Skip to content
Permalink
Browse files Browse the repository at this point in the history
Require authentication on admin bits of comments api #650
* Require auth on comment actions
* Require auth to list pending/unapproved/spam comments
  • Loading branch information
rjmackay committed Jul 3, 2012
1 parent 13ca6f4 commit f67f4ad
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions application/libraries/api/MY_Comments_Api_Object.php
Expand Up @@ -38,10 +38,24 @@ public function perform_task()
break;

case "spam":
// Check for admin access on all comments
if ( ! $this->api_service->_login(TRUE) )
{
$this->set_error_message($this->response(2));
return;
}

$this->response_data = $this->_get_spam_comments();
break;

case "pending":
// Check for admin access on all comments
if ( ! $this->api_service->_login(TRUE) )
{
$this->set_error_message($this->response(2));
return;
}

$this->response_data = $this->_get_pending_comments();
break;

Expand Down Expand Up @@ -89,6 +103,13 @@ public function perform_task()
else if($this->api_service->verify_array_index(
$this->request, 'action'))
{
// Check for admin access on all comments
if ( ! $this->api_service->_login(TRUE) )
{
$this->set_error_message($this->response(2));
return;
}

$this->comment_action();
return;
}
Expand Down

0 comments on commit f67f4ad

Please sign in to comment.