public function actionApiData() { /* @var $clientModel bdApi_Model_Client */ $clientModel = $this->getModelFromCache('bdApi_Model_Client'); /* @var $userScopeModel bdApi_Model_UserScope */ $userScopeModel = $this->getModelFromCache('bdApi_Model_UserScope'); /* @var $userModel bdApi_XenForo_Model_User */ $userModel = $this->getModelFromCache('XenForo_Model_User'); $callback = $this->_input->filterSingle('callback', XenForo_Input::STRING); $cmd = $this->_input->filterSingle('cmd', XenForo_Input::STRING); $clientId = $this->_input->filterSingle('client_id', XenForo_Input::STRING); $data = array(); $data[$cmd] = 0; $client = $clientModel->getClientById($clientId); $visitorObj = XenForo_Visitor::getInstance(); $visitorArray = $visitorObj->toArray(); if (!empty($client) and $visitorArray['user_id'] > 0) { switch ($cmd) { case 'authorized': $scope = $this->_input->filterSingle('scope', XenForo_Input::STRING); $requestedScopes = bdApi_Template_Helper_Core::getInstance()->scopeSplit($scope); if (empty($requestedScopes)) { // no scope requested, check for scope `read` $requestedScopes[] = bdApi_Model_OAuth2::SCOPE_READ; } $requestedScopesAccepted = array(); if ($data[$cmd] === 0 and $clientModel->canAutoAuthorize($client, $scope)) { // this client has auto authorize setting for the requested scope // response with authorized = 1 // note: we don't have (and don't need) an access token for now // but in case the client application request authorization, it // will be granted automatically anyway $requestedScopesAccepted = $requestedScopes; $data[$cmd] = 1; } if ($data[$cmd] === 0) { // start looking for accepted scopes $userScopes = $userScopeModel->getUserScopes($client['client_id'], $visitorArray['user_id']); foreach ($requestedScopes as $scope) { foreach ($userScopes as $userScope) { if ($userScope['scope'] === $scope) { $requestedScopesAccepted[] = $scope; } } } if (count($requestedScopes) === count($requestedScopesAccepted)) { $data[$cmd] = 1; } } if ($data[$cmd] === 1) { if (!empty($scope)) { // some actual scopes were requested, return user data according to those scopes $session = new bdApi_Session(); $session->fakeStart($client, $visitorObj, $requestedScopesAccepted); $visitorPrepared = $userModel->prepareApiDataForUser($visitorArray); $data = array_merge($visitorPrepared, $data); } else { // just checking for connection status, return user_id only $data['user_id'] = $visitorArray['user_id']; } } // switch ($cmd) break; } } $clientModel->signApiData($client, $data); $viewParams = array('callback' => $callback, 'cmd' => $cmd, 'client_id' => $clientId, 'data' => $data); $this->_routeMatch->setResponseType('raw'); return $this->responseView('bdApi_ViewPublic_Misc_Api_Data', '', $viewParams); }