/**
* Check that authenticated consumer and user can access the endpoint
*
* @param string $hook "permissions_check:graph"
* @param string $route Route
* @param bool $return Current permission
* @param array $params Hook params
* @return bool Filtered permission
*/
public function checkAccess($hook, $route, $return, $params)
{
$request_type = $this->request->getMethod();
$request = "{$request_type} /{$route}";
$user_auth_exceptions = array('POST /:site/users');
if (!in_array($request_type, array(HttpRequest::METHOD_GET, HttpRequest::METHOD_HEAD)) && !in_array($request, $user_auth_exceptions)) {
return elgg_is_logged_in();
}
$consumer = $this->session->consumer();
if (!$consumer) {
return $return;
}
$ia = elgg_set_ignore_access(true);
$endpoints = (array) $consumer->endpoints;
elgg_set_ignore_access($ia);
if (!in_array($request, $endpoints)) {
return false;
}
return $return;
}
