/**
  * @param RequestInterface $request
  * @throws JsonApiException
  */
 protected function checkRelationshipName(RequestInterface $request)
 {
     $name = $request->getRelationshipName();
     if (!in_array($name, $this->allowedRelationships(), true)) {
         throw new JsonApiException([], 404);
     }
 }
 /**
  * @param RequestInterpreterInterface $interpreter
  * @param AuthorizerInterface $authorizer
  * @param RequestInterface $request
  * @return ErrorCollection|bool
  *      errors if the request is not authorized, true if authorized.
  */
 protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request)
 {
     $parameters = $request->getParameters();
     $document = $request->getDocument();
     $record = $request->getRecord();
     $authorized = true;
     /** Index */
     if ($interpreter->isIndex()) {
         $authorized = $authorizer->canReadMany($parameters);
     } elseif ($interpreter->isCreateResource()) {
         $authorized = $authorizer->canCreate($document->getResource(), $parameters);
     } elseif ($interpreter->isReadResource()) {
         $authorized = $authorizer->canRead($record, $parameters);
     } elseif ($interpreter->isUpdateResource()) {
         $authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters);
     } elseif ($interpreter->isDeleteResource()) {
         $authorized = $authorizer->canDelete($record, $parameters);
     } elseif ($interpreter->isReadRelatedResource()) {
         $authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters);
     } elseif ($interpreter->isReadRelationship()) {
         $authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters);
     } elseif ($interpreter->isModifyRelationship()) {
         $authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters);
     }
     return $authorized ?: $authorizer->getErrors();
 }
 /**
  * @param ValidatorProviderInterface $validators
  * @param RequestInterpreterInterface $interpreter
  * @param RequestInterface $request
  * @return DocumentValidatorInterface|null
  */
 private function documentAcceptanceValidator(ValidatorProviderInterface $validators, RequestInterpreterInterface $interpreter, RequestInterface $request)
 {
     $resourceType = $request->getResourceType();
     $resourceId = $interpreter->getResourceId();
     $relationshipName = $interpreter->getRelationshipName();
     $record = $request->getRecord();
     /** Create Resource */
     if ($interpreter->isCreateResource()) {
         return $validators->createResource($resourceType);
     } elseif ($interpreter->isUpdateResource()) {
         return $validators->updateResource($resourceType, $resourceId, $record);
     } elseif ($interpreter->isModifyRelationship()) {
         return $validators->modifyRelationship($resourceType, $resourceId, $relationshipName, $record);
     }
     return null;
 }
 /**
  * @inheritdoc
  */
 public function handle(ApiInterface $api, RequestInterface $request)
 {
     $interpreter = $api->getRequestInterpreter();
     $resourceType = $request->getResourceType();
     /** Check the relationship is acceptable */
     if ($request->getRelationshipName()) {
         $this->checkRelationshipName($request);
     }
     /** Check request parameters are acceptable */
     $this->checkQueryParameters($api, $request, $this->filterValidator($resourceType));
     /** Authorize the request */
     if ($this->authorizer) {
         $this->authorize($interpreter, $this->authorizer, $request);
     }
     /** Check the document content is acceptable */
     if ($this->validators) {
         $this->checkDocumentIsAcceptable($this->validators, $interpreter, $request);
     }
 }
 /**
  * @param JsonApiRequest $request
  * @return Model
  */
 protected function getRecord(JsonApiRequest $request)
 {
     $record = $request->getRecord();
     if (!$record instanceof Model) {
         throw new RuntimeException(sprintf('%s expects to be used with a %s record.', static::class, Model::class));
     }
     return $record;
 }
 /**
  * @param ApiInterface $api
  * @param RequestInterface $request
  * @param FilterValidatorInterface|null $filterValidator
  */
 protected function checkQueryParameters(ApiInterface $api, RequestInterface $request, FilterValidatorInterface $filterValidator = null)
 {
     $parameters = $request->getParameters();
     $this->checkEncodingParameters($api->getHttpFactory(), $parameters, $api);
     if ($filterValidator && $api->getRequestInterpreter()->isIndex()) {
         $this->checkFilterParameters($filterValidator, $parameters);
     }
 }