/** * @param RequestInterface $request * @throws JsonApiException */ protected function checkRelationshipName(RequestInterface $request) { $name = $request->getRelationshipName(); if (!in_array($name, $this->allowedRelationships(), true)) { throw new JsonApiException([], 404); } }
/** * @param RequestInterpreterInterface $interpreter * @param AuthorizerInterface $authorizer * @param RequestInterface $request * @return ErrorCollection|bool * errors if the request is not authorized, true if authorized. */ protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request) { $parameters = $request->getParameters(); $document = $request->getDocument(); $record = $request->getRecord(); $authorized = true; /** Index */ if ($interpreter->isIndex()) { $authorized = $authorizer->canReadMany($parameters); } elseif ($interpreter->isCreateResource()) { $authorized = $authorizer->canCreate($document->getResource(), $parameters); } elseif ($interpreter->isReadResource()) { $authorized = $authorizer->canRead($record, $parameters); } elseif ($interpreter->isUpdateResource()) { $authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters); } elseif ($interpreter->isDeleteResource()) { $authorized = $authorizer->canDelete($record, $parameters); } elseif ($interpreter->isReadRelatedResource()) { $authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isReadRelationship()) { $authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isModifyRelationship()) { $authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters); } return $authorized ?: $authorizer->getErrors(); }
/** * @param ValidatorProviderInterface $validators * @param RequestInterpreterInterface $interpreter * @param RequestInterface $request * @return DocumentValidatorInterface|null */ private function documentAcceptanceValidator(ValidatorProviderInterface $validators, RequestInterpreterInterface $interpreter, RequestInterface $request) { $resourceType = $request->getResourceType(); $resourceId = $interpreter->getResourceId(); $relationshipName = $interpreter->getRelationshipName(); $record = $request->getRecord(); /** Create Resource */ if ($interpreter->isCreateResource()) { return $validators->createResource($resourceType); } elseif ($interpreter->isUpdateResource()) { return $validators->updateResource($resourceType, $resourceId, $record); } elseif ($interpreter->isModifyRelationship()) { return $validators->modifyRelationship($resourceType, $resourceId, $relationshipName, $record); } return null; }
/** * @inheritdoc */ public function handle(ApiInterface $api, RequestInterface $request) { $interpreter = $api->getRequestInterpreter(); $resourceType = $request->getResourceType(); /** Check the relationship is acceptable */ if ($request->getRelationshipName()) { $this->checkRelationshipName($request); } /** Check request parameters are acceptable */ $this->checkQueryParameters($api, $request, $this->filterValidator($resourceType)); /** Authorize the request */ if ($this->authorizer) { $this->authorize($interpreter, $this->authorizer, $request); } /** Check the document content is acceptable */ if ($this->validators) { $this->checkDocumentIsAcceptable($this->validators, $interpreter, $request); } }
/** * @param JsonApiRequest $request * @return Model */ protected function getRecord(JsonApiRequest $request) { $record = $request->getRecord(); if (!$record instanceof Model) { throw new RuntimeException(sprintf('%s expects to be used with a %s record.', static::class, Model::class)); } return $record; }
/** * @param ApiInterface $api * @param RequestInterface $request * @param FilterValidatorInterface|null $filterValidator */ protected function checkQueryParameters(ApiInterface $api, RequestInterface $request, FilterValidatorInterface $filterValidator = null) { $parameters = $request->getParameters(); $this->checkEncodingParameters($api->getHttpFactory(), $parameters, $api); if ($filterValidator && $api->getRequestInterpreter()->isIndex()) { $this->checkFilterParameters($filterValidator, $parameters); } }