['onApiAuthorize', Events::W_EARLY], Events::RESPOND => ['onApiRespond', Events::W_MIDDLE], ]; } /** * Array(WhitelistRule). * * @var array */ protected $rules; /** * Array (scalar $reqId => WhitelistRule $rule). * * @var array */ protected $activeRules; /** * @param array $rules * Array of WhitelistRule. * @see WhitelistRule * @throws \CRM_Core_Exception */ public function __construct($rules) { $this->rules = []; foreach ($rules as $rule) { /** @var \Civi\API\WhitelistRule $rule */ if ($rule->isValid()) { $this->rules[] = $rule; } else { throw new \CRM_Core_Exception("Invalid rule"); } } } /** * Determine which, if any, whitelist rules apply this request. * Reject unauthorized requests. * * @param \Civi\API\Event\AuthorizeEvent $event * @throws \CRM_Core_Exception */ public function onApiAuthorize(AuthorizeEvent $event) { $apiRequest = $event->getApiRequest(); if (empty($apiRequest['params']['check_permissions']) || $apiRequest['params']['check_permissions'] !== 'whitelist') { return; } foreach ($this->rules as $rule) { if (TRUE === $rule->matches($apiRequest)) { $this->activeRules[$apiRequest['id']] = $rule; return; } } throw new \CRM_Core_Exception('The request does not match any active API authorizations.'); } /** * Apply any filtering rules based on the chosen whitelist rule. * @param \Civi\API\Event\RespondEvent $event */ public function onApiRespond(RespondEvent $event) { $apiRequest = $event->getApiRequest(); $id = $apiRequest['id']; if (isset($this->activeRules[$id])) { $event->setResponse($this->activeRules[$id]->filter($apiRequest, $event->getResponse())); unset($this->activeRules[$id]); } } }