[civicrm-core.git] / Civi / Api4 / Event / Subscriber / PermissionCheckSubscriber.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

namespace Civi\Api4\Event\Subscriber;

use Civi\API\Events;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

/**
 * For any API requests that correspond to a Doctrine entity
 * ($apiRequest['doctrineClass']), check permissions specified in
 * Civi\API\Annotation\Permission.
 */
class PermissionCheckSubscriber implements EventSubscriberInterface {

  /**
   * @return array
   */
  public static function getSubscribedEvents() {
    return [
      'civi.api.authorize' => [
        ['onApiAuthorize', Events::W_LATE],
      ],
    ];
  }

  /**
   * @param \Civi\API\Event\AuthorizeEvent $event
   *   API authorization event.
   */
  public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) {
    /* @var \Civi\Api4\Generic\AbstractAction $apiRequest */
    $apiRequest = $event->getApiRequest();
    if ($apiRequest['version'] == 4) {
      if (!$apiRequest->getCheckPermissions() || $apiRequest->isAuthorized()) {
        $event->authorize();
        $event->stopPropagation();
      }
    }
  }

}
Commit	Line	Data
19b53e5b C	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
41498ac5	4	\| Copyright CiviCRM LLC. All rights reserved. \|
19b53e5b	5	\| \|
41498ac5 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
19b53e5b C	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	namespace Civi\Api4\Event\Subscriber;
	13
	14	use Civi\API\Events;
	15	use Symfony\Component\EventDispatcher\EventSubscriberInterface;
	16
	17	/**
	18	* For any API requests that correspond to a Doctrine entity
	19	* ($apiRequest['doctrineClass']), check permissions specified in
	20	* Civi\API\Annotation\Permission.
	21	*/
	22	class PermissionCheckSubscriber implements EventSubscriberInterface {
	23
	24	/**
	25	* @return array
	26	*/
	27	public static function getSubscribedEvents() {
	28	return [
39b870b8	29	'civi.api.authorize' => [
19b53e5b C	30	['onApiAuthorize', Events::W_LATE],
	31	],
	32	];
	33	}
	34
	35	/**
	36	* @param \Civi\API\Event\AuthorizeEvent $event
	37	* API authorization event.
	38	*/
	39	public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) {
	40	/* @var \Civi\Api4\Generic\AbstractAction $apiRequest */
	41	$apiRequest = $event->getApiRequest();
	42	if ($apiRequest['version'] == 4) {
	43	if (!$apiRequest->getCheckPermissions() \|\| $apiRequest->isAuthorized()) {
	44	$event->authorize();
	45	$event->stopPropagation();
	46	}
	47	}
	48	}
	49
	50	}