/**
* Instantiate resource class, set parameters to the instance, run resource internal dispatch method
*
* @param Mage_Api2_Model_Request $request
* @param Mage_Api2_Model_Response $response
* @return Mage_Api2_Model_Dispatcher
* @throws Mage_Api2_Exception
*/
public function dispatch(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response)
{
if (!$request->getModel() || !$request->getApiType()) {
throw new Mage_Api2_Exception('Request does not contains all necessary data', Mage_Api2_Model_Server::HTTP_BAD_REQUEST);
}
$model = self::loadResourceModel($request->getModel(), $request->getApiType(), $this->getApiUser()->getType(), $this->getVersion($request->getResourceType(), $request->getVersion()));
$model->setRequest($request);
$model->setResponse($response);
$model->setApiUser($this->getApiUser());
$model->dispatch();
return $this;
}
/**
* Global ACL processing
*
* @param Mage_Api2_Model_Request $request
* @param Mage_Api2_Model_Auth_User_Abstract $apiUser
* @return Mage_Api2_Model_Server
* @throws Mage_Api2_Exception
*/
protected function _allow(Mage_Api2_Model_Request $request, Mage_Api2_Model_Auth_User_Abstract $apiUser)
{
/** @var $globalAcl Mage_Api2_Model_Acl_Global */
$globalAcl = Mage::getModel('api2/acl_global');
if (!$globalAcl->isAllowed($apiUser, $request->getResourceType(), $request->getOperation())) {
throw new Mage_Api2_Exception('Access denied', self::HTTP_FORBIDDEN);
}
return $this;
}
/**
* Set request
*
* @param Mage_Api2_Model_Request $request
* @return Mage_Api2_Model_Resource
*/
public function setRequest(Mage_Api2_Model_Request $request)
{
$this->setResourceType($request->getResourceType());
$this->setApiType($request->getApiType());
$this->_request = $request;
return $this;
}
/**
* Check if request contains authentication info for adapter
*
* @param Mage_Api2_Model_Request $request
* @return boolean
*/
public function isApplicableToRequest(Mage_Api2_Model_Request $request)
{
$headerValue = $request->getHeader('Authorization');
return $headerValue && 'oauth' === strtolower(substr($headerValue, 0, 5));
}
/**
* Override parent method for request emulation during internal call
*
* @return string
*/
public function getMethod()
{
$method = $this->_method;
if (!$method) {
$method = parent::getMethod();
}
return $method;
}
/**
* Matches a Request with parts defined by a map. Assigns and
* returns an array of variables on a successful match.
*
* @param Mage_Api2_Model_Request $request
* @param boolean $partial Partial path matching
* @return array|bool An array of assigned values or a boolean false on a mismatch
*/
public function match($request, $partial = false)
{
return parent::match(ltrim($request->getPathInfo(), $this->_urlDelimiter), $partial);
}
protected function filterBefore(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response)
{
// Add generic CORS headers - this is not the 'right' way to do this, but Magento has no CORS support in Mage_Api2
$response->setHeader('Access-Control-Allow-Origin', '*', true);
$response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE', true);
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type', true);
$response->setHeader('Access-Control-Max-Age', '86400', true);
// Support credentials
$response->setHeader('Access-Control-Allow-Credentials', 'true', true);
$origin = $request->getHeader('Origin');
if ($origin) {
try {
$origin = Zend_Uri_Http::factory($origin);
$response->setHeader('Access-Control-Allow-Origin', $origin->getUri(), true);
} catch (Exception $e) {
// NOOP
}
}
Mage::dispatchEvent('api2_server_filter_before', ['request' => $request, 'response' => $response]);
}
