/** * Perform authentication and authorization. * * @throws \Magento\Framework\Exception\AuthorizationException * @return void */ private function checkPermissions() { $route = $this->router->match($this->request); if (!$this->authorization->isAllowed($route->getAclResources())) { $params = ['resources' => implode(', ', $route->getAclResources())]; throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, $params)); } }
/** * Perform authentication and authorization. * * @throws \Magento\Framework\Exception\AuthorizationException * @return void * @deprecated * @see \Magento\Webapi\Controller\Rest\RequestValidator::checkPermissions */ protected function checkPermissions() { $route = $this->getCurrentRoute(); if (!$this->authorization->isAllowed($route->getAclResources())) { $params = ['resources' => implode(', ', $route->getAclResources())]; throw new AuthorizationException(__('Consumer is not authorized to access %resources', $params)); } }
/** * Perform authentication and authorization. * * @throws \Magento\Framework\Exception\AuthorizationException * @return void */ protected function checkPermissions() { $route = $this->getCurrentRoute(); if (!$this->authorization->isAllowed($route->getAclResources())) { $params = ['resources' => implode(', ', $route->getAclResources())]; throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, $params)); } }
public function testGetMethodAllStoresInvalid() { $this->_routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['1'])); $this->_authorizationMock->expects($this->any())->method('isAllowed')->will($this->returnValue(true)); $this->storeMock->expects($this->once())->method('getCode')->willReturn('admin'); $this->_requestMock->expects($this->once())->method('getMethod')->willReturn('get'); $this->_restController->dispatch($this->_requestMock); $this->assertTrue($this->_responseMock->isException()); $this->assertSame("Cannot perform GET operation with store code 'all'", $this->_responseMock->getException()[0]->getMessage()); }
/** * Retrieve information only about those services/methods which are visible to current user. * * @param string[] $requestedServices * @return array */ protected function getAllowedServicesMetadata($requestedServices) { $allowedServicesMetadata = []; foreach ($requestedServices as $serviceName) { $serviceMetadata = $this->getServiceMetadata($serviceName); foreach ($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS] as $methodName => $methodData) { if (!$this->authorization->isAllowed($methodData[ServiceMetadata::KEY_ACL_RESOURCES])) { unset($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS][$methodName]); } } if (!empty($serviceMetadata[ServiceMetadata::KEY_SERVICE_METHODS])) { $this->removeRestrictedRoutes($serviceMetadata); $allowedServicesMetadata[$serviceName] = $serviceMetadata; } } return $allowedServicesMetadata; }
/** * Handler for all SOAP operations. * * @param string $operation * @param array $arguments * @return \stdClass|null * @throws WebapiException * @throws \LogicException * @throws AuthorizationException */ public function __call($operation, $arguments) { $requestedServices = $this->_request->getRequestedServices(); $serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices); $serviceClass = $serviceMethodInfo[ServiceMetadata::KEY_CLASS]; $serviceMethod = $serviceMethodInfo[ServiceMetadata::KEY_METHOD]; // check if the operation is a secure operation & whether the request was made in HTTPS if ($serviceMethodInfo[ServiceMetadata::KEY_IS_SECURE] && !$this->_request->isSecure()) { throw new WebapiException(__("Operation allowed only in HTTPS")); } if (!$this->authorization->isAllowed($serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])) { throw new AuthorizationException(__('Consumer is not authorized to access %resources', ['resources' => implode(', ', $serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])])); } $service = $this->_objectManager->get($serviceClass); $inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments); $outputData = call_user_func_array([$service, $serviceMethod], $inputData); return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod); }
/** * @expectedException \Magento\Framework\Exception\AuthorizationException * @expectedExceptionMessage Consumer is not authorized to access 5, 6 */ public function testAuthorizationFailed() { $this->authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(false)); $this->routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['5', '6'])); $this->requestValidator->validate(); }