AuthorizeRecordEvent
extends GenericHookEvent
in package
uses
RequestTrait, AuthorizedTrait, ActiveUserTrait
Determine if the a user has WRITE access to a given record.
This event does not impact READ access for get actions.
Event name: 'civi.api4.authorizeRecord'
Table of Contents
Properties
- $apiRequest : AbstractAction|array<string|int, mixed>
- $hookFields : array<string|int, mixed>
- $hookFieldsFlip : array<string|int, mixed>
- $hookValues : array<string|int, mixed>
- $authorized : bool|null
- $BLACKLIST : array<string|int, mixed>
- List of field names that are prohibited due to conflicts in the class-hierarchy.
- $record : array<string|int, mixed>
- All (known/loaded) values of individual record being accessed.
- $returnValues : mixed
- Some legacy hooks expect listener-functions to return a value.
- $userID : int
- Contact ID of the active/target user (whose access we must check).
Methods
- __construct() : mixed
- CheckAccessEvent constructor.
- __get() : mixed
- __isset() : mixed
- __set() : mixed
- __unset() : mixed
- addReturnValues() : GenericHookEvent
- authorize() : static
- Mark the request as authorized.
- create() : GenericHookEvent
- Create a GenericHookEvent using key-value pairs.
- createOrdered() : GenericHookEvent
- Create a GenericHookEvent using ordered parameters.
- getActionName() : string
- getApiRequest() : AbstractAction|array<string|int, mixed>
- getApiRequestSig() : string
- Create a brief string identifying the entity/action. Useful for pithy matching/switching.
- getEntityName() : string
- getHookValues() : array<string|int, mixed>
- getRecord() : array<string|int, mixed>
- getReturnValues() : mixed
- getUserID() : int
- hasField() : bool
- Determine whether the hook supports the given field.
- isAuthorized() : bool|null
- setAuthorized() : static
- Change the authorization status.
- setApiRequest() : static
- setUser() : $this
- assertValidHookFields() : mixed
Properties
$apiRequest
protected
AbstractAction|array<string|int, mixed>
$apiRequest
The full description of the API request.
Tags
$hookFields
protected
array<string|int, mixed>
$hookFields
Ex: array(0 => 'contactID', 1 => 'contentPlacement').
$hookFieldsFlip
protected
array<string|int, mixed>
$hookFieldsFlip
Ex: array('contactID' => 0, 'contentPlacement' => 1).
$hookValues
protected
array<string|int, mixed>
$hookValues
Ex: array(0 => &$contactID, 1 => &$contentPlacement).
$authorized
private
bool|null
$authorized
= NULL
- TRUE: The action is explicitly authorized.
- FALSE: The action is explicitly prohibited.
- NULL: The authorization status has not been determined.
$BLACKLIST
List of field names that are prohibited due to conflicts in the class-hierarchy.
private
static array<string|int, mixed>
$BLACKLIST
= ['name', 'dispatcher', 'propagationStopped', 'hookBlacklist', 'hookValues', 'hookFields', 'hookFieldsFlip']
$record
All (known/loaded) values of individual record being accessed.
private
array<string|int, mixed>
$record
The record should provide an 'id' but may otherwise be incomplete; guard accordingly.
$returnValues
Some legacy hooks expect listener-functions to return a value.
private
mixed
$returnValues
= []
OOP listeners may set the $returnValue.
This field is not recommended for use in new hooks. The return-value convention is not portable across different implementations of the hook system. Instead, it's more portable to provide an alterable, named field.
$userID
Contact ID of the active/target user (whose access we must check).
private
int
$userID
0 for anonymous.
Methods
__construct()
CheckAccessEvent constructor.
public
__construct(AbstractAction $apiRequest, array<string|int, mixed> $record, int $userID) : mixed
Parameters
- $apiRequest : AbstractAction
- $record : array<string|int, mixed>
-
All (known/loaded) values of individual record being accessed. The record should provide an 'id' but may otherwise be incomplete; guard accordingly.
- $userID : int
-
Contact ID of the active/target user (whose access we must check). 0 for anonymous.
__get()
public
& __get(mixed $name) : mixed
Parameters
- $name : mixed
Tags
__isset()
public
__isset(mixed $name) : mixed
Parameters
- $name : mixed
Tags
__set()
public
__set(mixed $name, mixed $value) : mixed
Parameters
- $name : mixed
- $value : mixed
Tags
__unset()
public
__unset(mixed $name) : mixed
Parameters
- $name : mixed
Tags
addReturnValues()
public
addReturnValues(mixed $fResult) : GenericHookEvent
Parameters
- $fResult : mixed
Return values
GenericHookEventauthorize()
Mark the request as authorized.
public
authorize() : static
Return values
staticcreate()
Create a GenericHookEvent using key-value pairs.
public
static create(array<string|int, mixed> $params) : GenericHookEvent
Parameters
- $params : array<string|int, mixed>
-
Ex: array('contactID' => &$contactID, 'contentPlacement' => &$contentPlacement).
Return values
GenericHookEventcreateOrdered()
Create a GenericHookEvent using ordered parameters.
public
static createOrdered(array<string|int, mixed> $hookFields, array<string|int, mixed> $hookValues) : GenericHookEvent
Parameters
- $hookFields : array<string|int, mixed>
-
Ex: array(0 => 'contactID', 1 => 'contentPlacement').
- $hookValues : array<string|int, mixed>
-
Ex: array(0 => &$contactID, 1 => &$contentPlacement).
Return values
GenericHookEventgetActionName()
public
getActionName() : string
Return values
string —Ex: 'create', 'update'
getApiRequest()
public
getApiRequest() : AbstractAction|array<string|int, mixed>
Return values
AbstractAction|array<string|int, mixed>getApiRequestSig()
Create a brief string identifying the entity/action. Useful for pithy matching/switching.
public
getApiRequestSig() : string
Ex: if ($e->getApiRequestSig() === '3.contact.get') { ... }
Return values
string —Ex: '3.contact.get'
getEntityName()
public
getEntityName() : string
Return values
string —Ex: 'Contact', 'Activity'
getHookValues()
public
getHookValues() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —Ex: array(0 => &$contactID, 1 => &$contentPlacement).
getRecord()
public
getRecord() : array<string|int, mixed>
Return values
array<string|int, mixed>getReturnValues()
public
getReturnValues() : mixed
getUserID()
public
getUserID() : int
Return values
int —Contact ID of the active/target user (whose access we must check). 0 for anonymous.
hasField()
Determine whether the hook supports the given field.
public
hasField(string $name) : bool
The field may or may not be empty. Use isset() or empty() to check that.
Parameters
- $name : string
Return values
boolisAuthorized()
public
isAuthorized() : bool|null
Return values
bool|null —TRUE if the request has been authorized.
setAuthorized()
Change the authorization status.
public
setAuthorized(bool|null $authorized) : static
Parameters
- $authorized : bool|null
Return values
staticsetApiRequest()
protected
setApiRequest(AbstractAction|array<string|int, mixed> $apiRequest) : static
Parameters
- $apiRequest : AbstractAction|array<string|int, mixed>
-
The full description of the API request.
Return values
staticsetUser()
protected
setUser(int|null $userID) : $this
Parameters
- $userID : int|null
-
Contact ID of the active/target user (whose access we must check). 0 for anonymous.
Return values
$thisassertValidHookFields()
private
static assertValidHookFields(array<string|int, mixed> $fields) : mixed
Parameters
- $fields : array<string|int, mixed>
-
List of field names.