mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API: Add check to see if the user is authorised to run the api method

This commit is contained in:
Tom Needham 2012-12-12 21:04:23 +00:00
parent 228a75ebaa
commit 1475ff63dd
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/api.php
View File

@ -86,12 +86,16 @@ class OC_API {
parse_str(file_get_contents("php://input"), $_DELETE);
}
$name = $parameters['_route'];
// Loop through registered actions
if(is_callable(self::$actions[$name]['action'])){
$response = call_user_func(self::$actions[$name]['action'], $parameters);
// Check authentication and availability
if(self::isAuthorised(self::$actions[$name])){
if(is_callable(self::$actions[$name]['action'])){
$response = call_user_func(self::$actions[$name]['action'], $parameters);
} else {
$response = new OC_OCS_Result(null, 998, 'Internal server error');
}
} else {
$response = new OC_OCS_Result(null, 998, 'Internal server error.');
}
$response = new OC_OCS_Result(null, 997, 'Unauthorised');
}
// Send the response
$formats = array('json', 'xml');
$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';