interkollektives/lichterei-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

3.4.0

Browse Source
This commit is contained in:
Bastian Allgeier
2020-07-07 12:40:13 +02:00
parent 5f025ac2c2
commit f79d2e960c
176 changed files with 10532 additions and 5343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kirby/config/api/authentication.php
View File

@@ -3,15 +3,16 @@
use Kirby\Exception\PermissionException;
return function () {
$auth = $this->kirby()->auth();
$auth = $this->kirby()->auth();
$allowImpersonation = $this->kirby()->option('api.allowImpersonation') ?? false;
// csrf token check
if ($auth->type() === 'session' && $auth->csrf() === false) {
if ($auth->type($allowImpersonation) === 'session' && $auth->csrf() === false) {
throw new PermissionException('Unauthenticated');
}
// get user from session or basic auth
if ($user = $auth->user()) {
if ($user = $auth->user(null, $allowImpersonation)) {
if ($user->role()->permissions()->for('access', 'panel') === false) {
throw new PermissionException(['key' => 'access.panel']);
}