Added permission check in PreorderApi for preorderaddressreporting

application/Api/v1/AddressdbApicontroller.php

@@ -71,7 +71,7 @@ class AddressdbApicontroller extends mfBaseApicontroller {
           
         }
       }
-
+      
     } else {
     
       $campaignApiusers = PreordercampaignApiuserModel::search(["worker_id" => $this->me->id]);

application/Api/v1/PreorderApicontroller.php

@@ -28,6 +28,11 @@ class PreorderApicontroller extends mfBaseApicontroller {
   }
   
   protected function authenticated() {
+    
+    if($this->me->is("preorderaddressreporting")) {
+      return mfResponse::Forbidden();
+    }
+    
     $campaignApiusers = PreordercampaignApiuserModel::search(["worker_id" => $this->me->id]);
     
     foreach($campaignApiusers as $campaignApiuser) {

lib/mvcfronk/mfBase/mfBaseApicontroller.php

@@ -78,7 +78,10 @@ class mfBaseApicontroller {
     if($this->requireAuth) {
       $this->authenticateUser();
       if(method_exists($this,"authenticated")) {
-        $this->authenticated(); // event defined in extending class
+        $afterAuthResult = $this->authenticated(); // event defined in extending class
+        if(mfResponse::isResponse($afterAuthResult)) {
+          $this->return($afterAuthResult);
+        }
       }
     }
     

lib/mvcfronk/mfResponse/mfResponse.php

@@ -2,6 +2,15 @@
 
 class mfResponse {
   
+  public static function isResponse($test) {
+    if(is_array($test) && array_key_exists('code', $test) && array_key_exists('status', $test)) {
+      if($test['code'] >= 100 && $test['code'] < 600) {
+        return true;
+      }
+    }
+    return false;
+  }
+  
   public static function Ok($data = []) {
     $response = [];
     $response['code'] = 200;