wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

EndSetApiUser will always contain a User

Browse Source
This commit is contained in:
Mikael Nordfeldth 2015-02-13 01:19:59 +01:00
parent 69e04e5cbd
commit a063bb43a8
2 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
EVENTS.txt
View File

@ -627,10 +627,10 @@ EndSetUser: After setting the currently logged in user
- $user: user - $user: user
StartSetApiUser: Before setting the current API user StartSetApiUser: Before setting the current API user
- $user: user - &$user: user, can be set during event handling (return false to stop processing)
EndSetApiUser: After setting the current API user EndSetApiUser: After setting the current API user
- $user: user - $user: user, only called if this is an actual user
StartHasRole: Before determing if the a profile has a given role StartHasRole: Before determing if the a profile has a given role
- $profile: profile in question - $profile: profile in question

44
lib/apiauthaction.php
View File

@ -212,21 +212,25 @@ class ApiAuthAction extends ApiAction
// Set the auth user // Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) { if (Event::handle('StartSetApiUser', array(&$user))) {
$user = User::getKV('id', $appUser->profile_id); $user = User::getKV('id', $appUser->profile_id);
if (!empty($user)) { }
if (!$user->hasRight(Right::API)) { if ($user instanceof User) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API. if (!$user->hasRight(Right::API)) {
throw new AuthorizationException(_('Not allowed to use API.')); // TRANS: Authorization exception thrown when a user without API access tries to access the API.
} throw new AuthorizationException(_('Not allowed to use API.'));
} }
$this->auth_user = $user; $this->auth_user = $user;
// FIXME: setting the value returned by common_current_user() Event::handle('EndSetApiUser', array($this->auth_user));
// There should probably be a better method for this. common_set_user() } else {
// does lots of session stuff. // If $user is not a real User, let's force it to null.
global $_cur; $this->auth_user = null;
$_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user));
} }
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . $msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
"application '%s' (id: %d) with %s access."; "application '%s' (id: %d) with %s access.";
@ -297,17 +301,17 @@ class ApiAuthAction extends ApiAction
$user = common_check_user($this->auth_user_nickname, $user = common_check_user($this->auth_user_nickname,
$this->auth_user_password); $this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) { Event::handle('StartSetApiUser', array(&$user));
if ($user instanceof User) {
if ($user instanceof User) { if (!$user->hasRight(Right::API)) {
if (!$user->hasRight(Right::API)) { // TRANS: Authorization exception thrown when a user without API access tries to access the API.
// TRANS: Authorization exception thrown when a user without API access tries to access the API. throw new AuthorizationException(_('Not allowed to use API.'));
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
} }
$this->auth_user = $user;
Event::handle('EndSetApiUser', array($user)); Event::handle('EndSetApiUser', array($this->auth_user));
} else {
$this->auth_user = null;
} }
// By default, basic auth users have rw access // By default, basic auth users have rw access