/** * Authorize * * This method authenticates by verifying if the requested action * is made by a **partner** or if it's a public action. * * Partner is a term I grabbed when working at mobivox. They are not * users in the term that they need to register and keep a logged in * session but stateless "users". I decided to keep that term since * it makes more sense than "statelessUser"; * * @return boolean Either it's authorized or not. */ public function authorize() { // If this is a public action, it doesn't need authorization. if (Frapi_Rules::isPublicAction($this->getAction())) { return true; } //For Basic HTTP Auth, use headers automatically filled by PHP, if available. $headers = $_SERVER; $auth_params = array('digest' => isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : null); // First step: Set the state of the context objects. $partner = $this->authorization->getPartner()->setAction($this->getAction())->setAuthorizationParams($auth_params); /** * Second step: Run the authorization, error in case of * error in returned values, else it's just a true. */ $partnerAuth = $partner->authorize(); /** * Step Three: If we have no partner * auth we return an error of invalid requested action * because if the action is not found in the contexts * it returns true. * * If it is found but has an error, it throws Frapi_Error * * If it is ok, it returns true. */ if (!$partnerAuth) { throw new Frapi_Error(Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NAME, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_MSG, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NO, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_HTTP_MSG); } return true; }