X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FBaseApi.php;h=b6824140db632ab8b73afbff30f0042baf6af2ea;hb=35e2ae39252f6713a09c80026eeacf184f68437a;hp=7c0c77372e46cc9b2ca7ad26298a51436d9f7194;hpb=f580d8e5c022f42f7dbe8465dff668d240c1da09;p=friendica.git

diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php
index 7c0c77372e..b6824140db 100644
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2021, the Friendica project
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -22,6 +22,7 @@
 namespace Friendica\Module;
 
 use Friendica\App;
+use Friendica\App\Router;
 use Friendica\BaseModule;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
@@ -35,8 +36,8 @@ use Friendica\Network\HTTPException;
 use Friendica\Security\BasicAuth;
 use Friendica\Security\OAuth;
 use Friendica\Util\DateTimeFormat;
-use Friendica\Util\HTTPInputData;
 use Friendica\Util\Profiler;
+use Psr\Http\Message\ResponseInterface;
 use Psr\Log\LoggerInterface;
 
 class BaseApi extends BaseModule
@@ -71,40 +72,31 @@ class BaseApi extends BaseModule
 		$this->app = $app;
 	}
 
-	protected function delete()
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
-	}
-
-	protected function patch()
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
-	}
-
-	protected function post(array $request = [], array $post = [])
+	/**
+	 * Additionally checks, if the caller is permitted to do this action
+	 *
+	 * {@inheritDoc}
+	 *
+	 * @throws HTTPException\ForbiddenException
+	 */
+	public function run(array $request = [], bool $scopecheck = true): ResponseInterface
 	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+		if ($scopecheck) {
+			switch ($this->args->getMethod()) {
+				case Router::DELETE:
+				case Router::PATCH:
+				case Router::POST:
+				case Router::PUT:
+					self::checkAllowedScope(self::SCOPE_WRITE);
+	
+					if (!self::getCurrentUserID()) {
+						throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+					}
+					break;
+			}	
 		}
-	}
-
-	public function put()
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
 
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
+		return parent::run($request);
 	}
 
 	/**
@@ -112,21 +104,18 @@ class BaseApi extends BaseModule
 	 *
 	 * @param array      $defaults Associative array of expected request keys and their default typed value. A null
 	 *                             value will remove the request key from the resulting value array.
-	 * @param array|null $request  Custom REQUEST array, superglobal instead
+	 * @param array $request       Custom REQUEST array, superglobal instead
 	 * @return array request data
 	 * @throws \Exception
 	 */
-	public function getRequest(array $defaults, array $request = null): array
+	public function getRequest(array $defaults, array $request): array
 	{
-		$httpinput = HTTPInputData::process();
-		$input = array_merge($httpinput['variables'], $httpinput['files'], $request ?? $_REQUEST);
-
-		self::$request    = $input;
+		self::$request    = $request;
 		self::$boundaries = [];
 
 		unset(self::$request['pagename']);
 
-		return $this->checkDefaults($defaults, $input);
+		return $this->checkDefaults($defaults, $request);
 	}
 
 	/**