[civicrm-core.git] / CRM / Cxn / ApiRouter.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.6                                                |
 +--------------------------------------------------------------------+
 | Copyright (C) 2011 Marty Wright                                    |
 | Licensed to CiviCRM under the Academic Free License version 3.0.   |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 * Class CRM_Cxn_ApiRouter
 *
 * The ApiRouter receives an incoming API request from CiviConnect,
 * validates it, configures permissions, and sends it to the API layer.
 */
class CRM_Cxn_ApiRouter {

  /**
   * @param array $cxn
   * @param string $entity
   * @param string $action
   * @param array $params
   * @return mixed
   */
  public static function route($cxn, $entity, $action, $params) {
    $SUPER_PERM = array('administer CiviCRM');

    require_once 'api/v3/utils.php';

    // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
    if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
      !CRM_Utils_System::isSSL() &&
      strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
    ) {
      return civicrm_api3_create_error('System policy requires HTTPS.');
    }

    // Note: $cxn and cxnId are authenticated before router is called.
    $dao = new CRM_Cxn_DAO_Cxn();
    $dao->cxn_id = $cxn['cxnId'];
    if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
      return civicrm_api3_create_error('Failed to lookup connection authorizations.');
    }
    if (!$dao->is_active) {
      return civicrm_api3_create_error('Connection is inactive.');
    }
    if (!is_string($entity) || !is_string($action) || !is_array($params)) {
      return civicrm_api3_create_error('API parameters are malformed.');
    }
    if (
      empty($cxn['perm']['api'])
      || !is_array($cxn['perm']['api'])
      || empty($cxn['perm']['grant'])
      || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
    ) {
      return civicrm_api3_create_error('Connection has no permissions.');
    }

    $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
    Civi\Core\Container::singleton()
      ->get('dispatcher')
      ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
    CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
    if ($cxn['perm']['grant'] === '*') {
      CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
    }
    else {
      CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
    }

    $params['check_permissions'] = 'whitelist';
    return civicrm_api($entity, $action, $params);
  }

}
Commit	Line	Data
48716433 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
	4	\| CiviCRM version 4.6 \|
	5	+--------------------------------------------------------------------+
	6	\| Copyright (C) 2011 Marty Wright \|
	7	\| Licensed to CiviCRM under the Academic Free License version 3.0. \|
	8	+--------------------------------------------------------------------+
	9	\| This file is a part of CiviCRM. \|
	10	\| \|
	11	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	12	\| under the terms of the GNU Affero General Public License \|
	13	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	14	\| \|
	15	\| CiviCRM is distributed in the hope that it will be useful, but \|
	16	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	17	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	18	\| See the GNU Affero General Public License for more details. \|
	19	\| \|
	20	\| You should have received a copy of the GNU Affero General Public \|
	21	\| License and the CiviCRM Licensing Exception along \|
	22	\| with this program; if not, contact CiviCRM LLC \|
	23	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	24	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	25	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	26	+--------------------------------------------------------------------+
	27	*/
	28
	29	/**
	30	* Class CRM_Cxn_ApiRouter
	31	*
	32	* The ApiRouter receives an incoming API request from CiviConnect,
	33	* validates it, configures permissions, and sends it to the API layer.
	34	*/
	35	class CRM_Cxn_ApiRouter {
	36
	37	/**
	38	* @param array $cxn
	39	* @param string $entity
	40	* @param string $action
	41	* @param array $params
	42	* @return mixed
	43	*/
	44	public static function route($cxn, $entity, $action, $params) {
	45	$SUPER_PERM = array('administer CiviCRM');
	46
	47	require_once 'api/v3/utils.php';
	48
	49	// FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
	50	if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
	51	!CRM_Utils_System::isSSL() &&
	52	strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
	53	) {
	54	return civicrm_api3_create_error('System policy requires HTTPS.');
	55	}
	56
	57	// Note: $cxn and cxnId are authenticated before router is called.
	58	$dao = new CRM_Cxn_DAO_Cxn();
	59	$dao->cxn_id = $cxn['cxnId'];
	60	if (empty($cxn['cxnId']) \|\| !$dao->find(TRUE) \|\| !$dao->cxn_id) {
	61	return civicrm_api3_create_error('Failed to lookup connection authorizations.');
	62	}
	63	if (!$dao->is_active) {
	64	return civicrm_api3_create_error('Connection is inactive.');
65	}
66	if (!is_string($entity) \|\| !is_string($action) \|\| !is_array($params)) {
67	return civicrm_api3_create_error('API parameters are malformed.');
68	}
69	if (
70	empty($cxn['perm']['api'])
71	\|\| !is_array($cxn['perm']['api'])
72	\|\| empty($cxn['perm']['grant'])
73	\|\| !(is_array($cxn['perm']['grant']) \|\| is_string($cxn['perm']['grant']))
74	) {
75	return civicrm_api3_create_error('Connection has no permissions.');
76	}
77
78	$whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
79	Civi\Core\Container::singleton()
80	->get('dispatcher')
81	->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
82	CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
83	if ($cxn['perm']['grant'] === '*') {
84	CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
85	}
86	else {
87	CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
88	}
89
90	$params['check_permissions'] = 'whitelist';
91	return civicrm_api($entity, $action, $params);
92	}
93
94	}