Commit | Line | Data |
---|---|---|
5d5d3b35 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.6 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2014 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | require_once '../civicrm.config.php'; | |
29 | $config = CRM_Core_Config::singleton(); | |
30 | ||
31 | CRM_Utils_System::loadBootStrap(array(), FALSE); | |
32 | ||
33 | $apiServer = new \Civi\Cxn\Rpc\ApiServer(new CRM_Cxn_CiviCxnStore()); | |
34 | $apiServer->setLog(new CRM_Utils_SystemLogger()); | |
35 | $apiServer->setRouter(function ($cxn, $entity, $action, $params) { | |
59735506 TO |
36 | $SUPER_PERM = array('administer CiviCRM'); |
37 | ||
5d5d3b35 TO |
38 | require_once 'api/v3/utils.php'; |
39 | ||
3e6b8905 TO |
40 | // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()? |
41 | if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') && | |
42 | !CRM_Utils_System::isSSL() && | |
43 | strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https' | |
44 | ) { | |
45 | return civicrm_api3_create_error('System policy requires HTTPS.'); | |
46 | } | |
47 | ||
59735506 | 48 | // Note: $cxn and cxnId are authenticated before router is called. |
5d5d3b35 TO |
49 | $dao = new CRM_Cxn_DAO_Cxn(); |
50 | $dao->cxn_id = $cxn['cxnId']; | |
51 | if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) { | |
52 | return civicrm_api3_create_error('Failed to lookup connection authorizations.'); | |
53 | } | |
54 | if (!$dao->is_active) { | |
3e6b8905 | 55 | return civicrm_api3_create_error('Connection is inactive.'); |
5d5d3b35 | 56 | } |
59735506 TO |
57 | if (!is_string($entity) || !is_string($action) || !is_array($params)) { |
58 | return civicrm_api3_create_error('API parameters are malformed.'); | |
59 | } | |
60 | if ( | |
61 | empty($cxn['perm']['api']) | |
62 | || !is_array($cxn['perm']['api']) | |
63 | || empty($cxn['perm']['grant']) | |
64 | || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant'])) | |
65 | ) { | |
66 | return civicrm_api3_create_error('Connection has no permissions.'); | |
67 | } | |
5d5d3b35 | 68 | |
59735506 TO |
69 | $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']); |
70 | Civi\Core\Container::singleton() | |
71 | ->get('dispatcher') | |
72 | ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist)); | |
73 | CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp(); | |
74 | if ($cxn['perm']['grant'] === '*') { | |
75 | CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM); | |
76 | } | |
77 | else { | |
78 | CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']); | |
79 | } | |
5d5d3b35 | 80 | |
59735506 | 81 | $params['check_permissions'] = 'whitelist'; |
5d5d3b35 TO |
82 | return civicrm_api($entity, $action, $params); |
83 | ||
84 | }); | |
978d4742 | 85 | $apiServer->handle(file_get_contents('php://input'))->send(); |