3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
12 namespace Civi\Api4\Event\Subscriber
;
15 use Symfony\Component\EventDispatcher\EventSubscriberInterface
;
18 * For any API requests that correspond to a Doctrine entity
19 * ($apiRequest['doctrineClass']), check permissions specified in
20 * Civi\API\Annotation\Permission.
22 class PermissionCheckSubscriber
implements EventSubscriberInterface
{
27 public static function getSubscribedEvents() {
29 'civi.api.authorize' => [
30 ['onApiAuthorize', Events
::W_LATE
],
36 * @param \Civi\API\Event\AuthorizeEvent $event
37 * API authorization event.
39 public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent
$event) {
40 /* @var \Civi\Api4\Generic\AbstractAction $apiRequest */
41 $apiRequest = $event->getApiRequest();
42 if ($apiRequest['version'] == 4) {
43 if (!$apiRequest->getCheckPermissions() ||
$apiRequest->isAuthorized()) {
45 $event->stopPropagation();