/** * {@inheritdoc} */ protected function processFunction($function, \Mibew\API\ExecutionContext &$context) { // Check if a function can be called. Operators can call anythig, thus // we should continue validation only for users. if (!$this->getAuthenticationManager()->getOperator()) { // A function is called by a user. We need to check that the thread // is related with the user. $arguments = $context->getArgumentsList($function); $thread_id = $arguments['threadId']; // As defined in Mibew\API\Interaction\ChatInteraction "threadid" // argument is mandatory, but some function allows it to be null. In // such cases there is no thread and there is nothing to check. if (!is_null($thread_id)) { $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads']) && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']); if (!$is_own_thread) { throw new AccessDeniedException(); } } } // The function can be called. Process it. parent::processFunction($function, $context); }
/** * Class constructor */ protected function __construct() { parent::__construct(array('signature' => '', 'trusted_signatures' => array(''), 'event_prefix' => 'users')); }