X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FBaseApi.php;h=b6824140db632ab8b73afbff30f0042baf6af2ea;hb=35e2ae39252f6713a09c80026eeacf184f68437a;hp=cd9cfb8f5cd06948713d0a7e17d6d1bc4e662559;hpb=2e4d654c0a241891a8a64ebd3e49ebde42fad8cc;p=friendica.git

diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php
index cd9cfb8f5c..b6824140db 100644
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2021, the Friendica project
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -22,6 +22,7 @@
 namespace Friendica\Module;
 
 use Friendica\App;
+use Friendica\App\Router;
 use Friendica\BaseModule;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
@@ -36,6 +37,7 @@ use Friendica\Security\BasicAuth;
 use Friendica\Security\OAuth;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Profiler;
+use Psr\Http\Message\ResponseInterface;
 use Psr\Log\LoggerInterface;
 
 class BaseApi extends BaseModule
@@ -70,40 +72,31 @@ class BaseApi extends BaseModule
 		$this->app = $app;
 	}
 
-	protected function delete(array $request = [])
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
-	}
-
-	protected function patch(array $request = [])
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
-	}
-
-	protected function post(array $request = [])
+	/**
+	 * Additionally checks, if the caller is permitted to do this action
+	 *
+	 * {@inheritDoc}
+	 *
+	 * @throws HTTPException\ForbiddenException
+	 */
+	public function run(array $request = [], bool $scopecheck = true): ResponseInterface
 	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
-
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+		if ($scopecheck) {
+			switch ($this->args->getMethod()) {
+				case Router::DELETE:
+				case Router::PATCH:
+				case Router::POST:
+				case Router::PUT:
+					self::checkAllowedScope(self::SCOPE_WRITE);
+	
+					if (!self::getCurrentUserID()) {
+						throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+					}
+					break;
+			}	
 		}
-	}
-
-	public function put(array $request = [])
-	{
-		self::checkAllowedScope(self::SCOPE_WRITE);
 
-		if (!$this->app->isLoggedIn()) {
-			throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-		}
+		return parent::run($request);
 	}
 
 	/**