From 3b859aa9ef01d065b40943f5a5701f35217b89f3 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Sun, 17 May 2015 18:14:50 -0700
Subject: Implement permission checking for OAuth clients using the xperm
 table. Currently 'all' permissions are applied to OAuth clients which gives
 them the same rights as the channel owner and full access to API functions as
 the channel owner. However, individual permissions can now be created. These
 mirror the permission names from the normal permission table (although it
 isn't required that they do so). Lack of an xp_perm entry for the specified
 permission and lack of an 'all' override indicates permission denied.

---
 boot.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index 8dcc3b56b..ad75a2d25 100755
--- a/boot.php
+++ b/boot.php
@@ -651,6 +651,7 @@ class App {
 	public  $observer   = null;            // xchan record of the page observer
 	public  $profile_uid = 0;              // If applicable, the channel_id of the "page owner"
 	public  $poi        = null;            // "person of interest", generally a referenced connection
+	private $oauth_key  = null;            // consumer_id of oauth request, if used
 	public  $layout     = array();         // Comanche parsed template
 	public  $pdl        = null;
 	private $perms      = null;            // observer permissions
@@ -934,6 +935,7 @@ class App {
 		$this->observer = $xchan;
 	}
 
+
 	function get_observer() {
 		return $this->observer;
 	}
@@ -946,6 +948,14 @@ class App {
 		return $this->perms;
 	}
 
+	function set_oauth_key($consumer_id) {
+		$this->oauth_key = $consumer_id;
+	}
+
+	function get_oauth_key() {
+		return $this->oauth_key;
+	}
+
 	function get_apps() {
 		return $this->apps;
 	}
-- 
cgit v1.2.3