Commit | Line | Data |
---|---|---|
48716433 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
48716433 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
48716433 TO |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * Class CRM_Cxn_ApiRouter | |
14 | * | |
15 | * The ApiRouter receives an incoming API request from CiviConnect, | |
16 | * validates it, configures permissions, and sends it to the API layer. | |
17 | */ | |
18 | class CRM_Cxn_ApiRouter { | |
19 | ||
20 | /** | |
21 | * @param array $cxn | |
22 | * @param string $entity | |
23 | * @param string $action | |
24 | * @param array $params | |
25 | * @return mixed | |
26 | */ | |
27 | public static function route($cxn, $entity, $action, $params) { | |
be2fb01f | 28 | $SUPER_PERM = ['administer CiviCRM']; |
48716433 TO |
29 | |
30 | require_once 'api/v3/utils.php'; | |
31 | ||
32 | // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()? | |
aaffa79f | 33 | if (Civi::settings()->get('enableSSL') && |
48716433 TO |
34 | !CRM_Utils_System::isSSL() && |
35 | strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https' | |
36 | ) { | |
37 | return civicrm_api3_create_error('System policy requires HTTPS.'); | |
38 | } | |
39 | ||
40 | // Note: $cxn and cxnId are authenticated before router is called. | |
41 | $dao = new CRM_Cxn_DAO_Cxn(); | |
42 | $dao->cxn_id = $cxn['cxnId']; | |
43 | if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) { | |
44 | return civicrm_api3_create_error('Failed to lookup connection authorizations.'); | |
45 | } | |
46 | if (!$dao->is_active) { | |
47 | return civicrm_api3_create_error('Connection is inactive.'); | |
48 | } | |
49 | if (!is_string($entity) || !is_string($action) || !is_array($params)) { | |
50 | return civicrm_api3_create_error('API parameters are malformed.'); | |
51 | } | |
52 | if ( | |
53 | empty($cxn['perm']['api']) | |
54 | || !is_array($cxn['perm']['api']) | |
55 | || empty($cxn['perm']['grant']) | |
56 | || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant'])) | |
57 | ) { | |
58 | return civicrm_api3_create_error('Connection has no permissions.'); | |
59 | } | |
60 | ||
61 | $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']); | |
4162ab6f | 62 | \Civi::dispatcher() |
48716433 TO |
63 | ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist)); |
64 | CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp(); | |
65 | if ($cxn['perm']['grant'] === '*') { | |
66 | CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM); | |
67 | } | |
68 | else { | |
69 | CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']); | |
70 | } | |
71 | ||
72 | $params['check_permissions'] = 'whitelist'; | |
73 | return civicrm_api($entity, $action, $params); | |
74 | } | |
75 | ||
76 | } |