mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API: Add check to see if the user is authorised to run the api method

This commit is contained in:
Tom Needham 2012-12-12 21:04:23 +00:00
parent 228a75ebaa
commit 1475ff63dd
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/api.php
View File

@ -86,12 +86,16 @@ class OC_API {
parse_str(file_get_contents("php://input"), $_DELETE); parse_str(file_get_contents("php://input"), $_DELETE);
} }
$name = $parameters['_route']; $name = $parameters['_route'];
// Loop through registered actions // Check authentication and availability
if(is_callable(self::$actions[$name]['action'])){ if(self::isAuthorised(self::$actions[$name])){
$response = call_user_func(self::$actions[$name]['action'], $parameters); if(is_callable(self::$actions[$name]['action'])){
$response = call_user_func(self::$actions[$name]['action'], $parameters);
} else {
$response = new OC_OCS_Result(null, 998, 'Internal server error');
}
} else { } else {
$response = new OC_OCS_Result(null, 998, 'Internal server error.'); $response = new OC_OCS_Result(null, 997, 'Unauthorised');
} }
// Send the response // Send the response
$formats = array('json', 'xml'); $formats = array('json', 'xml');
$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml'; $format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';