From 780b6878f754d68786bbb902393e5a9dd1ea9771 Mon Sep 17 00:00:00 2001 From: Tyler Romeo Date: Tue, 21 Aug 2012 11:52:47 -0400 Subject: [PATCH] New hook ApiCheckCanExecute. Added new hook in ApiMain::checkCanExecute so that extensions can authenticate and authorize API clients before the module is execute. (Necessary for extensions like OAuth that externally authnz clients.) Change-Id: I1b059fd9a4aa717928af8b09f5edebe899ab3ce1 Signed-off-by: Tyler Romeo --- docs/hooks.txt | 7 +++++++ includes/api/ApiMain.php | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/docs/hooks.txt b/docs/hooks.txt index 2862d1ba87..8243f78122 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -314,6 +314,13 @@ $body: Body of the message Use this to extend core API modules. &$module: Module object +'APICheckCanExecute': Called during ApiMain::checkCanExecute. Use to +further authenticate and authorize API clients before executing the +module. Return false and set a message to cancel the request. +$module: Module object +$user: Current user +&$message: API usage message to die with + 'APIEditBeforeSave': before saving a page with api.php?action=edit, after processing request parameters. Return false to let the request fail, returning an error message or an tag diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 420acd3d9e..3dadb42283 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -758,6 +758,12 @@ class ApiMain extends ApiBase { $this->dieReadOnly(); } } + + // Allow extensions to stop execution for arbitrary reasons. + $message = false; + if( !wfRunHooks( 'ApiCheckCanExecute', array( $module, $user, &$message ) ) ) { + $this->dieUsageMsg( $message ); + } } /** -- 2.20.1