/**
* Perform authentication and authorization.
*
* @throws \Magento\Framework\Exception\AuthorizationException
* @return void
*/
private function checkPermissions()
{
$route = $this->router->match($this->request);
if (!$this->authorization->isAllowed($route->getAclResources())) {
$params = ['resources' => implode(', ', $route->getAclResources())];
throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, $params));
}
}
/**
* Perform authentication and authorization.
*
* @throws \Magento\Framework\Exception\AuthorizationException
* @return void
* @deprecated
* @see \Magento\Webapi\Controller\Rest\RequestValidator::checkPermissions
*/
protected function checkPermissions()
{
$route = $this->getCurrentRoute();
if (!$this->authorization->isAllowed($route->getAclResources())) {
$params = ['resources' => implode(', ', $route->getAclResources())];
throw new AuthorizationException(__('Consumer is not authorized to access %resources', $params));
}
}
/**
* Perform authentication and authorization.
*
* @throws \Magento\Framework\Exception\AuthorizationException
* @return void
*/
protected function checkPermissions()
{
$route = $this->getCurrentRoute();
if (!$this->authorization->isAllowed($route->getAclResources())) {
$params = ['resources' => implode(', ', $route->getAclResources())];
throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, $params));
}
}
public function testGetMethodAllStoresInvalid()
{
$this->_routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['1']));
$this->_authorizationMock->expects($this->any())->method('isAllowed')->will($this->returnValue(true));
$this->storeMock->expects($this->once())->method('getCode')->willReturn('admin');
$this->_requestMock->expects($this->once())->method('getMethod')->willReturn('get');
$this->_restController->dispatch($this->_requestMock);
$this->assertTrue($this->_responseMock->isException());
$this->assertSame("Cannot perform GET operation with store code 'all'", $this->_responseMock->getException()[0]->getMessage());
}
/**
* Retrieve information only about those services/methods which are visible to current user.
*
* @param string[] $requestedServices
* @return array
*/
protected function getAllowedServicesMetadata($requestedServices)
{
$allowedServicesMetadata = [];
foreach ($requestedServices as $serviceName) {
$serviceMetadata = $this->getServiceMetadata($serviceName);
foreach ($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS] as $methodName => $methodData) {
if (!$this->authorization->isAllowed($methodData[ServiceMetadata::KEY_ACL_RESOURCES])) {
unset($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS][$methodName]);
}
}
if (!empty($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS])) {
$this->removeRestrictedRoutes($serviceMetadata);
$allowedServicesMetadata[$serviceName] = $serviceMetadata;
}
}
return $allowedServicesMetadata;
}
/**
* Handler for all SOAP operations.
*
* @param string $operation
* @param array $arguments
* @return \stdClass|null
* @throws WebapiException
* @throws \LogicException
* @throws AuthorizationException
*/
public function __call($operation, $arguments)
{
$requestedServices = $this->_request->getRequestedServices();
$serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices);
$serviceClass = $serviceMethodInfo[ServiceMetadata::KEY_CLASS];
$serviceMethod = $serviceMethodInfo[ServiceMetadata::KEY_METHOD];
// check if the operation is a secure operation & whether the request was made in HTTPS
if ($serviceMethodInfo[ServiceMetadata::KEY_IS_SECURE] && !$this->_request->isSecure()) {
throw new WebapiException(__("Operation allowed only in HTTPS"));
}
if (!$this->authorization->isAllowed($serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])) {
throw new AuthorizationException(__('Consumer is not authorized to access %resources', ['resources' => implode(', ', $serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])]));
}
$service = $this->_objectManager->get($serviceClass);
$inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments);
$outputData = call_user_func_array([$service, $serviceMethod], $inputData);
return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod);
}
/**
* @expectedException \Magento\Framework\Exception\AuthorizationException
* @expectedExceptionMessage Consumer is not authorized to access 5, 6
*/
public function testAuthorizationFailed()
{
$this->authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(false));
$this->routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['5', '6']));
$this->requestValidator->validate();
}
