From 4161741b61a9e3f38b53dd5b33ca692bee486446 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Fri, 21 Mar 2014 17:25:58 -0700 Subject: [PATCH] CRM-14370 - API Kernel - Move authorization to listener --- Civi/API/Kernel.php | 1 - Civi/Core/Container.php | 6 ++++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Civi/API/Kernel.php b/Civi/API/Kernel.php index 7a596240ba..f3010f0ab1 100644 --- a/Civi/API/Kernel.php +++ b/Civi/API/Kernel.php @@ -100,7 +100,6 @@ class Kernel { $apiRequest = $this->dispatcher->dispatch(Events::PREPARE, new PrepareEvent(NULL, $apiRequest))->getApiRequest(); - _civicrm_api3_api_check_permission($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']); $fields = _civicrm_api3_api_getfields($apiRequest); // we do this before we _civicrm_api3_swap_out_aliases($apiRequest, $fields); diff --git a/Civi/Core/Container.php b/Civi/Core/Container.php index e6fbc55bfb..2eeec48fdd 100644 --- a/Civi/Core/Container.php +++ b/Civi/Core/Container.php @@ -89,8 +89,10 @@ class Container { $dispatcher->addSubscriber(new \Civi\API\Subscriber\TransactionSubscriber()); $dispatcher->addSubscriber(new \Civi\API\Subscriber\I18nSubscriber()); $dispatcher->addSubscriber(new \Civi\API\Subscriber\XDebugSubscriber()); - $dispatcher->addListener(\Civi\API\Events::AUTHORIZE, function($event) { - // dummy placeholder + $dispatcher->addListener(\Civi\API\Events::AUTHORIZE, function(\Civi\API\Event\AuthorizeEvent $event) { + $apiRequest = $event->getApiRequest(); + // At time of writing, _civicrm_api3_api_check_permission generates an exception on failure + _civicrm_api3_api_check_permission($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']); $event->authorize(); }); $kernel = new \Civi\API\Kernel($dispatcher, array()); -- 2.25.1