CRM/Cxn/ApiRouter.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  * Class CRM_Cxn_ApiRouter
  14  *
  15  * The ApiRouter receives an incoming API request from CiviConnect,
  16  * validates it, configures permissions, and sends it to the API layer.
  17  */
  18 class CRM_Cxn_ApiRouter {
  19
  20   /**
  21    * @param array $cxn
  22    * @param string $entity
  23    * @param string $action
  24    * @param array $params
  25    * @return mixed
  26    */
  27   public static function route($cxn, $entity, $action, $params) {
  28     $SUPER_PERM = ['administer CiviCRM'];
  29
  30     require_once 'api/v3/utils.php';
  31
  32     // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
  33     if (Civi::settings()->get('enableSSL') &&
  34       !CRM_Utils_System::isSSL() &&
  35       strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
  36     ) {
  37       return civicrm_api3_create_error('System policy requires HTTPS.');
  38     }
  39
  40     // Note: $cxn and cxnId are authenticated before router is called.
  41     $dao = new CRM_Cxn_DAO_Cxn();
  42     $dao->cxn_id = $cxn['cxnId'];
  43     if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
  44       return civicrm_api3_create_error('Failed to lookup connection authorizations.');
  45     }
  46     if (!$dao->is_active) {
  47       return civicrm_api3_create_error('Connection is inactive.');
  48     }
  49     if (!is_string($entity) || !is_string($action) || !is_array($params)) {
  50       return civicrm_api3_create_error('API parameters are malformed.');
  51     }
  52     if (
  53       empty($cxn['perm']['api'])
  54       || !is_array($cxn['perm']['api'])
  55       || empty($cxn['perm']['grant'])
  56       || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
  57     ) {
  58       return civicrm_api3_create_error('Connection has no permissions.');
  59     }
  60
  61     $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
  62     \Civi::service('dispatcher')
  63       ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
  64     CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
  65     if ($cxn['perm']['grant'] === '*') {
  66       CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
  67     }
  68     else {
  69       CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
  70     }
  71
  72     $params['check_permissions'] = 'whitelist';
  73     return civicrm_api($entity, $action, $params);
  74   }
  75
  76 }