/**
* @param RequestInterpreterInterface $interpreter
* @param AuthorizerInterface $authorizer
* @param RequestInterface $request
* @return ErrorCollection|bool
* errors if the request is not authorized, true if authorized.
*/
protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request)
{
$parameters = $request->getParameters();
$document = $request->getDocument();
$record = $request->getRecord();
$authorized = true;
/** Index */
if ($interpreter->isIndex()) {
$authorized = $authorizer->canReadMany($parameters);
} elseif ($interpreter->isCreateResource()) {
$authorized = $authorizer->canCreate($document->getResource(), $parameters);
} elseif ($interpreter->isReadResource()) {
$authorized = $authorizer->canRead($record, $parameters);
} elseif ($interpreter->isUpdateResource()) {
$authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters);
} elseif ($interpreter->isDeleteResource()) {
$authorized = $authorizer->canDelete($record, $parameters);
} elseif ($interpreter->isReadRelatedResource()) {
$authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters);
} elseif ($interpreter->isReadRelationship()) {
$authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters);
} elseif ($interpreter->isModifyRelationship()) {
$authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters);
}
return $authorized ?: $authorizer->getErrors();
}
/**
* @param ValidatorProviderInterface $validators
* @param RequestInterpreterInterface $interpreter
* @param RequestInterface $request
* @throws JsonApiException
*/
protected function checkDocumentIsAcceptable(ValidatorProviderInterface $validators, RequestInterpreterInterface $interpreter, RequestInterface $request)
{
$document = $request->getDocument();
if (!$document) {
return;
}
$validator = $this->documentAcceptanceValidator($validators, $interpreter, $request);
if ($validator && !$validator->isValid($document, $request->getRecord())) {
throw new ValidationException($validator->getErrors());
}
}
/**
* @param JsonApiRequest $request
* @return Response
*/
public function update(JsonApiRequest $request)
{
$resource = $request->getDocument()->getResource();
$model = $this->hydrate($resource, $this->getRecord($request));
$result = $model instanceof Response ? $model : $this->doCommit($model, $resource);
if ($result instanceof Response) {
return $result;
} elseif (!$result) {
return $this->internalServerError();
}
return $this->reply()->content($model);
}
