コード例 #1
0
ファイル: Rest.php プロジェクト: Atlis/docker-magento2
 /**
  * Perform authentication and authorization.
  *
  * Authentication can be based on active customer/guest session or it can be based on OAuth headers.
  *
  * @throws \Magento\Framework\Exception\AuthorizationException
  * @return void
  */
 protected function _checkPermissions()
 {
     /**
      * All mobile clients are expected to pass session cookie along with the request which will allow
      * to start session automatically. User ID and user type are initialized when session is created
      * during login call.
      */
     $userId = $this->session->getUserId();
     $userType = $this->session->getUserType();
     $userIdentifier = null;
     $consumerId = null;
     if ($userType) {
         /** @var \Magento\Authz\Model\UserIdentifier $userIdentifier */
         $userIdentifier = $this->_objectManager->create('Magento\\Authz\\Model\\UserIdentifier', ['userType' => $userType, 'userId' => $userId]);
     } else {
         $oauthRequest = $this->_oauthHelper->prepareRequest($this->_request);
         $consumerId = $this->_oauthService->validateAccessTokenRequest($oauthRequest, $this->_oauthHelper->getRequestUrl($this->_request), $this->_request->getMethod());
         $this->_request->setConsumerId($consumerId);
     }
     $route = $this->_getCurrentRoute();
     if (!$this->_authorizationService->isAllowed($route->getAclResources(), $userIdentifier)) {
         $params = ['resources' => implode(', ', $route->getAclResources())];
         throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, $params);
     }
 }
コード例 #2
0
ファイル: Handler.php プロジェクト: Atlis/docker-magento2
 /**
  * Handler for all SOAP operations.
  *
  * @param string $operation
  * @param array $arguments
  * @return \stdClass|null
  * @throws WebapiException
  * @throws \LogicException
  * @throws AuthorizationException
  */
 public function __call($operation, $arguments)
 {
     $requestedServices = $this->_request->getRequestedServices();
     $serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices);
     $serviceClass = $serviceMethodInfo[SoapConfig::KEY_CLASS];
     $serviceMethod = $serviceMethodInfo[SoapConfig::KEY_METHOD];
     // check if the operation is a secure operation & whether the request was made in HTTPS
     if ($serviceMethodInfo[SoapConfig::KEY_IS_SECURE] && !$this->_request->isSecure()) {
         throw new WebapiException(__("Operation allowed only in HTTPS"));
     }
     $isAllowed = false;
     foreach ($serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES] as $resources) {
         if ($this->_authorizationService->isAllowed($resources)) {
             $isAllowed = true;
             break;
         }
     }
     if (!$isAllowed) {
         // TODO: Consider passing Integration ID instead of Consumer ID
         throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, ['resources' => implode($serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES], ', ')]);
     }
     $service = $this->_objectManager->get($serviceClass);
     $inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments);
     $outputData = call_user_func_array(array($service, $serviceMethod), $inputData);
     return $this->_prepareResponseData($outputData);
 }