/**
* Call
*
* Pulls out a anonymous sent from an http header
*
* Perform actions specific to this middleware and optionally
* call the next downstream middleware.
*/
public function call()
{
/**
* Finds overridable Application Model (default -> Named Application -> annotated 'option ApplicationModel')
* There can only be one.
*
* @var $applicationModelClass \MABI\Model
*/
$applicationModelClass = '\\MABI\\DefaultApplicationModel';
$mabi = $this->getApp();
$modelClasses = $mabi->getModelClasses();
foreach ($modelClasses as $modelClass) {
if (ReflectionHelper::stripClassName($modelClass) == 'Application') {
$applicationModelClass = $modelClass;
}
$rClass = new \ReflectionClass($modelClass);
$modelOptions = ReflectionHelper::getDocDirective($rClass->getDocComment(), 'model');
if (in_array('ApplicationModel', $modelOptions)) {
$applicationModelClass = $modelClass;
break;
}
}
// Find the shared secret property (named sharedSecret or annotated 'field SharedSecret')
$rClass = new \ReflectionClass($applicationModelClass);
$modelProps = $rClass->getProperties(\ReflectionProperty::IS_PUBLIC);
$sharedSecretProp = 'sharedSecret';
foreach ($modelProps as $modelProp) {
$rProp = new \ReflectionProperty($applicationModelClass, $modelProp->name);
$propOptions = ReflectionHelper::getDocDirective($rProp->getDocComment(), 'field');
if (in_array('SharedSecret', $propOptions)) {
$sharedSecretProp = $modelProp->name;
break;
}
}
$this->apiApplication = $applicationModelClass::init($mabi);
if (!$this->apiApplication->findByField($sharedSecretProp, $mabi->getRequest()->headers('SHARED-SECRET'))) {
$this->apiApplication = FALSE;
}
$mabi->getRequest()->apiApplication = $this->apiApplication;
if (!empty($this->next)) {
$this->next->call();
}
}
private function setUpRESTApp($env = array(), $withCache = false)
{
$this->setUpApp($env, $withCache);
$dirControllerLoader = new \MABI\DirectoryControllerLoader('TestApp/TestControllerDir', $this->app, 'mabiTesting');
$this->controllerMock = $this->getMock('\\mabiTesting\\ModelBController', array('restGetTestFunc', 'restPostTestFunc', 'restPutTestFunc', 'restDeleteTestFunc'), array($this->app), 'ModelBController');
// Set up modelClass and base fields in the mock controller
$modelClass = 'mabiTesting\\ModelB';
$refObject = new \ReflectionObject($this->controllerMock);
$refModelClassProperty = $refObject->getProperty('modelClass');
$refModelClassProperty->setAccessible(TRUE);
$refModelClassProperty->setValue($this->controllerMock, $modelClass);
$refModelProperty = $refObject->getProperty('model');
$refModelProperty->setAccessible(TRUE);
$refModelProperty->setValue($this->controllerMock, call_user_func($modelClass . '::init', $this->app));
$refBaseProperty = $refObject->getProperty('base');
$refBaseProperty->setAccessible(TRUE);
$refBaseProperty->setValue($this->controllerMock, strtolower(\MABI\ReflectionHelper::stripClassName($modelClass)));
$controllerLoader = new \MABI\ControllerLoader();
$controllerLoader->setControllers(array($this->controllerMock));
$this->app->setControllerLoaders(array($controllerLoader, new \MABI\GeneratedRESTModelControllerLoader(array_diff($this->app->getExtensionModelClasses(), array($modelClass)), $this->app)));
}
/**
* Call
*
* Pulls out a anonymous sent from an http header
*
* Perform actions specific to this middleware and optionally
* call the next downstream middleware.
*/
public function call()
{
// Owner access does not apply for Collection level functions
$callable = $this->getRouteCallable();
if (empty($callable) || $this->isCollectionCallable($callable[1])) {
if (!empty($this->next)) {
$this->next->call();
}
return;
}
// A session is required to access these objects
if (!isset($this->getApp()->getRequest()->session)) {
$this->getApp()->returnError(DefaultAppErrors::$NOT_AUTHORIZED);
}
/**
* @var $restController \MABI\RESTModelController
* @var $session \MABI\Identity\Session
*/
$session = $this->getApp()->getRequest()->session;
$restController = $this->getController();
$rClass = new \ReflectionClass($restController->getModelClass());
// Allow @field owner override otherwise the default owner field is $owner
$ownerProperty = 'owner';
foreach ($rClass->getProperties() as $rProperty) {
if (in_array('owner', ReflectionHelper::getDocDirective($rProperty->getDocComment(), 'field'))) {
$ownerProperty = $rProperty->getName();
break;
}
}
$model = $restController->getModel();
if (empty($session) || empty($model) || empty($session->userId) || empty($model->{$ownerProperty}) || $session->userId != $restController->getModel()->{$ownerProperty}) {
// Don't give access to endpoint if the sessions don't match
$this->getApp()->returnError(DefaultAppErrors::$NOT_AUTHORIZED);
}
if (!empty($this->next)) {
$this->next->call();
}
}
