/** * @param RequestInterpreterInterface $interpreter * @param AuthorizerInterface $authorizer * @param RequestInterface $request * @return ErrorCollection|bool * errors if the request is not authorized, true if authorized. */ protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request) { $parameters = $request->getParameters(); $document = $request->getDocument(); $record = $request->getRecord(); $authorized = true; /** Index */ if ($interpreter->isIndex()) { $authorized = $authorizer->canReadMany($parameters); } elseif ($interpreter->isCreateResource()) { $authorized = $authorizer->canCreate($document->getResource(), $parameters); } elseif ($interpreter->isReadResource()) { $authorized = $authorizer->canRead($record, $parameters); } elseif ($interpreter->isUpdateResource()) { $authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters); } elseif ($interpreter->isDeleteResource()) { $authorized = $authorizer->canDelete($record, $parameters); } elseif ($interpreter->isReadRelatedResource()) { $authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isReadRelationship()) { $authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isModifyRelationship()) { $authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters); } return $authorized ?: $authorizer->getErrors(); }
/** * @param JsonApiRequest $request * @return Paginator|Collection|Model|Response|null */ protected function search(JsonApiRequest $request) { if (!$this->search) { return $this->notImplemented(); } $builder = $this->model->newQuery(); return $this->search->search($builder, $request->getParameters()); }
/** * @param ApiInterface $api * @param RequestInterface $request * @param FilterValidatorInterface|null $filterValidator */ protected function checkQueryParameters(ApiInterface $api, RequestInterface $request, FilterValidatorInterface $filterValidator = null) { $parameters = $request->getParameters(); $this->checkEncodingParameters($api->getHttpFactory(), $parameters, $api); if ($filterValidator && $api->getRequestInterpreter()->isIndex()) { $this->checkFilterParameters($filterValidator, $parameters); } }