/** * @param RequestInterpreterInterface $interpreter * @param AuthorizerInterface $authorizer * @param RequestInterface $request * @return ErrorCollection|bool * errors if the request is not authorized, true if authorized. */ protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request) { $parameters = $request->getParameters(); $document = $request->getDocument(); $record = $request->getRecord(); $authorized = true; /** Index */ if ($interpreter->isIndex()) { $authorized = $authorizer->canReadMany($parameters); } elseif ($interpreter->isCreateResource()) { $authorized = $authorizer->canCreate($document->getResource(), $parameters); } elseif ($interpreter->isReadResource()) { $authorized = $authorizer->canRead($record, $parameters); } elseif ($interpreter->isUpdateResource()) { $authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters); } elseif ($interpreter->isDeleteResource()) { $authorized = $authorizer->canDelete($record, $parameters); } elseif ($interpreter->isReadRelatedResource()) { $authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isReadRelationship()) { $authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isModifyRelationship()) { $authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters); } return $authorized ?: $authorizer->getErrors(); }
/** * @param ValidatorProviderInterface $validators * @param RequestInterpreterInterface $interpreter * @param RequestInterface $request * @throws JsonApiException */ protected function checkDocumentIsAcceptable(ValidatorProviderInterface $validators, RequestInterpreterInterface $interpreter, RequestInterface $request) { $document = $request->getDocument(); if (!$document) { return; } $validator = $this->documentAcceptanceValidator($validators, $interpreter, $request); if ($validator && !$validator->isValid($document, $request->getRecord())) { throw new ValidationException($validator->getErrors()); } }
/** * @param JsonApiRequest $request * @return Response */ public function update(JsonApiRequest $request) { $resource = $request->getDocument()->getResource(); $model = $this->hydrate($resource, $this->getRecord($request)); $result = $model instanceof Response ? $model : $this->doCommit($model, $resource); if ($result instanceof Response) { return $result; } elseif (!$result) { return $this->internalServerError(); } return $this->reply()->content($model); }