correct handling of bareauth

darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz
This commit is contained in:
Evan Prodromou 2008-07-19 13:16:05 -04:00
parent dfbc427e04
commit 2d47b3ad64

View File

@ -101,23 +101,27 @@ class ApiAction extends Action {
# Whitelist of API methods that don't need authentication # Whitelist of API methods that don't need authentication
function requires_auth() { function requires_auth() {
static $noauth = array( 'statuses/public_timeline', static $noauth = array( 'statuses/public_timeline',
'statuses/user_timeline',
'statuses/show', 'statuses/show',
'help/test', 'help/test',
'help/downtime_schedule'); 'help/downtime_schedule');
static $bareauth = array('statuses/user_timeline', 'statuses/friends'); static $bareauth = array('statuses/user_timeline', 'statuses/friends');
# noauth: never needs auth
# bareauth: only needs auth if without an argument
$fullname = "$this->api_action/$this->api_method"; $fullname = "$this->api_action/$this->api_method";
if (in_array($fullname, $bareauth) && !$this->api_arg) { if (in_array($fullname, $bareauth)) {
return true; # bareauth: only needs auth if without an argument
} if (in_array($fullname, $noauth)) { if ($this->api_arg) {
return false;
} else {
return true;
}
} else if (in_array($fullname, $noauth)) {
# noauth: never needs auth
return false; return false;
} else {
# everybody else needs auth
return true;
} }
return true;
} }
} }