From 4d7e7e67bcd8a2ef82dfae1d8f0eb22f2a8e194b Mon Sep 17 00:00:00 2001
From: Jason MacWilliams <jason@discoverygarden.ca>
Date: Thu, 22 Nov 2012 14:59:32 -0400
Subject: [PATCH] added tuque object to test if request is authorized before
 creating token

---
 includes/islandora_authtokens.inc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/includes/islandora_authtokens.inc b/includes/islandora_authtokens.inc
index b938b9d8..c7393674 100644
--- a/includes/islandora_authtokens.inc
+++ b/includes/islandora_authtokens.inc
@@ -11,6 +11,19 @@ function islandora_get_object_token($pid, $dsid) {
   $time = time();
   $token = hash("sha256", $user->uid . $pid . $dsid . $time);
 
+  //** check if this request is allowed **//
+  module_load_include("inc", "islandora", "includes/tuque");
+  // test if this is a valid request
+  $validator = new IslandoraTuque($user);
+  try {
+    $result = $validator->connection->getRequest("objects/$pid/datastreams/$dsid/content", true);
+  }
+  catch (RepositoryException $rx) {
+    //print_r("authentication failed");
+    return FALSE;
+  }
+  //** **//
+
   $id = db_insert("islandora_authtokens")
     ->fields(array(
       'token' => $token,
@@ -46,6 +59,7 @@ function islandora_validate_object_token($pid, $dsid, $token) {
     ->condition('pid', $pid, '=')
     ->condition('dsid', $dsid, '=')
     ->execute();
+  //** **//
 
 //  print_r($result);
   return $result > 0;