/** * {@inheritdoc} * @see ApiEntityAdapter::copyAlterableProperties() */ public function copyAlterableProperties($object, AbstractEntity $entity, $scope = ScopeInterface::SCOPE_SCALR) { /* @var $entity GlobalVariable */ $rules = $this->getRules(); if (!isset($rules[static::RULE_TYPE_ALTERABLE])) { //Nothing to copy throw new Exception(sprintf("ApiEntityAdapter::RULE_TYPE_ALTERABLE offset of rules has not been defined for the %s class.", get_class($this))); } $notAlterable = array_diff(array_keys(get_object_vars($object)), $rules[static::RULE_TYPE_ALTERABLE]); if (!empty($notAlterable)) { if (count($notAlterable) > 1) { $message = "You are trying to set properties %s that either are not alterable or do not exist"; } else { $message = "You are trying to set the property %s which either is not alterable or does not exist"; } throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, sprintf($message, implode(', ', $notAlterable))); } $allowOnlyValue = $this->scopesPriority[$entity->getScope()] < $this->scopesPriority[$scope]; if ($entity->final && $allowOnlyValue) { throw new ApiErrorException(403, ErrorMessage::ERR_SCOPE_VIOLATION, "You can't change final variable locked on {$entity->getScope()} level"); } foreach ($rules[static::RULE_TYPE_ALTERABLE] as $key) { if (!property_exists($object, $key)) { continue; } //As the name of the property that goes into response may be different from the //real property name in the Entity object it should be mapped at first if (!empty($rules[static::RULE_TYPE_TO_DATA])) { //if toData rule is null it means all properties are allowed if (($property = array_search($key, $rules[static::RULE_TYPE_TO_DATA])) !== false) { if (is_string($property)) { //In this case the real name of the property is the key of the array if ($property[0] === '_' && method_exists($this, $property)) { //It is callable continue; } } else { $property = $key; } if ($allowOnlyValue && $property != 'value' && isset($object->{$key}) && $object->{$key} != $entity->{$property}) { throw new ApiErrorException(403, ErrorMessage::ERR_SCOPE_VIOLATION, sprintf("This variable was declared in the %s Scope, you can only modify its 'value' field in the Farm Role Scope", ucfirst($entity->getScope()))); } } } } }
/** * Check whether the user has access permissions to the specified object. * * It should check only Entity level access permissions, NOT ACL * * @param AbstractEntity $entity Object that defines permissions * @param User $user The User Entity * @param Environment $environment optional The Environment Entity if request is from Environment scope * @param bool $modify optional Whether it should check MODIFY permission. By default it checks READ permission. * * @return bool Returns TRUE if the user has access to the specified object * * @see AccessPermissionsInterface::hasAccessPermissions() */ public function checkInheritedPermissions(AbstractEntity $entity, User $user, Environment $environment = null, $modify = null) { if (!$entity instanceof ScopeInterface) { throw new InvalidArgumentException("Entity must implements ScopeInterface!"); } switch ($entity->getScope()) { case static::SCOPE_ACCOUNT: return $entity->accountId == $user->accountId && (empty($environment) || !$modify); case static::SCOPE_ENVIRONMENT: return $environment ? $entity->envId == $environment->id : $user->hasAccessToEnvironment($entity->envId); case static::SCOPE_SCALR: return !$modify; default: return false; } }