diff options
| author | Tom Needham <needham.thomas@gmail.com> | 2012-12-12 21:04:23 +0000 |
|---|---|---|
| committer | Tom Needham <needham.thomas@gmail.com> | 2012-12-12 21:04:23 +0000 |
| commit | 1475ff63ddeb56c277836092d2b02861cb47e4ee (patch) | |
| tree | 09b84a2a9bbb0afda6f39f2969c05c04a1aa4c72 /lib/api.php | |
| parent | 228a75ebaa3a8fd543ea473bc23ba0b11a028511 (diff) | |
| download | nextcloud-server-1475ff63ddeb56c277836092d2b02861cb47e4ee.tar.gz nextcloud-server-1475ff63ddeb56c277836092d2b02861cb47e4ee.zip | |
API: Add check to see if the user is authorised to run the api method
Diffstat (limited to 'lib/api.php')
| -rw-r--r-- | lib/api.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/api.php b/lib/api.php index e119b878210..84d1155b594 100644 --- a/lib/api.php +++ b/lib/api.php @@ -86,12 +86,16 @@ class OC_API { parse_str(file_get_contents("php://input"), $_DELETE); } $name = $parameters['_route']; - // Loop through registered actions - if(is_callable(self::$actions[$name]['action'])){ - $response = call_user_func(self::$actions[$name]['action'], $parameters); + // Check authentication and availability + if(self::isAuthorised(self::$actions[$name])){ + if(is_callable(self::$actions[$name]['action'])){ + $response = call_user_func(self::$actions[$name]['action'], $parameters); + } else { + $response = new OC_OCS_Result(null, 998, 'Internal server error'); + } } else { - $response = new OC_OCS_Result(null, 998, 'Internal server error.'); - } + $response = new OC_OCS_Result(null, 997, 'Unauthorised'); + } // Send the response $formats = array('json', 'xml'); $format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml'; |