| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.7 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * Class CRM_Cxn_ApiRouter |
| 30 | * |
| 31 | * The ApiRouter receives an incoming API request from CiviConnect, |
| 32 | * validates it, configures permissions, and sends it to the API layer. |
| 33 | */ |
| 34 | class CRM_Cxn_ApiRouter { |
| 35 | |
| 36 | /** |
| 37 | * @param array $cxn |
| 38 | * @param string $entity |
| 39 | * @param string $action |
| 40 | * @param array $params |
| 41 | * @return mixed |
| 42 | */ |
| 43 | public static function route($cxn, $entity, $action, $params) { |
| 44 | $SUPER_PERM = array('administer CiviCRM'); |
| 45 | |
| 46 | require_once 'api/v3/utils.php'; |
| 47 | |
| 48 | // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()? |
| 49 | if (Civi::settings()->get('enableSSL') && |
| 50 | !CRM_Utils_System::isSSL() && |
| 51 | strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https' |
| 52 | ) { |
| 53 | return civicrm_api3_create_error('System policy requires HTTPS.'); |
| 54 | } |
| 55 | |
| 56 | // Note: $cxn and cxnId are authenticated before router is called. |
| 57 | $dao = new CRM_Cxn_DAO_Cxn(); |
| 58 | $dao->cxn_id = $cxn['cxnId']; |
| 59 | if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) { |
| 60 | return civicrm_api3_create_error('Failed to lookup connection authorizations.'); |
| 61 | } |
| 62 | if (!$dao->is_active) { |
| 63 | return civicrm_api3_create_error('Connection is inactive.'); |
| 64 | } |
| 65 | if (!is_string($entity) || !is_string($action) || !is_array($params)) { |
| 66 | return civicrm_api3_create_error('API parameters are malformed.'); |
| 67 | } |
| 68 | if ( |
| 69 | empty($cxn['perm']['api']) |
| 70 | || !is_array($cxn['perm']['api']) |
| 71 | || empty($cxn['perm']['grant']) |
| 72 | || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant'])) |
| 73 | ) { |
| 74 | return civicrm_api3_create_error('Connection has no permissions.'); |
| 75 | } |
| 76 | |
| 77 | $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']); |
| 78 | \Civi::service('dispatcher') |
| 79 | ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist)); |
| 80 | CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp(); |
| 81 | if ($cxn['perm']['grant'] === '*') { |
| 82 | CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM); |
| 83 | } |
| 84 | else { |
| 85 | CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']); |
| 86 | } |
| 87 | |
| 88 | $params['check_permissions'] = 'whitelist'; |
| 89 | return civicrm_api($entity, $action, $params); |
| 90 | } |
| 91 | |
| 92 | } |