3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
13 * Class CRM_Cxn_ApiRouter
15 * The ApiRouter receives an incoming API request from CiviConnect,
16 * validates it, configures permissions, and sends it to the API layer.
18 class CRM_Cxn_ApiRouter
{
22 * @param string $entity
23 * @param string $action
24 * @param array $params
27 public static function route($cxn, $entity, $action, $params) {
28 $SUPER_PERM = ['administer CiviCRM'];
30 require_once 'api/v3/utils.php';
32 // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
33 if (Civi
::settings()->get('enableSSL') &&
34 !CRM_Utils_System
::isSSL() &&
35 strtolower(CRM_Utils_Array
::value('X_FORWARDED_PROTO', CRM_Utils_System
::getRequestHeaders())) != 'https'
37 return civicrm_api3_create_error('System policy requires HTTPS.');
40 // Note: $cxn and cxnId are authenticated before router is called.
41 $dao = new CRM_Cxn_DAO_Cxn();
42 $dao->cxn_id
= $cxn['cxnId'];
43 if (empty($cxn['cxnId']) ||
!$dao->find(TRUE) ||
!$dao->cxn_id
) {
44 return civicrm_api3_create_error('Failed to lookup connection authorizations.');
46 if (!$dao->is_active
) {
47 return civicrm_api3_create_error('Connection is inactive.');
49 if (!is_string($entity) ||
!is_string($action) ||
!is_array($params)) {
50 return civicrm_api3_create_error('API parameters are malformed.');
53 empty($cxn['perm']['api'])
54 ||
!is_array($cxn['perm']['api'])
55 ||
empty($cxn['perm']['grant'])
56 ||
!(is_array($cxn['perm']['grant']) ||
is_string($cxn['perm']['grant']))
58 return civicrm_api3_create_error('Connection has no permissions.');
61 $whitelist = \Civi\API\WhitelistRule
::createAll($cxn['perm']['api']);
63 ->addSubscriber(new \Civi\API\Subscriber\
WhitelistSubscriber($whitelist));
64 CRM_Core_Config
::singleton()->userPermissionTemp
= new CRM_Core_Permission_Temp();
65 if ($cxn['perm']['grant'] === '*') {
66 CRM_Core_Config
::singleton()->userPermissionTemp
->grant($SUPER_PERM);
69 CRM_Core_Config
::singleton()->userPermissionTemp
->grant($cxn['perm']['grant']);
72 $params['check_permissions'] = 'whitelist';
73 return civicrm_api($entity, $action, $params);