/**
* Perform authentication and authorization.
*
* Authentication can be based on active customer/guest session or it can be based on OAuth headers.
*
* @throws \Magento\Framework\Exception\AuthorizationException
* @return void
*/
protected function _checkPermissions()
{
/**
* All mobile clients are expected to pass session cookie along with the request which will allow
* to start session automatically. User ID and user type are initialized when session is created
* during login call.
*/
$userId = $this->session->getUserId();
$userType = $this->session->getUserType();
$userIdentifier = null;
$consumerId = null;
if ($userType) {
/** @var \Magento\Authz\Model\UserIdentifier $userIdentifier */
$userIdentifier = $this->_objectManager->create('Magento\\Authz\\Model\\UserIdentifier', ['userType' => $userType, 'userId' => $userId]);
} else {
$oauthRequest = $this->_oauthHelper->prepareRequest($this->_request);
$consumerId = $this->_oauthService->validateAccessTokenRequest($oauthRequest, $this->_oauthHelper->getRequestUrl($this->_request), $this->_request->getMethod());
$this->_request->setConsumerId($consumerId);
}
$route = $this->_getCurrentRoute();
if (!$this->_authorizationService->isAllowed($route->getAclResources(), $userIdentifier)) {
$params = ['resources' => implode(', ', $route->getAclResources())];
throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, $params);
}
}
