correct handling of bareauth
darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz
This commit is contained in:
parent
dfbc427e04
commit
2d47b3ad64
|
@ -101,23 +101,27 @@ class ApiAction extends Action {
|
|||
# Whitelist of API methods that don't need authentication
|
||||
function requires_auth() {
|
||||
static $noauth = array( 'statuses/public_timeline',
|
||||
'statuses/user_timeline',
|
||||
'statuses/show',
|
||||
'help/test',
|
||||
'help/downtime_schedule');
|
||||
static $bareauth = array('statuses/user_timeline', 'statuses/friends');
|
||||
|
||||
# noauth: never needs auth
|
||||
# bareauth: only needs auth if without an argument
|
||||
|
||||
$fullname = "$this->api_action/$this->api_method";
|
||||
|
||||
if (in_array($fullname, $bareauth) && !$this->api_arg) {
|
||||
return true;
|
||||
} if (in_array($fullname, $noauth)) {
|
||||
if (in_array($fullname, $bareauth)) {
|
||||
# bareauth: only needs auth if without an argument
|
||||
if ($this->api_arg) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
} else if (in_array($fullname, $noauth)) {
|
||||
# noauth: never needs auth
|
||||
return false;
|
||||
} else {
|
||||
# everybody else needs auth
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user