diff --git a/controllers/API.php b/controllers/API.php index 772385e..3841b30 100644 --- a/controllers/API.php +++ b/controllers/API.php @@ -41,7 +41,7 @@ class API { # Require the token or csrf parameter if($csrf=$request->get('_csrf')) { session_start(); - if($csrf != $_SESSION['_csrf']) { + if(!isset($_SESSION['_csrf']) || $csrf != $_SESSION['_csrf']) { return $this->respond($response, 401, [ 'error' => 'invalid_csrf_token', 'error_description' => 'An error occurred. Make sure you have only one tab open.', @@ -52,7 +52,7 @@ class API { 'error' => 'authentication_required', 'error_description' => 'A token is required to use the API' ]); - + } else { # Verify the token is valid $role = ORM::for_table('roles')->where('token', $token)->find_one(); @@ -219,7 +219,14 @@ class API { ]; $headers = []; } - return $this->respond($response, 201, $body, $headers); + + if($request->get('_redirect') == 'true') { + $response->setStatusCode(302); + $response->headers->set('Location', $body['location'].'/details'); + return $response; + } else { + return $this->respond($response, 201, $body, $headers); + } } public function superfeedr_tracker(Request $request, Response $response, $args) { diff --git a/controllers/Controller.php b/controllers/Controller.php index bc132f4..7012d5d 100644 --- a/controllers/Controller.php +++ b/controllers/Controller.php @@ -242,6 +242,14 @@ class Controller { $site = ORM::for_table('sites')->where_id_is($webmention->site_id)->find_one(); + // Find the user's role for this site + if($site && $this->_user()) { + $role = ORM::for_table('roles') + ->where('site_id', $site['id']) + ->where('user_id', $this->_user()['id']) + ->find_one(); + } + $statuses = ORM::for_table('webmention_status')->where('webmention_id', $webmention->id)->order_by_desc('created_at')->find_many(); if(count($statuses) == 0) { @@ -256,6 +264,7 @@ class Controller { 'user' => $this->_user(), 'accounts' => $this->_accounts(), 'site' => $site, + 'role' => isset($role) ? $role : false, 'webmention' => $webmention, 'statuses' => $statuses, 'icon' => $icon, diff --git a/views/webmention-details.php b/views/webmention-details.php index f3af2db..3755358 100644 --- a/views/webmention-details.php +++ b/views/webmention-details.php @@ -48,6 +48,22 @@