Ejemplo n.º 1
0
 /**
  * @param array $cxn
  * @param string $entity
  * @param string $action
  * @param array $params
  * @return mixed
  */
 public static function route($cxn, $entity, $action, $params)
 {
     $SUPER_PERM = array('administer CiviCRM');
     require_once 'api/v3/utils.php';
     // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
     if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') && !CRM_Utils_System::isSSL() && strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https') {
         return civicrm_api3_create_error('System policy requires HTTPS.');
     }
     // Note: $cxn and cxnId are authenticated before router is called.
     $dao = new CRM_Cxn_DAO_Cxn();
     $dao->cxn_id = $cxn['cxnId'];
     if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
         return civicrm_api3_create_error('Failed to lookup connection authorizations.');
     }
     if (!$dao->is_active) {
         return civicrm_api3_create_error('Connection is inactive.');
     }
     if (!is_string($entity) || !is_string($action) || !is_array($params)) {
         return civicrm_api3_create_error('API parameters are malformed.');
     }
     if (empty($cxn['perm']['api']) || !is_array($cxn['perm']['api']) || empty($cxn['perm']['grant']) || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))) {
         return civicrm_api3_create_error('Connection has no permissions.');
     }
     $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
     \Civi::service('dispatcher')->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
     CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
     if ($cxn['perm']['grant'] === '*') {
         CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
     } else {
         CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
     }
     $params['check_permissions'] = 'whitelist';
     return civicrm_api($entity, $action, $params);
 }
Ejemplo n.º 2
0
 static function redirectToSSL($abort = false)
 {
     $config = CRM_Core_Config::singleton();
     $req_headers = CRM_Utils_System::getRequestHeaders();
     if ($config->enableSSL && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') && strtolower($req_headers['X_FORWARDED_PROTO']) != 'https') {
         // ensure that SSL is enabled on a civicrm url (for cookie reasons etc)
         $url = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
         if (!self::checkURL($url, true)) {
             if ($abort) {
                 CRM_Core_Error::fatal('HTTPS is not set up on this machine');
             } else {
                 CRM_Core_Session::setStatus('HTTPS is not set up on this machine');
                 // admin should be the only one following this
                 // since we dont want the user stuck in a bad place
                 return;
             }
         }
         CRM_Utils_System::redirect($url);
     }
 }