/** * @param ValidatorProviderInterface $validators * @param RequestInterpreterInterface $interpreter * @param RequestInterface $request * @return DocumentValidatorInterface|null */ private function documentAcceptanceValidator(ValidatorProviderInterface $validators, RequestInterpreterInterface $interpreter, RequestInterface $request) { $resourceType = $request->getResourceType(); $resourceId = $interpreter->getResourceId(); $relationshipName = $interpreter->getRelationshipName(); $record = $request->getRecord(); /** Create Resource */ if ($interpreter->isCreateResource()) { return $validators->createResource($resourceType); } elseif ($interpreter->isUpdateResource()) { return $validators->updateResource($resourceType, $resourceId, $record); } elseif ($interpreter->isModifyRelationship()) { return $validators->modifyRelationship($resourceType, $resourceId, $relationshipName, $record); } return null; }
/** * @param RequestInterpreterInterface $interpreter * @return DocumentValidatorInterface */ private function documentValidator(RequestInterpreterInterface $interpreter) { if ($interpreter->isModifyRelationship()) { return $this->validators->relationshipDocument(); } $validator = $this->validators->resource($interpreter->getResourceType(), $interpreter->getResourceId()); return $this->validators->resourceDocument($validator); }
/** * @return $this */ private function assertDocumentNotExpected() { $this->assertFalse($this->request->isExpectingDocument(), 'Document should not be expected'); return $this; }
/** * @param RequestInterpreterInterface $interpreter * @param AuthorizerInterface $authorizer * @param RequestInterface $request * @return ErrorCollection|bool * errors if the request is not authorized, true if authorized. */ protected function checkAuthorization(RequestInterpreterInterface $interpreter, AuthorizerInterface $authorizer, RequestInterface $request) { $parameters = $request->getParameters(); $document = $request->getDocument(); $record = $request->getRecord(); $authorized = true; /** Index */ if ($interpreter->isIndex()) { $authorized = $authorizer->canReadMany($parameters); } elseif ($interpreter->isCreateResource()) { $authorized = $authorizer->canCreate($document->getResource(), $parameters); } elseif ($interpreter->isReadResource()) { $authorized = $authorizer->canRead($record, $parameters); } elseif ($interpreter->isUpdateResource()) { $authorized = $authorizer->canUpdate($record, $document->getResource(), $parameters); } elseif ($interpreter->isDeleteResource()) { $authorized = $authorizer->canDelete($record, $parameters); } elseif ($interpreter->isReadRelatedResource()) { $authorized = $authorizer->canReadRelatedResource($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isReadRelationship()) { $authorized = $authorizer->canReadRelationship($interpreter->getRelationshipName(), $record, $parameters); } elseif ($interpreter->isModifyRelationship()) { $authorized = $authorizer->canModifyRelationship($interpreter->getRelationshipName(), $record, $document->getRelationship(), $parameters); } return $authorized ?: $authorizer->getErrors(); }