3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
28 namespace Civi\Api4\Event\Subscriber
;
31 use Symfony\Component\EventDispatcher\EventSubscriberInterface
;
34 * For any API requests that correspond to a Doctrine entity
35 * ($apiRequest['doctrineClass']), check permissions specified in
36 * Civi\API\Annotation\Permission.
38 class PermissionCheckSubscriber
implements EventSubscriberInterface
{
43 public static function getSubscribedEvents() {
45 Events
::AUTHORIZE
=> [
46 ['onApiAuthorize', Events
::W_LATE
],
52 * @param \Civi\API\Event\AuthorizeEvent $event
53 * API authorization event.
55 public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent
$event) {
56 /* @var \Civi\Api4\Generic\AbstractAction $apiRequest */
57 $apiRequest = $event->getApiRequest();
58 if ($apiRequest['version'] == 4) {
59 if (!$apiRequest->getCheckPermissions() ||
$apiRequest->isAuthorized()) {
61 $event->stopPropagation();