/** * {@inheritDoc} */ public function getOverriddenValue() { if ($this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) { return $this->userContext->getUserId(); } return null; }
/** * Check if resource for which access is needed has self permissions defined in webapi config. * * @param \Magento\Framework\Authorization $subject * @param callable $proceed * @param string $resource * @param string $privilege * * @return bool true If resource permission is self, to allow * customer access without further checks in parent method * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function aroundIsAllowed(\Magento\Framework\Authorization $subject, \Closure $proceed, $resource, $privilege = null) { if ($resource == AuthorizationService::PERMISSION_SELF && $this->userContext->getUserId() && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) { return true; } else { return $proceed($resource, $privilege); } }
/** * {@inheritdoc} */ public function create() { $quote = $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER ? $this->createCustomerCart() : $this->createAnonymousCart(); try { $quote->save(); } catch (\Exception $e) { throw new CouldNotSaveException('Cannot create quote'); } return $quote->getId(); }
/** * {@inheritdoc} */ public function getAclRoleId() { $userId = $this->userContext->getUserId(); $userType = $this->userContext->getUserType(); $roleCollection = $this->roleCollectionFactory->create(); /** @var Role $role */ $role = $roleCollection->setUserFilter($userId, $userType)->getFirstItem(); if (!$role->getId()) { return null; } return $role->getId(); }
/** * Override parameter values based on webapi.xml * * @param array $inputData Incoming data from request * @param array $parameters Contains parameters to replace or default * @return array Data in same format as $inputData with appropriate parameters added or changed */ public function override(array $inputData, array $parameters) { foreach ($parameters as $name => $paramData) { $arrayKeys = explode('.', $name); if ($paramData[Converter::KEY_FORCE] || !$this->isNestedArrayValueSet($inputData, $arrayKeys)) { if ($paramData[Converter::KEY_VALUE] == '%customer_id%' && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) { $value = $this->userContext->getUserId(); } else { $value = $paramData[Converter::KEY_VALUE]; } $this->setNestedArrayValue($inputData, $arrayKeys, $value); } } return $inputData; }
/** * {@inheritDoc} */ public function getOverriddenValue() { try { if ($this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) { $customerId = $this->userContext->getUserId(); /** @var \Magento\Quote\Api\Data\CartInterface */ $cart = $this->cartManagement->getCartForCustomer($customerId); if ($cart) { return $cart->getId(); } } } catch (NoSuchEntityException $e) { /* do nothing and just return null */ } return null; }
/** * Override parameter values based on webapi.xml * * @param array $inputData Incoming data from request * @param array $parameters Contains parameters to replace or default * @return array Data in same format as $inputData with appropriate parameters added or changed */ protected function overrideParams(array $inputData, array $parameters) { foreach ($parameters as $name => $paramData) { if ($paramData[Converter::KEY_FORCE] || !isset($inputData[$name])) { if ($paramData[Converter::KEY_VALUE] == '%customer_id%' && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) { $value = $this->userContext->getUserId(); } else { $value = $paramData[Converter::KEY_VALUE]; } $inputData[$name] = $value; } } return $inputData; }
/** * Check whether access is allowed for cart list resource * * @param \Magento\Quote\Api\CartRepositoryInterface $subject * @param SearchCriteria $searchCriteria * * @return void * @throws AuthorizationException if access denied * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function beforeGetList(\Magento\Quote\Api\CartRepositoryInterface $subject, SearchCriteria $searchCriteria) { if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) { throw new AuthorizationException(__('Access denied')); } }
/** * Check whether quote is allowed for current user context * * @param \Magento\Quote\Model\Quote $quote * @return bool */ protected function isAllowed(\Magento\Quote\Model\Quote $quote) { return $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER ? $quote->getCustomerId() === null || $quote->getCustomerId() == $this->userContext->getUserId() : true; }
/** * Checks if order is allowed for current customer * * @param \Magento\Sales\Model\Order $order * @return bool */ protected function isAllowed(\Magento\Sales\Model\Order $order) { return $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER ? $order->getCustomerId() == $this->userContext->getUserId() : true; }
/** * Generate cache ID using current context: user permissions and store * * @param string $prefix Prefix is used by hashing function * @return string */ public function generateCacheIdUsingContext($prefix) { return hash('md5', $prefix . $this->storeManager->getStore()->getCode() . $this->userContext->getUserType() . $this->userContext->getUserId()); }
/** * Check whether access is allowed for cart list resource * * @param \Magento\Checkout\Service\V1\Cart\ReadServiceInterface $subject * @param SearchCriteria $searchCriteria * * @return void * @throws AuthorizationException if access denied * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function beforeGetCartList(\Magento\Checkout\Service\V1\Cart\ReadServiceInterface $subject, SearchCriteria $searchCriteria) { if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) { throw new AuthorizationException('Access denied'); } }
/** * Check whether access is allowed for create cart resource * * @param \Magento\Quote\Api\CartManagementInterface $subject * @param int $cartId * @param int $customerId * @param int $storeId * * @return void * @throws AuthorizationException if access denied * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function beforeAssignCustomer(\Magento\Quote\Api\CartManagementInterface $subject, $cartId, $customerId, $storeId) { if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) { throw new AuthorizationException(__('Access denied')); } }
/** * Check whether access is allowed for create cart resource * * @param \Magento\Checkout\Service\V1\Cart\WriteServiceInterface $subject * @param int $cartId * @param int $customerId * * @return void * @throws AuthorizationException if access denied * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function beforeAssignCustomer(\Magento\Checkout\Service\V1\Cart\WriteServiceInterface $subject, $cartId, $customerId) { if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) { throw new AuthorizationException('Access denied'); } }