* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once '../core/init.php';
$server = new OAuthServer();
switch ($_SERVER['PATH_INFO']) {
case '/request_token':
$server->requestToken();
exit;
case '/access_token':
$server->accessToken();
exit;
case '/authorize':
# logon
assert_logged_in();
try {
$server->authorizeVerify();
$server->authorizeFinish(true, 1);
} catch (OAuthException $e) {
header('HTTP/1.1 400 Bad Request');
header('Content-Type: text/plain');
echo "Failed OAuth Request: " . $e->getMessage();
}
exit;
default:
header('HTTP/1.1 500 Internal Server Error');
header('Content-Type: text/plain');
echo "Unknown request";
}
function assert_can_edit($data, $msg = null, $code = null)
{
assert_logged_in();
if ($data instanceof Model) {
$arr = $data->as_array();
} else {
$arr = (array) $data;
}
$not_current_user = empty($arr['user_id']) || $arr['user_id'] !== current_user()->id;
if ($not_current_user && !current_user_can('super')) {
throw new AccessException($msg, $code);
}
}
