diff options
| author | redmatrix <redmatrix@redmatrix.me> | 2015-05-17 18:14:50 -0700 |
|---|---|---|
| committer | redmatrix <redmatrix@redmatrix.me> | 2015-05-17 18:14:50 -0700 |
| commit | 3b859aa9ef01d065b40943f5a5701f35217b89f3 (patch) | |
| tree | 9984a46308a7e3d1979a34686edbac44540fa24d /boot.php | |
| parent | a7071b17c0978bf8a68574a178c67a275277177c (diff) | |
| download | volse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.tar.gz volse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.tar.bz2 volse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.zip | |
Implement permission checking for OAuth clients using the xperm table. Currently 'all' permissions are applied to OAuth clients which gives them the same rights as the channel owner and full access to API functions as the channel owner. However, individual permissions can now be created. These mirror the permission names from the normal permission table (although it isn't required that they do so). Lack of an xp_perm entry for the specified permission and lack of an 'all' override indicates permission denied.
Diffstat (limited to 'boot.php')
| -rwxr-xr-x | boot.php | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -651,6 +651,7 @@ class App { public $observer = null; // xchan record of the page observer public $profile_uid = 0; // If applicable, the channel_id of the "page owner" public $poi = null; // "person of interest", generally a referenced connection + private $oauth_key = null; // consumer_id of oauth request, if used public $layout = array(); // Comanche parsed template public $pdl = null; private $perms = null; // observer permissions @@ -934,6 +935,7 @@ class App { $this->observer = $xchan; } + function get_observer() { return $this->observer; } @@ -946,6 +948,14 @@ class App { return $this->perms; } + function set_oauth_key($consumer_id) { + $this->oauth_key = $consumer_id; + } + + function get_oauth_key() { + return $this->oauth_key; + } + function get_apps() { return $this->apps; } |