/** * This method checks that the user logged into the system * is auhtorized to load the requested resource. * * @param array $args * The arguments necessary for rendering the resource representation * @return void */ protected function _authorize(array $args = array()) { // load the acutal channel first $channel = Mage::getModel('channel/channel')->load(Mage::app()->getStore()->getId()); // load the resource name $channelName = $channel->getCode(); // load the resource path $resourcePath = $this->_params[Faett_Channel_Helper_Data::TYPE]; // try to load the resource method if (array_key_exists(Faett_Channel_Helper_Data::ID, $this->_params) && $resourcePath == 'p') { $packageName = $this->_params[Faett_Channel_Helper_Data::ID]; } // check if an resource name and a method name can be extracted if (empty($packageName)) { if (empty($channelName)) { throw Faett_Channel_Exceptions_NoResourcePathException::create('The requested empty resource is not available', '200.error.acl.no-resource-path'); } } // load the ACL resource information $resources = $this->_getConfig()->getResources(); // check if the requested resource exists if (!isset($resources->{$channelName})) { throw Faett_Channel_Exceptions_InvalidResourcePathException::create('The requested channel ' . $channelName . ' is not available', '200.error.acl.invalid-resource-path'); } // if a resource method (package) was found, check if the method exists if (!empty($packageName)) { if (!isset($resources->{$channelName}->methods->{$packageName})) { throw Faett_Channel_Exceptions_InvalidResourcePathException::create('The requested package ' . $channelName . '/' . $packageName . ' is not available', '200.error.acl.invalid-resource-path'); } } // check if authentication is set if ($channel->hasAuthentication()) { // is yes, check if the user is allowed to open the resource if (!isset($resources->{$channelName}->public) && isset($resources->{$channelName}->acl) && !$this->_getSession()->isAllowed((string) $resources->{$channelName}->acl)) { throw Faett_Channel_Exceptions_AuthorizationException::create('You\'ve not the permissions to access the requested resource ' . $channelName, '200.error.acl.access-denied'); } // AND check if the user is allowed to invoke the resource method if (!empty($packageName)) { if (!isset($resources->{$channelName}->methods->{$packageName}->public) && isset($resources->{$channelName}->methods->{$packageName}->acl) && !$this->_getSession()->isAllowed((string) $resources->{$channelName}->methods->{$packageName}->acl)) { throw Faett_Channel_Exceptions_AuthorizationException::create('You\'ve not the permissions to access the requested resource ' . $channelName . '/' . $packageName, '200.error.acl.access-denied'); } } } // invoke the model associated to the ACL $modelName = (string) $resources->{$channelName}->model; // instanciate the model try { $model = Mage::getModel($modelName); if ($model instanceof Mage_Api_Model_Resource_Abstract) { $model->setResourceConfig($resources->{$channelName}); } } catch (Exception $e) { throw Faett_Channel_Exceptions_AuthorizationException::create('The requested resource ' . $channelName . ' can not be loaded', '200.error.resource-not-callable'); } // split the resource path and the resource method list($resourceName, $resourceMethod) = explode('/', $resourcePath); // add the resource method to invoke to the arguments array_push($args, $resourceMethod); // load the method information if (!empty($packageName)) { // check if a method to invoke is set for the package $methodInfo = $resources->{$channelName}->methods->{$packageName}; $method = isset($methodInfo->method) ? (string) $methodInfo->method : $resourceName; } else { // if not, the method to invoke IS the resource name $method = $resourceName; } // check if the requested method can be called if (is_callable(array(&$model, $method))) { if (isset($methodInfo->arguments) && (string) $methodInfo->arguments == 'array') { return $model->{$method}(is_array($args) ? $args : array($args)); } elseif (!is_array($args)) { return $model->{$method}($args); } else { return call_user_func_array(array(&$model, $method), $args); } } else { throw Faett_Channel_Exceptions_AuthorizationException::create('The requested resource ' . $channelName . '/' . $packageName . ' can not be loaded', '200.error.resource-method-not-callable'); } }
/** * This method checks that the user logged into the system * is auhtorized to load the requested resource. * * @param array $args * The arguments necessary for rendering the resource representation * @return void */ protected function _authorize(array $args = array()) { // prepend store name and load the API path with the ACL's $apiPath = Mage::app()->getStore()->getCode() . '/' . $this->_params[Faett_Channel_Helper_Data::TYPE]; // split the API path into resource and method name list($resourceName, $methodName, $serializerMethodName) = explode('/', $apiPath); // add the serializer method to invoke to the arguments array_push($args, $serializerMethodName); // check if an resource name and a method name can be extracted if (empty($resourceName) || empty($methodName)) { throw Faett_Channel_Exceptions_NoResourcePathException::create('The requested empty resource is not available', '200.error.acl.no-resource-path'); } // load the ACL resource information $resourcesAlias = $this->_getConfig()->getResourcesAlias(); $resources = $this->_getConfig()->getResources(); if (isset($resourcesAlias->{$resourceName})) { $resourceName = (string) $resourcesAlias->{$resourceName}; } // check if the requested resource exists if (!isset($resources->{$resourceName}) || !isset($resources->{$resourceName}->methods->{$methodName})) { throw Faett_Channel_Exceptions_InvalidResourcePathException::create('The requested resource ' . $resourceName . '/' . $methodName . ' is not available', '200.error.acl.invalid-resource-path'); } // check if authentication is set if ($this->_authentication) { // is yes, check if the user is allowed to open the resource if (!isset($resources->{$resourceName}->public) && isset($resources->{$resourceName}->acl) && !$this->_getSession()->isAllowed((string) $resources->{$resourceName}->acl)) { throw Faett_Channel_Exceptions_AuthorizationException::create('You\'ve not the permissions to access the requested resource ' . $resourceName, '200.error.acl.access-denied'); } // AND check if the user is allowed to invoke the resource method if (!isset($resources->{$resourceName}->methods->{$methodName}->public) && isset($resources->{$resourceName}->methods->{$methodName}->acl) && !$this->_getSession()->isAllowed((string) $resources->{$resourceName}->methods->{$methodName}->acl)) { throw Faett_Channel_Exceptions_AuthorizationException::create('You\'ve not the permissions to access the requested resource ' . $resourceName . '/' . $methodName, '200.error.acl.access-denied'); } } // load the method information $methodInfo = $resources->{$resourceName}->methods->{$methodName}; $method = isset($methodInfo->method) ? (string) $methodInfo->method : $methodName; // invoke the model associated to the ACL $modelName = (string) $resources->{$resourceName}->model; // instanciate the model try { $model = Mage::getModel($modelName); if ($model instanceof Mage_Api_Model_Resource_Abstract) { $model->setResourceConfig($resources->{$resourceName}); } } catch (Exception $e) { throw Faett_Channel_Exceptions_AuthorizationException::create('The requested resource ' . $resourceName . ' can not be loaded', '200.error.resource-not-callable'); } // check if the requested method can be called if (is_callable(array(&$model, $method))) { if (isset($methodInfo->arguments) && (string) $methodInfo->arguments == 'array') { return $model->{$method}(is_array($args) ? $args : array($args)); } elseif (!is_array($args)) { return $model->{$method}($args); } else { return call_user_func_array(array(&$model, $method), $args); } } else { throw Faett_Channel_Exceptions_AuthorizationException::create('The requested resource ' . $resourceName . '/' . $methodName . ' can not be loaded', '200.error.resource-method-not-callable'); } }