/**
* Checks if operation is allowed from the configuration file
*
* @return object This method may be chained.
*
* @throws Exception
*/
public function isOperationAllowed()
{
// Check if webservice is published
if (!RApiHalHelper::isPublishedWebservice($this->client, $this->webserviceName, $this->webserviceVersion) && !empty($this->webserviceName)) {
throw new Exception(JText::sprintf('LIB_REDCORE_API_HAL_WEBSERVICE_IS_UNPUBLISHED', $this->webserviceName));
}
// Check for allowed operations
$allowedOperations = $this->getConfig('operations');
if (!isset($allowedOperations->{$this->operation})) {
$customError = $this->triggerFunction('createCustomHttpError', 405, $this->apiErrors);
$this->setStatusCode(405, $customError);
return false;
}
$scope = $this->operation;
$authorizationGroups = !empty($allowedOperations->{$this->operation}['authorization']) ? (string) $allowedOperations->{$this->operation}['authorization'] : '';
$terminateIfNotAuthorized = true;
if ($this->operation == 'task') {
$task = $this->options->get('task', '');
$scope .= '.' . $task;
if (!isset($allowedOperations->task->{$task})) {
$customError = $this->triggerFunction('createCustomHttpError', 405, $this->apiErrors);
$this->setStatusCode(405, $customError);
return false;
}
$authorizationGroups = !empty($allowedOperations->task->{$task}['authorization']) ? (string) $allowedOperations->task->{$task}['authorization'] : '';
if (isset($allowedOperations->task->{$task}['authorizationNeeded']) && strtolower($allowedOperations->task->{$task}['authorizationNeeded']) == 'false') {
$terminateIfNotAuthorized = false;
}
} elseif ($this->operation == 'read') {
// Disable authorization on operation read level
if (isset($allowedOperations->{$this->operation}['authorizationNeeded']) && strtolower($allowedOperations->{$this->operation}['authorizationNeeded']) == 'false') {
$terminateIfNotAuthorized = false;
} else {
$primaryKeys = array();
$isReadItem = $this->apiFillPrimaryKeys($primaryKeys);
$readType = $isReadItem ? 'item' : 'list';
if (isset($allowedOperations->read->{$readType}['authorizationNeeded']) && strtolower($allowedOperations->read->{$readType}['authorizationNeeded']) == 'false') {
$terminateIfNotAuthorized = false;
}
}
} elseif (isset($allowedOperations->{$this->operation}['authorizationNeeded']) && strtolower($allowedOperations->{$this->operation}['authorizationNeeded']) == 'false') {
$terminateIfNotAuthorized = false;
}
// Does user have permission
// OAuth2 check
if ($this->authorizationCheck == 'oauth2') {
// Use scopes to authorize
$scope = array($this->client . '.' . $this->webserviceName . '.' . $scope);
// Add in Global scope check
$scope[] = $this->client . '.' . $this->operation;
return $this->isAuthorized($scope, $terminateIfNotAuthorized) || !$terminateIfNotAuthorized;
} elseif ($this->authorizationCheck == 'joomla') {
$isAuthorized = $this->isAuthorized($scope = null, $terminateIfNotAuthorized);
// Use Joomla to authorize
if ($isAuthorized && $terminateIfNotAuthorized && !empty($authorizationGroups)) {
$authorizationGroups = explode(',', $authorizationGroups);
$authorized = false;
$configAssetName = !empty($this->configuration->config->authorizationAssetName) ? (string) $this->configuration->config->authorizationAssetName : null;
foreach ($authorizationGroups as $authorizationGroup) {
$authorization = explode(':', trim($authorizationGroup));
$action = $authorization[0];
$assetName = !empty($authorization[1]) ? $authorization[1] : $configAssetName;
if (JFactory::getUser()->authorise(trim($action), trim($assetName))) {
$authorized = true;
break;
}
}
if (!$authorized) {
$customError = $this->triggerFunction('createCustomHttpError', 405, $this->apiErrors);
$this->setStatusCode(405, $customError);
return false;
}
}
return $isAuthorized || !$terminateIfNotAuthorized;
}
return false;
}
