/**
* Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are.
* If there are no authorization tokens, the request could be allowed if a valid session is found.
*/
public function control()
{
$owner = $this->isAPICallValid();
if ($owner) {
Session::completeLogin($owner);
return $this->authControl();
}
$as = $this->getAPISecretFromRequest();
if (empty($as) && $this->isLoggedIn()) {
return $this->authControl();
}
// Assume if no API key is set, that it's a regular HTML page request
if (empty($as)) {
parent::control();
} else {
$this->setContentType("text/plain; charset=UTF-8");
throw new UnauthorizedUserException("Unauthorized API call");
}
}
