/** * @param string $resource * @param string $actionName * @param array|null $payload * @param string[] $roles * * @throws AccessDeniedHttpException */ public function validate($resource, $actionName, $payload, $roles) { if (!$this->permissions->isReadable($resource, $actionName, $roles)) { throw new AccessDeniedHttpException('You are not allowed to access this resource'); } if ($payload) { if (!$this->permissions->isWritable($resource, $actionName, $roles)) { throw new AccessDeniedHttpException('You are not allowed to access this resource'); } foreach ($payload as $field => $value) { if (!$this->permissions->isWritable($resource . ':' . $field, $actionName, $roles)) { throw new AccessDeniedHttpException('You are not allowed to access this resource'); } } } }
/** * @param ActionResult $result * @param string $resource * @param string $action * @param string[] $roles * @return array */ public function filterResponse(ActionResult $result, $resource, $action, $roles) { $serializeAndFilter = function ($item) use($resource, $action, $roles) { $data = $this->serializer->deserialize($this->serializer->serialize($item, 'json', SerializationContext::create()->enableMaxDepthChecks()), 'array', 'json'); $fields = array_filter(array_keys($data), function ($field) use($resource, $action, $roles) { return $this->permissions->isReadable($resource . ':' . $field, $action, $roles); }); return array_intersect_key($data, array_flip($fields)); }; switch ($result->getType()) { case ActionResult::SIMPLE: case ActionResult::INSTANCE: $data = $serializeAndFilter($result->getResult()); break; case ActionResult::COLLECTION: $data = array_map($serializeAndFilter, $result->getResult()); break; default: throw new \InvalidArgumentException('Unsupported ActionResult type ' . $result->getType()); } return $data; }