Civi\API\Subscriber\DynamicFKAuthorization

class DynamicFKAuthorization implements EventSubscriberInterface

Given an entity which dynamically attaches itself to another entity, determine if one has permission to the other entity.

Example: Suppose one tries to manipulate a File which is attached to a Mailing. DynamicFKAuthorization will enforce permissions on the File by imitating the permissions of the Mailing.

Note: This enforces a constraint: all matching API calls must define "id" (e.g. for the file) or "entity_table+entity_id" or "field_name+entity_id".

Note: The permission guard does not exactly authorize the request, but it may veto authorization.

Properties

Kernel	$kernel
protected string,	$entityName
protected array	$actions
protected string,	$lookupDelegateSql
protected string,	$lookupCustomFieldSql
protected array	$lookupCustomFieldCache
protected array	$allowedDelegates

Methods

static array

getSubscribedEvents()

No description

__construct(Kernel $kernel, string $entityName, array $actions, string $lookupDelegateSql, string $lookupCustomFieldSql, array|NULL $allowedDelegates = NULL)

No description

onApiAuthorize( $event)

No description

authorizeDelegate(string $action, string $entityTable, int|NULL $entityId, array $apiRequest)

No description

preventReassignment(int $fileId, string $entityTable, int $entityId, array $apiRequest)

If the request attempts to change the entity_table/entity_id of an existing record, then generate an error.

string|NULL

getDelegatedEntityName(string $entityTable)

No description

string

getDelegatedAction(string $action)

No description

array

getDelegate(int $id)

No description

bool

isTrusted(array $apiRequest)

No description

array

getCustomFields()

No description

Details

at line 53
`static array getSubscribedEvents()`

Return Value

array

at line 130
`__construct(Kernel $kernel, string $entityName, array $actions, string $lookupDelegateSql, string $lookupCustomFieldSql, array|NULL $allowedDelegates = NULL)`

Parameters

Kernel	$kernel	The API kernel.
string	$entityName	The entity for which we want to manage permissions (e.g. "File" or "Note").
array	$actions	The actions for which we want to manage permissions (e.g. "create", "get", "delete").
string	$lookupDelegateSql	See docblock in DynamicFKAuthorization::$lookupDelegateSql.
string	$lookupCustomFieldSql	See docblock in DynamicFKAuthorization::$lookupCustomFieldSql.
array\|NULL	$allowedDelegates	e.g. "civicrm_mailing","civicrm_activity"; NULL to allow any.

at line 145
`onApiAuthorize( $event)`

Parameters

$event

API authorization event.

Exceptions

API_Exception
UnauthorizedException

at line 208
`authorizeDelegate(string $action, string $entityTable, int|NULL $entityId, array $apiRequest)`

Parameters

string	$action	The API action (e.g. "create").
string	$entityTable	The target entity table (e.g. "civicrm_mailing").
int\|NULL	$entityId	The target entity ID.
array	$apiRequest	The full API request.

Exceptions

Exception
API_Exception
UnauthorizedException

at line 262
`preventReassignment(int $fileId, string $entityTable, int $entityId, array $apiRequest)`

If the request attempts to change the entity_table/entity_id of an existing record, then generate an error.

Parameters

int	$fileId	The main record being changed.
string	$entityTable	The saved FK.
int	$entityId	The saved FK.
array	$apiRequest	The full API request.

Exceptions

API_Exception

at line 280
`string|NULL getDelegatedEntityName(string $entityTable)`

Parameters

string

$entityTable

The target entity table (e.g. "civicrm_mailing" or "civicrm_activity").

Return Value

string|NULL

The target entity name (e.g. "Mailing" or "Activity").

at line 300
`string getDelegatedAction(string $action)`

Parameters

string

$action

API action name -- e.g. "create" ("When running create on a file...").

Return Value

string

e.g. "create" ("Check for create permission on the mailing to which it is attached.")

at line 324
`array getDelegate(int $id)`

Parameters

int

$id

e.g. file ID.

Return Value

array

(0 => bool $isValid, 1 => string $entityTable, 2 => int $entityId)

Exceptions

Exception

at line 352
`bool isTrusted(array $apiRequest)`

Parameters

array

$apiRequest

The full API request.

Return Value

bool

at line 361
`array getCustomFields()`

Return Value

array

Each item has keys 'field_name', 'table_name', 'extends', 'entity_table'

DynamicFKAuthorization

Properties

Methods

Details

at line 53 static array getSubscribedEvents()

Return Value

at line 130 __construct(Kernel $kernel, string $entityName, array $actions, string $lookupDelegateSql, string $lookupCustomFieldSql, array|NULL $allowedDelegates = NULL)

Parameters

at line 145 onApiAuthorize( $event)

Parameters

Exceptions

at line 208 authorizeDelegate(string $action, string $entityTable, int|NULL $entityId, array $apiRequest)

Parameters

Exceptions

at line 262 preventReassignment(int $fileId, string $entityTable, int $entityId, array $apiRequest)

Parameters

Exceptions

at line 280 string|NULL getDelegatedEntityName(string $entityTable)

Parameters

Return Value

at line 300 string getDelegatedAction(string $action)

Parameters

Return Value

at line 324 array getDelegate(int $id)

Parameters

Return Value

Exceptions

at line 352 bool isTrusted(array $apiRequest)

Parameters

Return Value

at line 361 array getCustomFields()

Return Value

at line 53
`static array getSubscribedEvents()`

at line 130
`__construct(Kernel $kernel, string $entityName, array $actions, string $lookupDelegateSql, string $lookupCustomFieldSql, array|NULL $allowedDelegates = NULL)`

at line 145
`onApiAuthorize( $event)`

at line 208
`authorizeDelegate(string $action, string $entityTable, int|NULL $entityId, array $apiRequest)`

at line 262
`preventReassignment(int $fileId, string $entityTable, int $entityId, array $apiRequest)`

at line 280
`string|NULL getDelegatedEntityName(string $entityTable)`

at line 300
`string getDelegatedAction(string $action)`

at line 324
`array getDelegate(int $id)`

at line 352
`bool isTrusted(array $apiRequest)`

at line 361
`array getCustomFields()`