fine-tuning the privacy flag

darcs-hash:20081203183432-5ed1f-7626661b797f64594f990ee06d9e13b73b265b49.gz
2008-12-03 13:34:32 -05:00 · 2008-12-03 13:34:32 -05:00 · 8c10b0ac4d
parent 06b234c397
commit 8c10b0ac4d
3 changed files with 62 additions and 48 deletions
--- a/3
+++ b/3
@ -775,6 +775,9 @@ closed: If set to 'true', will disallow registration on your site.
 	the service, *then* set this variable to 'true'.
 inviteonly: If set to 'true', will only allow registration if the user
 	    was invited by an existing user.
+private: If set to 'true', anonymous users will be redirected to the
+         'login' page. Also, API methods that normally require no
+         authentication will require it.

 db
 --
--- a/actions/api.php
+++ b/actions/api.php
@ -120,6 +120,12 @@ class ApiAction extends Action {
 								 'statuses/followers',
 								 'favorites/favorites');

+        # If the site is "private", all API methods need authentication
+
+        if (common_config('site', 'private')) {
+            return true;
+        }
+
 		$fullname = "$this->api_action/$this->api_method";

 		if (in_array($fullname, $bareauth)) {
--- a/index.php
+++ b/index.php
@ -36,7 +36,12 @@ if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
    common_redirect(common_local_url('public'));
 }

-if (!$user && common_config('site', 'private') && !in_array($action, array('login', 'api', 'doc')) {
+// If the site is private, and they're not on one of the "public"
+// parts of the site, redirect to login
+
+if (!$user && common_config('site', 'private') &&
+    !in_array($action, array('login', 'openidlogin', 'api', 'doc')))
+{
    common_redirect(common_local_url('login'));
 }