private function getAccessControlScope()
{
$scope = new accessControlScope();
if ($this->referrer) {
$scope->setReferrer($this->referrer);
}
$scope->setKs($this->ks);
$scope->setEntryId($this->entry->getId());
$scope->setContexts($this->contexts);
return $scope;
}
public function validateApiAccessControl()
{
if (kIpAddressUtils::isInternalIp()) {
return true;
}
if ($this->getEnforceHttpsApi() && infraRequestUtils::getProtocol() != infraRequestUtils::PROTOCOL_HTTPS) {
KalturaLog::err('Action was accessed over HTTP while the partner is configured for HTTPS access only');
return false;
}
$accessControl = $this->getApiAccessControl();
if (is_null($accessControl)) {
return true;
}
$context = new kEntryContextDataResult();
$scope = new accessControlScope();
$scope->setKs(kCurrentContext::$ks);
$scope->setContexts(array(ContextType::PLAY));
$disableCache = $accessControl->applyContext($context, $scope);
if ($disableCache) {
kApiCache::disableCache();
}
if (count($context->getMessages())) {
header("X-Kaltura-API-Access-Control: " . implode(', ', $context->getMessages()));
}
if (count($context->getActions())) {
$actions = $context->getActions();
foreach ($actions as $action) {
/* @var $action kAccessControlAction */
if ($action->getType() == RuleActionType::BLOCK) {
KalturaLog::err('Action was blocked by API access control');
return false;
}
}
}
return true;
}
private function getApiAccessControlScope()
{
$scope = new accessControlScope();
$scope->setKs(kCurrentContext::$ks);
$scope->setContexts(array(accessControlContextType::PLAY));
return $scope;
}
