From 3b859aa9ef01d065b40943f5a5701f35217b89f3 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 May 2015 18:14:50 -0700 Subject: Implement permission checking for OAuth clients using the xperm table. Currently 'all' permissions are applied to OAuth clients which gives them the same rights as the channel owner and full access to API functions as the channel owner. However, individual permissions can now be created. These mirror the permission names from the normal permission table (although it isn't required that they do so). Lack of an xp_perm entry for the specified permission and lack of an 'all' override indicates permission denied. --- include/api.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include/api.php') diff --git a/include/api.php b/include/api.php index 12247c183..788a84208 100644 --- a/include/api.php +++ b/include/api.php @@ -78,11 +78,14 @@ require_once('include/items.php'); // list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)){ $oauth->loginUser($token->uid); + + $a->set_oauth_key($consumer->key); + call_hooks('logged_in', $a->user); return; } echo __file__.__line__.__function__."
"; 
-			var_dump($consumer, $token); 
+//			var_dump($consumer, $token); 
 			die();
 		}
 		catch(Exception $e) {
-- 
cgit v1.2.3