Commit | Line | Data |
---|---|---|
19b53e5b C |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.7 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2017 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | namespace Civi\Api4\Event\Subscriber; | |
29 | ||
30 | use Civi\API\Events; | |
31 | use Symfony\Component\EventDispatcher\EventSubscriberInterface; | |
32 | ||
33 | /** | |
34 | * For any API requests that correspond to a Doctrine entity | |
35 | * ($apiRequest['doctrineClass']), check permissions specified in | |
36 | * Civi\API\Annotation\Permission. | |
37 | */ | |
38 | class PermissionCheckSubscriber implements EventSubscriberInterface { | |
39 | ||
40 | /** | |
41 | * @return array | |
42 | */ | |
43 | public static function getSubscribedEvents() { | |
44 | return [ | |
45 | Events::AUTHORIZE => [ | |
46 | ['onApiAuthorize', Events::W_LATE], | |
47 | ], | |
48 | ]; | |
49 | } | |
50 | ||
51 | /** | |
52 | * @param \Civi\API\Event\AuthorizeEvent $event | |
53 | * API authorization event. | |
54 | */ | |
55 | public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) { | |
56 | /* @var \Civi\Api4\Generic\AbstractAction $apiRequest */ | |
57 | $apiRequest = $event->getApiRequest(); | |
58 | if ($apiRequest['version'] == 4) { | |
59 | if (!$apiRequest->getCheckPermissions() || $apiRequest->isAuthorized()) { | |
60 | $event->authorize(); | |
61 | $event->stopPropagation(); | |
62 | } | |
63 | } | |
64 | } | |
65 | ||
66 | } |