From: jerome mouneyrac <jerome@moodle.com>
Date: Thu, 14 Jan 2010 08:17:00 +0000 (+0000)
Subject: webservice MDL-20805 fix token authentication
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=b8c5309e7d381e16459ddebe0988b63e56ef9f3c;p=moodle.git

webservice MDL-20805 fix token authentication
---

diff --git a/webservice/lib.php b/webservice/lib.php
index 12c35aeeec..418f646b22 100644
--- a/webservice/lib.php
+++ b/webservice/lib.php
@@ -676,28 +676,27 @@ abstract class webservice_base_server extends webservice_server {
         }
 
         // now let's verify access control
-        if ($this->simple) {
-            // now make sure the function is listed in at least one service user is allowed to use
-            // allow access only if:
-            //  1/ entry in the external_services_users table if required
-            //  2/ validuntil not reached
-            //  3/ has capability if specified in service desc
-            //  4/ iprestriction
-
-            $sql = "SELECT s.*, NULL AS iprestriction
-                      FROM {external_services} s
-                      JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 0 AND sf.functionname = :name1)
-                     WHERE s.enabled = 1 $wscond1
-
-                     UNION
-
-                    SELECT s.*, su.iprestriction
-                      FROM {external_services} s
-                      JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1 AND sf.functionname = :name2)
-                      JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid)
-                     WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2";
-            $params = array_merge($params, array('userid'=>$USER->id, 'name1'=>$function->name, 'name2'=>$function->name, 'now'=>time()));
-        }
+
+        // now make sure the function is listed in at least one service user is allowed to use
+        // allow access only if:
+        //  1/ entry in the external_services_users table if required
+        //  2/ validuntil not reached
+        //  3/ has capability if specified in service desc
+        //  4/ iprestriction
+
+        $sql = "SELECT s.*, NULL AS iprestriction
+                  FROM {external_services} s
+                  JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 0 AND sf.functionname = :name1)
+                 WHERE s.enabled = 1 $wscond1
+
+                 UNION
+
+                SELECT s.*, su.iprestriction
+                  FROM {external_services} s
+                  JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1 AND sf.functionname = :name2)
+                  JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid)
+                 WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2";
+        $params = array_merge($params, array('userid'=>$USER->id, 'name1'=>$function->name, 'name2'=>$function->name, 'now'=>time()));
 
         $rs = $DB->get_recordset_sql($sql, $params);
         // now make sure user may access at least one service