From e4be1e0cd57d64c6d11e185218b26e488ce3bd1a Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Tue, 8 Jun 2021 20:41:46 +0000
Subject: [PATCH] Get rid of "api_user()" function

---
 src/Module/BaseApi.php | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php
index adad7636a7..af5298cce6 100644
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -61,52 +61,44 @@ class BaseApi extends BaseModule
 
 	public static function delete(array $parameters = [])
 	{
-		if (!api_user()) {
-			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
-		}
+		self::checkAllowedScope(self::SCOPE_WRITE);
 
 		$a = DI::app();
 
-		if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
+		if (!empty($a->user['uid']) && $a->user['uid'] != self::getCurrentUserID()) {
 			throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
 		}
 	}
 
 	public static function patch(array $parameters = [])
 	{
-		if (!api_user()) {
-			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
-		}
+		self::checkAllowedScope(self::SCOPE_WRITE);
 
 		$a = DI::app();
 
-		if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
+		if (!empty($a->user['uid']) && $a->user['uid'] != self::getCurrentUserID()) {
 			throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
 		}
 	}
 
 	public static function post(array $parameters = [])
 	{
-		if (!api_user()) {
-			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
-		}
+		self::checkAllowedScope(self::SCOPE_WRITE);
 
 		$a = DI::app();
 
-		if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
+		if (!empty($a->user['uid']) && $a->user['uid'] != self::getCurrentUserID()) {
 			throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
 		}
 	}
 
 	public static function put(array $parameters = [])
 	{
-		if (!api_user()) {
-			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
-		}
+		self::checkAllowedScope(self::SCOPE_WRITE);
 
 		$a = DI::app();
 
-		if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
+		if (!empty($a->user['uid']) && $a->user['uid'] != self::getCurrentUserID()) {
 			throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
 		}
 	}