$app['apiUser'] = null; $app['apiUserToken'] = null; $appRepo = new API2ApplicationRepository(); if ($data['app_secret']) { $apiapp = $appRepo->loadByAppTokenAndAppSecret($data['app_token'], $data['app_secret']); $app['apiAppLoadedBySecret'] = true; } else { $apiapp = $appRepo->loadByAppToken($data['app_token']); } if ($apiapp && !$apiapp->getIsClosedBySysAdmin()) { $app['apiApp'] = $apiapp; $app['userAgent']->setApi2ApplicationId($apiapp->getId()); // User Token $userTokenRepo = new API2ApplicationUserTokenRepository(); if ($data['user_token']) { $app['apiUserToken'] = $userTokenRepo->loadByAppAndUserTokenAndUserSecret($apiapp, $data['user_token'], $data['user_secret']); if ($app['apiUserToken']) { // User $userRepo = new UserAccountRepository(); $app['apiUser'] = $userRepo->loadByID($app['apiUserToken']->getUserId()); } } } // user permissons $userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']); // if app is not editor or token is not editor, remove edit permissions $removeEditPermissions = $app['apiApp'] && !$app['apiApp']->getIsEditor() || $app['apiUserToken'] && !$app['apiUserToken']->getIsEditor(); $app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['apiUser'], $app['currentSite'], $removeEditPermissions, true); // finally user actions $app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']); });