Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

tweaks to app approval code. fixes #89

  • Loading branch information...
commit 7c67f5089346ae100e9fa5583c9da43ef598d429 1 parent e0a3131
Zach Hoeken authored
View
4 controllers/app.php
@@ -171,8 +171,6 @@ public function view_app()
$app = new OAuthConsumer($this->args('app_id'));
if (!$app->isHydrated())
throw new Exception("This app does not exist.");
- if (!User::$me->isAdmin() && $app->get('user_id') != User::$me->id)
- throw new Exception("You are not authorized to view this app.");
$this->setTitle("View App - " . $app->getName());
@@ -344,7 +342,7 @@ public function revoke_app()
$token = new OAuthToken($this->args('id'));
if (!$token->isHydrated())
throw new Exception("This app does not exist.");
- if (!User::$me->isAdmin() && $token->get('user_id') != User::$me->id)
+ if ($token->type == 2 && $token->get('user_id') != User::$me->id)
throw new Exception("You are not authorized to delete this app.");
$app = $token->getConsumer();
View
11 models/oauthconsumer.php
@@ -5,6 +5,17 @@ public function __construct($id = null)
{
parent::__construct($id, "oauth_consumer");
}
+
+ public function canEdit()
+ {
+ if (User::$me->isAdmin())
+ return true;
+
+ if (User::isLoggedIn() && $this->get('user_id') == User::$me->id)
+ return true;
+
+ return false;
+ }
public static function findByKey($key)
{
View
1  models/oauthtoken.php
@@ -67,6 +67,7 @@ public static function getRequestTokensByIP()
WHERE ip_address = '" . db()->escape($_SERVER['REMOTE_ADDR']) . "'
AND type = 1
AND verified = 0
+ AND (user_id = 0 || user_id = '" . db()->escape(User::$me->id) . "')
ORDER BY id DESC
";
View
26 views/app/view_app.php
@@ -14,21 +14,23 @@
<td><a href="<?=$app->get('app_url')?>"><?=$app->get('app_url')?></a></td>
</tr>
<tr>
- <th>API Key:</th>
- <td><?=$app->get('consumer_key') ?></td>
- </tr>
- <tr>
- <th>API Secret:</th>
- <td><?=$app->get('consumer_secret') ?></td>
- </tr>
- <tr>
<th>Active:</th>
<td><?= ($app->get('active') == 1) ? 'yes' : 'no'?></td>
</tr>
- <tr>
- <th>Manage</th>
- <td><a href="<?=$app->getUrl()?>/edit">Edit App</a> or <a href="<?=$app->getUrl()?>/delete">Delete App</a></td>
- </tr>
+ <? if ($app->canEdit()): ?>
+ <tr>
+ <th>API Key:</th>
+ <td><?=$app->get('consumer_key') ?></td>
+ </tr>
+ <tr>
+ <th>API Secret:</th>
+ <td><?=$app->get('consumer_secret') ?></td>
+ </tr>
+ <tr>
+ <th>Manage</th>
+ <td><a href="<?=$app->getUrl()?>/edit">Edit App</a> or <a href="<?=$app->getUrl()?>/delete">Delete App</a></td>
+ </tr>
+ <? endif ?>
<tbody>
</table>
</div>
Please sign in to comment.
Something went wrong with that request. Please try again.