/** * Instantiate resource class, set parameters to the instance, run resource internal dispatch method * * @param Mage_Api2_Model_Request $request * @param Mage_Api2_Model_Response $response * @return Mage_Api2_Model_Dispatcher * @throws Mage_Api2_Exception */ public function dispatch(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response) { if (!$request->getModel() || !$request->getApiType()) { throw new Mage_Api2_Exception('Request does not contains all necessary data', Mage_Api2_Model_Server::HTTP_BAD_REQUEST); } $model = self::loadResourceModel($request->getModel(), $request->getApiType(), $this->getApiUser()->getType(), $this->getVersion($request->getResourceType(), $request->getVersion())); $model->setRequest($request); $model->setResponse($response); $model->setApiUser($this->getApiUser()); $model->dispatch(); return $this; }
/** * Global ACL processing * * @param Mage_Api2_Model_Request $request * @param Mage_Api2_Model_Auth_User_Abstract $apiUser * @return Mage_Api2_Model_Server * @throws Mage_Api2_Exception */ protected function _allow(Mage_Api2_Model_Request $request, Mage_Api2_Model_Auth_User_Abstract $apiUser) { /** @var $globalAcl Mage_Api2_Model_Acl_Global */ $globalAcl = Mage::getModel('api2/acl_global'); if (!$globalAcl->isAllowed($apiUser, $request->getResourceType(), $request->getOperation())) { throw new Mage_Api2_Exception('Access denied', self::HTTP_FORBIDDEN); } return $this; }
/** * Set request * * @param Mage_Api2_Model_Request $request * @return Mage_Api2_Model_Resource */ public function setRequest(Mage_Api2_Model_Request $request) { $this->setResourceType($request->getResourceType()); $this->setApiType($request->getApiType()); $this->_request = $request; return $this; }
/** * Check if request contains authentication info for adapter * * @param Mage_Api2_Model_Request $request * @return boolean */ public function isApplicableToRequest(Mage_Api2_Model_Request $request) { $headerValue = $request->getHeader('Authorization'); return $headerValue && 'oauth' === strtolower(substr($headerValue, 0, 5)); }
/** * Override parent method for request emulation during internal call * * @return string */ public function getMethod() { $method = $this->_method; if (!$method) { $method = parent::getMethod(); } return $method; }
/** * Matches a Request with parts defined by a map. Assigns and * returns an array of variables on a successful match. * * @param Mage_Api2_Model_Request $request * @param boolean $partial Partial path matching * @return array|bool An array of assigned values or a boolean false on a mismatch */ public function match($request, $partial = false) { return parent::match(ltrim($request->getPathInfo(), $this->_urlDelimiter), $partial); }
protected function filterBefore(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response) { // Add generic CORS headers - this is not the 'right' way to do this, but Magento has no CORS support in Mage_Api2 $response->setHeader('Access-Control-Allow-Origin', '*', true); $response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE', true); $response->setHeader('Access-Control-Allow-Headers', 'Content-Type', true); $response->setHeader('Access-Control-Max-Age', '86400', true); // Support credentials $response->setHeader('Access-Control-Allow-Credentials', 'true', true); $origin = $request->getHeader('Origin'); if ($origin) { try { $origin = Zend_Uri_Http::factory($origin); $response->setHeader('Access-Control-Allow-Origin', $origin->getUri(), true); } catch (Exception $e) { // NOOP } } Mage::dispatchEvent('api2_server_filter_before', ['request' => $request, 'response' => $response]); }