/**
* Throws exception if no permissions added
* @param Am_Request $request
* @param array $record
*/
public function checkPermissions(Am_Request $request, $alias, $method)
{
if ($this->getDi()->config->get('api_debug_mode')) {
$this->getDi()->errorLogTable->log('REST API :' . var_export($request->getParams(), true));
}
$event = $this->getDi()->hook->call(Am_Event::API_CHECK_PERMISSIONS, array('request' => $request, 'alias' => $alias, 'method' => $method));
foreach ($event->getReturn() as $return) {
if ($return === true) {
return;
}
// skip checks if allowed by hook
}
$s = $request->getFiltered('_key');
if (empty($s) || strlen($s) < 10) {
throw new Am_Exception_InputError("API Error 10001 - no [key] specified or key is too short");
}
$apikey = $this->getDi()->apiKeyTable->findFirstByKey($s);
if (!$apikey || $apikey->is_disabled) {
throw new Am_Exception_InputError("API Error 10002 - [key] is not found or disabled");
}
$perms = $apikey->getPerms();
if (empty($perms[$alias][$method]) || !$perms[$alias][$method]) {
throw new Am_Exception_InputError("API Error 10003 - no permissions for {$alias}-{$method} API call");
}
}
public function directAction(Am_Request $request, Zend_Controller_Response_Http $response, array $invokeArgs)
{
if ($request->getActionName() == 'thanks') {
if ($this->getConfig('debugLog')) {
Am_Di::getInstance()->errorLogTable->log('NetBilling Form [response-thanks]:' . json_encode($request->getParams()));
}
$this->invoice = $this->getDi()->invoiceTable->findFirstByPublicId($request->getFiltered('Ecom_ConsumerOrderID'));
$url = $request->get('Ecom_Ezic_Response_StatusCode') == 0 || $request->get('Ecom_Ezic_Response_StatusCode') == 'F' ? $this->getCancelUrl() : $this->getReturnUrl();
$response->setRedirect($url);
} else {
parent::directAction($request, $response, $invokeArgs);
}
}
