/** * Validate Element Permission * * @param Request $request Request * @param UserModel $user User * @param bool $is_authenticated Is Authenticated * * @return null|RestfulApiException */ protected function validateElementPermission(Request $request, UserModel $user = null, $is_authenticated = false) { $element_permissions = \Craft\craft()->restfulApi_config->getElementPermissions($request->getAttribute('elementType')); if ($is_authenticated && in_array($request->getMethod(), $element_permissions['authenticated'])) { return; } if (in_array($request->getMethod(), $element_permissions['public'])) { return; } $exception = new RestfulApiException(); $exception->setStatus(401)->setMessage(sprintf('User is not authorized to perform method `%s` on `%s` element type.', $request->getMethod(), $request->getAttribute('elementType'))); throw $exception; }
/** * Save Element * * @param array $params Parameters * * @return BaseElementModel $model */ public function saveElement(BaseElementModel $element, Request $request) { $element_type = craft()->elements->getElementType($element->getElementType()); $result = $element_type->saveElement($element, null); if (!$result) { $exception = new RestfulApiException(); $exception->setStatus(400)->setMessage('Element could not be stored.'); throw $exception; } craft()->content->saveContent($element); return $element; }
/** * Get Element Permissions * * @param string $element_type Element Type * * @return array Element Permissions */ public function getElementPermissions($element_type) { $element_permissions = $this->getElementTypeConfig($element_type, 'permissions'); if (!$element_permissions) { $element_permissions = $this->getElementPermissions('*'); } if (!$element_permissions) { $exception = new RestfulApiException(); $exception->setStatus(415)->setMessage(sprintf('Permissions for the `%s` element type is not defined.', $element_type)); throw $exception; } return $element_permissions; }