Guests don't get access to the REST API.

2026-04-21 04:59:16 -04:00 · 2010-03-03 10:17:48 -08:00
parent c3c2b45280
commit 05d345e16d
1 changed files with 1 additions and 2 deletions
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -39,8 +39,7 @@ class rest_Core {

  static function set_active_user($access_token) {
    if (empty($access_token)) {
-      identity::set_active_user(identity::guest());
-      return;
+      throw new Rest_Exception("Forbidden", 403);
    }

    $key = ORM::factory("user_access_token")