FIX: GraphQL API Auth

This commit is contained in:
Tony Air 2021-03-29 15:23:15 +07:00
parent b2691a7112
commit f56ff9069e

View File

@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function authenticate(HTTPRequest $request)
{
$member = Security::getCurrentUser();
if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || (
Director::isLive()
if (Director::isLive()
&& $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY']
)) {
) {
if ($member && Permission::checkMember($member, 'CMS_ACCESS')) {
return $member;
}
throw new ValidationException('Restricted resource', 401);
}
@ -29,7 +33,7 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function isApplicable(HTTPRequest $request)
{
if($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin'){
if ($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin') {
return false;
}