/**
* @param string $resource
* @param string $actionName
* @param array|null $payload
* @param string[] $roles
*
* @throws AccessDeniedHttpException
*/
public function validate($resource, $actionName, $payload, $roles)
{
if (!$this->permissions->isReadable($resource, $actionName, $roles)) {
throw new AccessDeniedHttpException('You are not allowed to access this resource');
}
if ($payload) {
if (!$this->permissions->isWritable($resource, $actionName, $roles)) {
throw new AccessDeniedHttpException('You are not allowed to access this resource');
}
foreach ($payload as $field => $value) {
if (!$this->permissions->isWritable($resource . ':' . $field, $actionName, $roles)) {
throw new AccessDeniedHttpException('You are not allowed to access this resource');
}
}
}
}
/**
* @param ActionResult $result
* @param string $resource
* @param string $action
* @param string[] $roles
* @return array
*/
public function filterResponse(ActionResult $result, $resource, $action, $roles)
{
$serializeAndFilter = function ($item) use($resource, $action, $roles) {
$data = $this->serializer->deserialize($this->serializer->serialize($item, 'json', SerializationContext::create()->enableMaxDepthChecks()), 'array', 'json');
$fields = array_filter(array_keys($data), function ($field) use($resource, $action, $roles) {
return $this->permissions->isReadable($resource . ':' . $field, $action, $roles);
});
return array_intersect_key($data, array_flip($fields));
};
switch ($result->getType()) {
case ActionResult::SIMPLE:
case ActionResult::INSTANCE:
$data = $serializeAndFilter($result->getResult());
break;
case ActionResult::COLLECTION:
$data = array_map($serializeAndFilter, $result->getResult());
break;
default:
throw new \InvalidArgumentException('Unsupported ActionResult type ' . $result->getType());
}
return $data;
}
