API: Add check to see if the user is authorised to run the api method
This commit is contained in:
parent
228a75ebaa
commit
1475ff63dd
12
lib/api.php
12
lib/api.php
|
@ -86,11 +86,15 @@ class OC_API {
|
|||
parse_str(file_get_contents("php://input"), $_DELETE);
|
||||
}
|
||||
$name = $parameters['_route'];
|
||||
// Loop through registered actions
|
||||
if(is_callable(self::$actions[$name]['action'])){
|
||||
$response = call_user_func(self::$actions[$name]['action'], $parameters);
|
||||
// Check authentication and availability
|
||||
if(self::isAuthorised(self::$actions[$name])){
|
||||
if(is_callable(self::$actions[$name]['action'])){
|
||||
$response = call_user_func(self::$actions[$name]['action'], $parameters);
|
||||
} else {
|
||||
$response = new OC_OCS_Result(null, 998, 'Internal server error');
|
||||
}
|
||||
} else {
|
||||
$response = new OC_OCS_Result(null, 998, 'Internal server error.');
|
||||
$response = new OC_OCS_Result(null, 997, 'Unauthorised');
|
||||
}
|
||||
// Send the response
|
||||
$formats = array('json', 'xml');
|
||||
|
|
Loading…
Reference in New Issue