EndSetApiUser will always contain a User

This commit is contained in:
Mikael Nordfeldth 2015-02-13 01:19:59 +01:00
parent 69e04e5cbd
commit a063bb43a8
2 changed files with 26 additions and 22 deletions

View File

@ -627,10 +627,10 @@ EndSetUser: After setting the currently logged in user
- $user: user
StartSetApiUser: Before setting the current API user
- $user: user
- &$user: user, can be set during event handling (return false to stop processing)
EndSetApiUser: After setting the current API user
- $user: user
- $user: user, only called if this is an actual user
StartHasRole: Before determing if the a profile has a given role
- $profile: profile in question

View File

@ -212,21 +212,25 @@ class ApiAuthAction extends ApiAction
// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
$user = User::getKV('id', $appUser->profile_id);
if (!empty($user)) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
}
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user));
Event::handle('EndSetApiUser', array($this->auth_user));
} else {
// If $user is not a real User, let's force it to null.
$this->auth_user = null;
}
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
"application '%s' (id: %d) with %s access.";
@ -297,17 +301,17 @@ class ApiAuthAction extends ApiAction
$user = common_check_user($this->auth_user_nickname,
$this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
Event::handle('StartSetApiUser', array(&$user));
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
Event::handle('EndSetApiUser', array($user));
Event::handle('EndSetApiUser', array($this->auth_user));
} else {
$this->auth_user = null;
}
// By default, basic auth users have rw access