$groupId = $user['group']; $directusGroupsTableGateway = new DirectusGroupsTableGateway($acl, $ZendDb); if (!$directusGroupsTableGateway->acceptIP($groupId, $app->request->getIp())) { $app->contentType('application/javascript'); $app->response->setStatus(401); JsonView::render(['message' => 'Request not allowed from IP address', 'success' => false]); $app->stop(); } // Uf the request it's done by authentication // Store the session information in a global variable // And we retrieve this information back to session at the end of the execution. // See slim.after hook. $GLOBALS['__SESSION'] = $_SESSION; // Reset SESSION values $_SESSION = []; Auth::setLoggedUser($user['id']); $app->emitter->run('directus.authenticated', [$app, $user]); $app->emitter->run('directus.authenticated.token', [$app, $user]); // Reload all user permissions // At this point ACL has run and loaded all permissions // This behavior works as expected when you are logged to the CMS/Management // When logged through API we need to reload all their permissions $privilegesTable = new DirectusPrivilegesTableGateway($acl, $ZendDb); $acl->setGroupPrivileges($privilegesTable->getGroupPrivileges($user['group'])); // @TODO: Adding an user should auto set its ID and GROUP $acl->setUserId($user['id']); $acl->setGroupId($user['group']); } /** Enforce required authentication. */ if (!Auth::loggedIn()) { $app->halt(401, __t('you_must_be_logged_in_to_access_the_api'));