Commit | Line | Data |
---|---|---|
19b53e5b C |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
41498ac5 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
19b53e5b | 5 | | | |
41498ac5 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
19b53e5b C |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | namespace Civi\Api4\Event\Subscriber; | |
13 | ||
14 | use Civi\API\Events; | |
15 | use Symfony\Component\EventDispatcher\EventSubscriberInterface; | |
16 | ||
17 | /** | |
18 | * For any API requests that correspond to a Doctrine entity | |
19 | * ($apiRequest['doctrineClass']), check permissions specified in | |
20 | * Civi\API\Annotation\Permission. | |
21 | */ | |
22 | class PermissionCheckSubscriber implements EventSubscriberInterface { | |
23 | ||
24 | /** | |
25 | * @return array | |
26 | */ | |
27 | public static function getSubscribedEvents() { | |
28 | return [ | |
39b870b8 | 29 | 'civi.api.authorize' => [ |
19b53e5b C |
30 | ['onApiAuthorize', Events::W_LATE], |
31 | ], | |
32 | ]; | |
33 | } | |
34 | ||
35 | /** | |
36 | * @param \Civi\API\Event\AuthorizeEvent $event | |
37 | * API authorization event. | |
38 | */ | |
39 | public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) { | |
40 | /* @var \Civi\Api4\Generic\AbstractAction $apiRequest */ | |
41 | $apiRequest = $event->getApiRequest(); | |
42 | if ($apiRequest['version'] == 4) { | |
43 | if (!$apiRequest->getCheckPermissions() || $apiRequest->isAuthorized()) { | |
44 | $event->authorize(); | |
45 | $event->stopPropagation(); | |
46 | } | |
47 | } | |
48 | } | |
49 | ||
50 | } |