/** * Construct Acl provider * @return \Directus\Acl */ private static function acl() { $acl = new acl(); $db = self::get('ZendDb'); $DirectusTablesTableGateway = new DirectusTablesTableGateway($acl, $db); $getTables = function () use($DirectusTablesTableGateway) { return $DirectusTablesTableGateway->select()->toArray(); }; $tableRecords = $DirectusTablesTableGateway->memcache->getOrCache(MemcacheProvider::getKeyDirectusTables(), $getTables, 1800); $magicOwnerColumnsByTable = []; foreach ($tableRecords as $tableRecord) { if (!empty($tableRecord['user_create_column'])) { $magicOwnerColumnsByTable[$tableRecord['table_name']] = $tableRecord['user_create_column']; } } $acl::$cms_owner_columns_by_table = $magicOwnerColumnsByTable; if (AuthProvider::loggedIn()) { $currentUser = AuthProvider::getUserInfo(); $Users = new DirectusUsersTableGateway($acl, $db); $cacheFn = function () use($currentUser, $Users) { return $Users->find($currentUser['id']); }; $cacheKey = MemcacheProvider::getKeyDirectusUserFind($currentUser['id']); $currentUser = $Users->memcache->getOrCache($cacheKey, $cacheFn, 10800); if ($currentUser) { $privilegesTable = new DirectusPrivilegesTableGateway($acl, $db); $acl->setGroupPrivileges($privilegesTable->getGroupPrivileges($currentUser['group'])); } } return $acl; }
// Uf the request it's done by authentication // Store the session information in a global variable // And we retrieve this information back to session at the end of the execution. // See slim.after hook. $GLOBALS['__SESSION'] = $_SESSION; // Reset SESSION values $_SESSION = []; Auth::setLoggedUser($user['id']); $app->emitter->run('directus.authenticated', [$app, $user]); $app->emitter->run('directus.authenticated.token', [$app, $user]); // Reload all user permissions // At this point ACL has run and loaded all permissions // This behavior works as expected when you are logged to the CMS/Management // When logged through API we need to reload all their permissions $privilegesTable = new DirectusPrivilegesTableGateway($acl, $ZendDb); $acl->setGroupPrivileges($privilegesTable->getGroupPrivileges($user['group'])); // @TODO: Adding an user should auto set its ID and GROUP $acl->setUserId($user['id']); $acl->setGroupId($user['group']); } /** Enforce required authentication. */ if (!Auth::loggedIn()) { $app->halt(401, __t('you_must_be_logged_in_to_access_the_api')); } /** Enforce required request nonces. */ // NOTE: do no use nonce until it's well implemented // OR in fact if it's actually necessary. // nonce needs to be checked // otherwise an error is thrown if (!$requestNonceProvider->requestHasValidNonce() && !$authToken) { // if('development' !== DIRECTUS_ENV) {