/**
* {@inheritdoc}
*/
protected function processFunction($function, \Mibew\API\ExecutionContext &$context)
{
// Check if a function can be called. Operators can call anythig, thus
// we should continue validation only for users.
if (!$this->getAuthenticationManager()->getOperator()) {
// A function is called by a user. We need to check that the thread
// is related with the user.
$arguments = $context->getArgumentsList($function);
$thread_id = $arguments['threadId'];
// As defined in Mibew\API\Interaction\ChatInteraction "threadid"
// argument is mandatory, but some function allows it to be null. In
// such cases there is no thread and there is nothing to check.
if (!is_null($thread_id)) {
$is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
&& in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
if (!$is_own_thread) {
throw new AccessDeniedException();
}
}
}
// The function can be called. Process it.
parent::processFunction($function, $context);
}
/**
* Class constructor
*/
protected function __construct()
{
parent::__construct(array('signature' => '', 'trusted_signatures' => array(''), 'event_prefix' => 'users'));
}
