protected function _mapResources(array $allRoutes, array &$map, $version = 1)
{
foreach ($allRoutes as $fullPath => $routes) {
$path = explode('/', $fullPath);
$resource = isset($path[0]) ? $path[0] : '';
if ($resource == 'resources' || String::endsWith($resource, 'index')) {
continue;
}
foreach ($routes as $httpMethod => $route) {
if (in_array($httpMethod, static::$excludedHttpMethods)) {
continue;
}
if (!static::verifyAccess($route)) {
continue;
}
foreach (static::$excludedPaths as $exclude) {
if (empty($exclude)) {
if ($fullPath == $exclude) {
continue 2;
}
} elseif (String::beginsWith($fullPath, $exclude)) {
continue 2;
}
}
$res = $resource ? $version == 1 ? "/resources/{$resource}" : "/v{$version}/resources/{$resource}-v{$version}" : ($version == 1 ? "/resources/root" : "/v{$version}/resources/root-v{$version}");
if (empty($map[$res])) {
$map[$res] = isset($route['metadata']['classDescription']) ? $route['metadata']['classDescription'] : '';
}
}
}
}
/**
* Access verification method.
*
* API access will be denied when this method returns false
*
* @return boolean true when api access is allowed false otherwise
*
* @throws RestException 403 security violation
*/
public function __isAllowed()
{
if (session_id() == '') {
session_start();
}
/** @var Restler $restler */
$restler = $this->restler;
$url = $restler->url;
foreach (static::$excludedPaths as $exclude) {
if (empty($exclude)) {
if ($url == $exclude) {
return true;
}
} elseif (String::beginsWith($url, $exclude)) {
return true;
}
}
$check = static::$filterFormRequestsOnly ? $restler->requestFormat instanceof UrlEncodedFormat || $restler->requestFormat instanceof UploadFormat : true;
if (!empty($_POST) && $check) {
if (isset($_POST[static::FORM_KEY]) && ($target = Util::getRequestMethod() . ' ' . $restler->url) && isset($_SESSION[static::FORM_KEY][$target]) && $_POST[static::FORM_KEY] == $_SESSION[static::FORM_KEY][$target]) {
return true;
}
throw new RestException(403, 'Insecure form submission');
}
return true;
}
