/**
* {@inheritdoc}
* @see ApiEntityAdapter::copyAlterableProperties()
*/
public function copyAlterableProperties($object, AbstractEntity $entity, $scope = ScopeInterface::SCOPE_SCALR)
{
/* @var $entity GlobalVariable */
$rules = $this->getRules();
if (!isset($rules[static::RULE_TYPE_ALTERABLE])) {
//Nothing to copy
throw new Exception(sprintf("ApiEntityAdapter::RULE_TYPE_ALTERABLE offset of rules has not been defined for the %s class.", get_class($this)));
}
$notAlterable = array_diff(array_keys(get_object_vars($object)), $rules[static::RULE_TYPE_ALTERABLE]);
if (!empty($notAlterable)) {
if (count($notAlterable) > 1) {
$message = "You are trying to set properties %s that either are not alterable or do not exist";
} else {
$message = "You are trying to set the property %s which either is not alterable or does not exist";
}
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, sprintf($message, implode(', ', $notAlterable)));
}
$allowOnlyValue = $this->scopesPriority[$entity->getScope()] < $this->scopesPriority[$scope];
if ($entity->final && $allowOnlyValue) {
throw new ApiErrorException(403, ErrorMessage::ERR_SCOPE_VIOLATION, "You can't change final variable locked on {$entity->getScope()} level");
}
foreach ($rules[static::RULE_TYPE_ALTERABLE] as $key) {
if (!property_exists($object, $key)) {
continue;
}
//As the name of the property that goes into response may be different from the
//real property name in the Entity object it should be mapped at first
if (!empty($rules[static::RULE_TYPE_TO_DATA])) {
//if toData rule is null it means all properties are allowed
if (($property = array_search($key, $rules[static::RULE_TYPE_TO_DATA])) !== false) {
if (is_string($property)) {
//In this case the real name of the property is the key of the array
if ($property[0] === '_' && method_exists($this, $property)) {
//It is callable
continue;
}
} else {
$property = $key;
}
if ($allowOnlyValue && $property != 'value' && isset($object->{$key}) && $object->{$key} != $entity->{$property}) {
throw new ApiErrorException(403, ErrorMessage::ERR_SCOPE_VIOLATION, sprintf("This variable was declared in the %s Scope, you can only modify its 'value' field in the Farm Role Scope", ucfirst($entity->getScope())));
}
}
}
}
}
/**
* Check whether the user has access permissions to the specified object.
*
* It should check only Entity level access permissions, NOT ACL
*
* @param AbstractEntity $entity Object that defines permissions
* @param User $user The User Entity
* @param Environment $environment optional The Environment Entity if request is from Environment scope
* @param bool $modify optional Whether it should check MODIFY permission. By default it checks READ permission.
*
* @return bool Returns TRUE if the user has access to the specified object
*
* @see AccessPermissionsInterface::hasAccessPermissions()
*/
public function checkInheritedPermissions(AbstractEntity $entity, User $user, Environment $environment = null, $modify = null)
{
if (!$entity instanceof ScopeInterface) {
throw new InvalidArgumentException("Entity must implements ScopeInterface!");
}
switch ($entity->getScope()) {
case static::SCOPE_ACCOUNT:
return $entity->accountId == $user->accountId && (empty($environment) || !$modify);
case static::SCOPE_ENVIRONMENT:
return $environment ? $entity->envId == $environment->id : $user->hasAccessToEnvironment($entity->envId);
case static::SCOPE_SCALR:
return !$modify;
default:
return false;
}
}
