $this->format);
             exit;
 
         } else {
@@ -274,6 +280,9 @@ class ApiAuthAction extends ApiAction
             if (Event::handle('StartSetApiUser', array(&$user))) {
 
                 if (!empty($user)) {
+                    if (!$user->hasRight(Right::API)) {
+                        throw new AuthorizationException(_('Not allowed to use API.'));
+                    }
                     $this->auth_user = $user;
                 }
 
@@ -290,7 +299,7 @@ class ApiAuthAction extends ApiAction
                 );
                 $this->logAuthFailure($msg);
                 // TRANS: Client error thrown when authentication fails.
-                $this->clientError(_("Could not authenticate you."), 401, $this->format);
+                $this->clientError(_('Could not authenticate you.'), 401, $this->format);
                 exit;
             }
         }
@@ -337,12 +346,11 @@ class ApiAuthAction extends ApiAction
     }
 
     /**
-     * Log an API authentication failer. Collect the proxy and IP
+     * Log an API authentication failure. Collect the proxy and IP
      * and log them
      *
      * @param string $logMsg additional log message
      */
-
      function logAuthFailure($logMsg)
      {
         list($proxy, $ip) = common_client_ip();