We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit a063bb43 authored by mattl's avatar mattl

EndSetApiUser will always contain a User

parent 69e04e5c
......@@ -627,10 +627,10 @@ EndSetUser: After setting the currently logged in user
- $user: user
StartSetApiUser: Before setting the current API user
- $user: user
- &$user: user, can be set during event handling (return false to stop processing)
EndSetApiUser: After setting the current API user
- $user: user
- $user: user, only called if this is an actual user
StartHasRole: Before determing if the a profile has a given role
- $profile: profile in question
......
......@@ -212,21 +212,25 @@ class ApiAuthAction extends ApiAction
// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
$user = User::getKV('id', $appUser->profile_id);
if (!empty($user)) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
}
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user));
Event::handle('EndSetApiUser', array($this->auth_user));
} else {
// If $user is not a real User, let's force it to null.
$this->auth_user = null;
}
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
"application '%s' (id: %d) with %s access.";
......@@ -297,17 +301,17 @@ class ApiAuthAction extends ApiAction
$user = common_check_user($this->auth_user_nickname,
$this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
Event::handle('StartSetApiUser', array(&$user));
if ($user instanceof User) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
Event::handle('EndSetApiUser', array($user));
Event::handle('EndSetApiUser', array($this->auth_user));
} else {
$this->auth_user = null;
}
// By default, basic auth users have rw access
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment