/**
* Process integration resource permissions after the integration is created
*
* @param \Magento\Integration\Service\V1\Integration $subject
* @param array $integrationData Data of integration deleted
*
* @return array $integrationData
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function afterDelete(\Magento\Integration\Service\V1\Integration $subject, array $integrationData)
{
//No check needed for integration data since it cannot be empty in the parent invocation - delete
$userIdentifier = $this->_userIdentifierFactory->create(UserIdentifier::USER_TYPE_INTEGRATION, (int) $integrationData[IntegrationModel::ID]);
$this->_authzService->removePermissions($userIdentifier);
return $integrationData;
}
/**
* Perform authentication and authorization.
*
* Authentication can be based on active customer/guest session or it can be based on OAuth headers.
*
* @throws \Magento\Framework\Exception\AuthorizationException
* @return void
*/
protected function _checkPermissions()
{
/**
* All mobile clients are expected to pass session cookie along with the request which will allow
* to start session automatically. User ID and user type are initialized when session is created
* during login call.
*/
$userId = $this->session->getUserId();
$userType = $this->session->getUserType();
$userIdentifier = null;
$consumerId = null;
if ($userType) {
/** @var \Magento\Authz\Model\UserIdentifier $userIdentifier */
$userIdentifier = $this->_objectManager->create('Magento\\Authz\\Model\\UserIdentifier', ['userType' => $userType, 'userId' => $userId]);
} else {
$oauthRequest = $this->_oauthHelper->prepareRequest($this->_request);
$consumerId = $this->_oauthService->validateAccessTokenRequest($oauthRequest, $this->_oauthHelper->getRequestUrl($this->_request), $this->_request->getMethod());
$this->_request->setConsumerId($consumerId);
}
$route = $this->_getCurrentRoute();
if (!$this->_authorizationService->isAllowed($route->getAclResources(), $userIdentifier)) {
$params = ['resources' => implode(', ', $route->getAclResources())];
throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, $params);
}
}
/**
* Handler for all SOAP operations.
*
* @param string $operation
* @param array $arguments
* @return \stdClass|null
* @throws WebapiException
* @throws \LogicException
* @throws AuthorizationException
*/
public function __call($operation, $arguments)
{
$requestedServices = $this->_request->getRequestedServices();
$serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices);
$serviceClass = $serviceMethodInfo[SoapConfig::KEY_CLASS];
$serviceMethod = $serviceMethodInfo[SoapConfig::KEY_METHOD];
// check if the operation is a secure operation & whether the request was made in HTTPS
if ($serviceMethodInfo[SoapConfig::KEY_IS_SECURE] && !$this->_request->isSecure()) {
throw new WebapiException(__("Operation allowed only in HTTPS"));
}
$isAllowed = false;
foreach ($serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES] as $resources) {
if ($this->_authorizationService->isAllowed($resources)) {
$isAllowed = true;
break;
}
}
if (!$isAllowed) {
// TODO: Consider passing Integration ID instead of Consumer ID
throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, ['resources' => implode($serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES], ', ')]);
}
$service = $this->_objectManager->get($serviceClass);
$inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments);
$outputData = call_user_func_array(array($service, $serviceMethod), $inputData);
return $this->_prepareResponseData($outputData);
}
/**
* @param array $requestData Data from the request
* @param array $parameters Data from config about which parameters to override
* @param array $expectedOverriddenParams Result of overriding $requestData when applying rules from $parameters
*
* @dataProvider overrideParmasDataProvider
*/
public function testOverrideParams($requestData, $parameters, $expectedOverriddenParams)
{
$this->_routeMock->expects($this->once())->method('getParameters')->will($this->returnValue($parameters));
$this->_appStateMock->expects($this->any())->method('isInstalled')->will($this->returnValue(true));
$this->_authzServiceMock->expects($this->once())->method('isAllowed')->will($this->returnValue(true));
$this->_requestMock->expects($this->any())->method('getRequestData')->will($this->returnValue($requestData));
// serializer should expect overridden params
$this->serializerMock->expects($this->once())->method('getInputData')->with($this->equalTo('Magento\\Webapi\\Controller\\TestService'), $this->equalTo('testMethod'), $this->equalTo($expectedOverriddenParams));
$this->_restController->dispatch($this->_requestMock);
}
