/** * Serves graph endpoint * * @param string $request Graph endpoint to serve, e.g. /me or /35/friends * @return GenericResult * @throws GraphException */ protected function route($request = '/') { $ctrl = $this->getController($request); if ($ctrl instanceof ControllerInterface) { return $ctrl->call($this->request); } $segments = explode('/', trim($request, '/')); $root_node_id = array_shift($segments); $node = $this->graph->get($root_node_id); if (!$node) { throw new GraphException("Node with id {$root_node_id} not found", HttpResponse::HTTP_NOT_FOUND); } $alias = $this->graph->getAlias($node); if (!$alias) { throw new GraphException("Nodes of this type can not be accessed via web services", 403); } if ($node instanceof ElggEntity) { set_input('guid', $node->guid); } else { set_input('id', $node->id); } // Check the hierarchy in ascending order, e.g. // :blog/likes // :object/likes // :entity/likes $aliases = array($alias, ":{$node->getType()}"); if ($node instanceof \ElggEntity) { $aliases[] = ':entity'; } else { if ($node instanceof \ElggExtender) { $aliases[] = ':extender'; } } foreach ($aliases as $alias) { $alt_segments = $segments; array_unshift($alt_segments, $alias); $alt_route = implode('/', $alt_segments); $can_access = elgg_trigger_plugin_hook('permissions_check:graph', $alt_route, ['node' => $node], true); if (!$can_access) { continue; } $ctrl = $this->getController($alt_route); if ($ctrl instanceof ControllerInterface) { break; } } if (!$ctrl instanceof ControllerInterface) { throw new GraphException("You do not have access to the requested endpoint", 403); } return $ctrl->call(); }