$app['apiUser'] = null;
$app['apiUserToken'] = null;
$appRepo = new API2ApplicationRepository();
if ($data['app_secret']) {
$apiapp = $appRepo->loadByAppTokenAndAppSecret($data['app_token'], $data['app_secret']);
$app['apiAppLoadedBySecret'] = true;
} else {
$apiapp = $appRepo->loadByAppToken($data['app_token']);
}
if ($apiapp && !$apiapp->getIsClosedBySysAdmin()) {
$app['apiApp'] = $apiapp;
$app['userAgent']->setApi2ApplicationId($apiapp->getId());
// User Token
$userTokenRepo = new API2ApplicationUserTokenRepository();
if ($data['user_token']) {
$app['apiUserToken'] = $userTokenRepo->loadByAppAndUserTokenAndUserSecret($apiapp, $data['user_token'], $data['user_secret']);
if ($app['apiUserToken']) {
// User
$userRepo = new UserAccountRepository();
$app['apiUser'] = $userRepo->loadByID($app['apiUserToken']->getUserId());
}
}
}
// user permissons
$userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']);
// if app is not editor or token is not editor, remove edit permissions
$removeEditPermissions = $app['apiApp'] && !$app['apiApp']->getIsEditor() || $app['apiUserToken'] && !$app['apiUserToken']->getIsEditor();
$app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['apiUser'], $app['currentSite'], $removeEditPermissions, true);
// finally user actions
$app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']);
});
