Make API call permission checks more reliable
- don't need to inherit every Module method anymore
This commit is contained in:
parent
9cec38f916
commit
2dc60cfd33
1 changed files with 21 additions and 30 deletions
|
@ -22,6 +22,7 @@
|
||||||
namespace Friendica\Module;
|
namespace Friendica\Module;
|
||||||
|
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
|
use Friendica\App\Router;
|
||||||
use Friendica\BaseModule;
|
use Friendica\BaseModule;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\Logger;
|
use Friendica\Core\Logger;
|
||||||
|
@ -36,6 +37,7 @@ use Friendica\Security\BasicAuth;
|
||||||
use Friendica\Security\OAuth;
|
use Friendica\Security\OAuth;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use Friendica\Util\Profiler;
|
use Friendica\Util\Profiler;
|
||||||
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
class BaseApi extends BaseModule
|
class BaseApi extends BaseModule
|
||||||
|
@ -70,40 +72,29 @@ class BaseApi extends BaseModule
|
||||||
$this->app = $app;
|
$this->app = $app;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function delete(array $request = [])
|
/**
|
||||||
|
* Additionally checks, if the caller is permitted to do this action
|
||||||
|
*
|
||||||
|
* {@inheritDoc}
|
||||||
|
*
|
||||||
|
* @throws HTTPException\ForbiddenException
|
||||||
|
*/
|
||||||
|
public function run(array $request = []): ResponseInterface
|
||||||
{
|
{
|
||||||
|
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
|
||||||
|
case Router::DELETE:
|
||||||
|
case Router::PATCH:
|
||||||
|
case Router::POST:
|
||||||
|
case Router::PUT:
|
||||||
self::checkAllowedScope(self::SCOPE_WRITE);
|
self::checkAllowedScope(self::SCOPE_WRITE);
|
||||||
|
|
||||||
if (!$this->app->isLoggedIn()) {
|
if (!$this->app->isLoggedIn()) {
|
||||||
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function patch(array $request = [])
|
return parent::run($request);
|
||||||
{
|
|
||||||
self::checkAllowedScope(self::SCOPE_WRITE);
|
|
||||||
|
|
||||||
if (!$this->app->isLoggedIn()) {
|
|
||||||
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function post(array $request = [])
|
|
||||||
{
|
|
||||||
self::checkAllowedScope(self::SCOPE_WRITE);
|
|
||||||
|
|
||||||
if (!$this->app->isLoggedIn()) {
|
|
||||||
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public function put(array $request = [])
|
|
||||||
{
|
|
||||||
self::checkAllowedScope(self::SCOPE_WRITE);
|
|
||||||
|
|
||||||
if (!$this->app->isLoggedIn()) {
|
|
||||||
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue