/**
* Access verification method.
*
* API access will be denied when this method returns false
*
* @return boolean true when api access is allowed false otherwise
*
* @throws RestException 403 security violation
*/
public function __isAllowed()
{
if (session_id() == '') {
session_start();
}
/** @var Restler $restler */
$restler = $this->restler;
$url = $restler->url;
foreach (static::$excludedPaths as $exclude) {
if (empty($exclude)) {
if ($url == $exclude) {
return true;
}
} elseif (Text::beginsWith($url, $exclude)) {
return true;
}
}
$check = static::$filterFormRequestsOnly ? $restler->requestFormat instanceof UrlEncodedFormat || $restler->requestFormat instanceof UploadFormat : true;
if (!empty($_POST) && $check) {
if (isset($_POST[static::FORM_KEY]) && ($target = Util::getRequestMethod() . ' ' . $restler->url) && isset($_SESSION[static::FORM_KEY][$target]) && $_POST[static::FORM_KEY] == $_SESSION[static::FORM_KEY][$target]) {
return true;
}
throw new RestException(403, 'Insecure form submission');
}
return true;
}
public static function findAll(array $excludedPaths = array(), array $excludedHttpMethods = array(), $version = 1)
{
$map = array();
$all = Util::nestedValue(self::$routes, "v{$version}");
$filter = array();
if (isset($all['*'])) {
$all = $all['*'] + $all;
unset($all['*']);
}
if (is_array($all)) {
foreach ($all as $fullPath => $routes) {
foreach ($routes as $httpMethod => $route) {
if (in_array($httpMethod, $excludedHttpMethods)) {
continue;
}
foreach ($excludedPaths as $exclude) {
if (empty($exclude)) {
if ($fullPath == $exclude || $fullPath == 'index') {
continue 2;
}
} elseif (Text::beginsWith($fullPath, $exclude)) {
continue 2;
}
}
$hash = "{$httpMethod} " . $route['url'];
if (!isset($filter[$hash])) {
$route['httpMethod'] = $httpMethod;
$map[$route['metadata']['resourcePath']][] = array('access' => static::verifyAccess($route), 'route' => $route, 'hash' => $hash);
$filter[$hash] = true;
}
}
}
}
return $map;
}
protected function _mapResources(array $allRoutes, array &$map, $version = 1)
{
foreach ($allRoutes as $fullPath => $routes) {
$path = explode('/', $fullPath);
$resource = isset($path[0]) ? $path[0] : '';
if ($resource == 'resources' || Text::endsWith($resource, 'index')) {
continue;
}
foreach ($routes as $httpMethod => $route) {
if (in_array($httpMethod, static::$excludedHttpMethods)) {
continue;
}
if (!static::verifyAccess($route)) {
continue;
}
foreach (static::$excludedPaths as $exclude) {
if (empty($exclude)) {
if ($fullPath == $exclude) {
continue 2;
}
} elseif (Text::beginsWith($fullPath, $exclude)) {
continue 2;
}
}
$res = $resource ? $version == 1 ? "/resources/{$resource}" : "/v{$version}/resources/{$resource}-v{$version}" : ($version == 1 ? "/resources/root" : "/v{$version}/resources/root-v{$version}");
if (empty($map[$res])) {
$map[$res] = isset($route['metadata']['classDescription']) ? $route['metadata']['classDescription'] : '';
}
}
}
}
