public function __construct() { parent::__construct(); $this->beforeFilter('check-authorization-params', array('only' => array('getAuthorize', 'postAuthorize', 'getTestAuthorize', 'postTestAuthorize'))); $this->beforeFilter('csrf', array('only' => array('postAuthorize', 'postTestAuthorize'))); $this->beforeFilter('oauth:basic', array('except' => array('getAuthorize', 'postAuthorize', 'postAccessToken', 'getTestAuthorize', 'postTestAuthorize'))); $this->beforeFilter(function () { $ownerType = ResourceServer::getOwnerType(); if (!$ownerType || !in_array($ownerType, array('user'))) { App::abort(403, 'Forbidden'); } }, array('except' => array('getAuthorize', 'postAuthorize', 'postAccessToken', 'getTestAuthorize', 'postTestAuthorize'))); }