API: Add check to see if the user is authorised to run the api method

This commit is contained in:
Tom Needham 2012-12-12 21:04:23 +00:00
parent 228a75ebaa
commit 1475ff63dd
1 changed files with 9 additions and 5 deletions

View File

@ -86,11 +86,15 @@ class OC_API {
parse_str(file_get_contents("php://input"), $_DELETE);
}
$name = $parameters['_route'];
// Loop through registered actions
if(is_callable(self::$actions[$name]['action'])){
$response = call_user_func(self::$actions[$name]['action'], $parameters);
// Check authentication and availability
if(self::isAuthorised(self::$actions[$name])){
if(is_callable(self::$actions[$name]['action'])){
$response = call_user_func(self::$actions[$name]['action'], $parameters);
} else {
$response = new OC_OCS_Result(null, 998, 'Internal server error');
}
} else {
$response = new OC_OCS_Result(null, 998, 'Internal server error.');
$response = new OC_OCS_Result(null, 997, 'Unauthorised');
}
// Send the response
$formats = array('json', 'xml');