From 08c53a9292c394ec3984d10009192ceea1a537ba Mon Sep 17 00:00:00 2001 From: Albert Santoni Date: Wed, 18 Feb 2015 18:34:52 -0500 Subject: [PATCH] Fixed incorrect authorization for ShowImage API --- airtime_mvc/application/configs/ACL.php | 3 ++- .../modules/rest/controllers/ShowImageController.php | 12 ------------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/airtime_mvc/application/configs/ACL.php b/airtime_mvc/application/configs/ACL.php index c41f00a47..8043a7e76 100644 --- a/airtime_mvc/application/configs/ACL.php +++ b/airtime_mvc/application/configs/ACL.php @@ -54,7 +54,8 @@ $ccAcl->allow('G', 'index') ->allow('G', 'upgrade') ->allow('G', 'provisioning') ->allow('G', 'downgrade') - ->allow('G', 'rest:show-image') + ->allow('G', 'rest:show-image', 'get') + ->allow('H', 'rest:show-image') ->allow('G', 'rest:media', 'get') ->allow('H', 'rest:media') ->allow('H', 'preference', 'is-import-in-progress') diff --git a/airtime_mvc/application/modules/rest/controllers/ShowImageController.php b/airtime_mvc/application/modules/rest/controllers/ShowImageController.php index 05c6e937d..a206208b2 100644 --- a/airtime_mvc/application/modules/rest/controllers/ShowImageController.php +++ b/airtime_mvc/application/modules/rest/controllers/ShowImageController.php @@ -40,12 +40,6 @@ class Rest_ShowImageController extends Zend_Rest_Controller { * RESTful POST endpoint; used when uploading show images */ public function postAction() { - if (!RestAuth::verifyAuth(true, true)) { - $this->getResponse() - ->setHttpResponseCode(401) - ->appendBody("Authentication failed"); - return; - } $showId = $this->getShowId(); @@ -89,12 +83,6 @@ class Rest_ShowImageController extends Zend_Rest_Controller { * RESTful DELETE endpoint; used when deleting show images */ public function deleteAction() { - if (!RestAuth::verifyAuth(true, true)) { - $this->getResponse() - ->setHttpResponseCode(401) - ->appendBody("Authentication failed"); - return; - } $showId = $this->getShowId();