WhitelistRule
class WhitelistRule
A WhitelistRule is used to determine if an API call is authorized.
For example:
Properties
| static | $IGNORE_FIELDS | ||
| int | $version | ||
| string | $entity | Entity name or '*' (all entities) | |
| string|array | $actions | List of actions which match, or '*' (all actions) | |
| array | $required | List of key=>value pairs that must appear in $params. | |
| array | $fields | List of fields which may be optionally inputted or returned, or '*" (all fields) |
Methods
Create a batch of rules from an array.
No description
No description
No description
Ensure that the return values comply with the whitelist's "fields" policy.
Determine which elements in $keys are acceptable under the whitelist policy.
Details
at line 72
static array
createAll(array $rules)
Create a batch of rules from an array.
at line 115
__construct($ruleSpec)
at line 142
bool
isValid()
at line 167
string|TRUE
matches(array $apiRequest)
at line 241
array
filter(array $apiRequest, array $apiResult)
Ensure that the return values comply with the whitelist's "fields" policy.
Most API's follow a convention where the result includes a 'values' array (which in turn is a list of records). Unfortunately, some don't. If the API result doesn't meet our expectation, then we probably don't know what's going on, so we abort the request.
This will probably break some of the layered-sugar APIs (like getsingle, getvalue). Just use the meat-and-potatoes API instead. Or craft a suitably targeted patch.
at line 269
protected array
filterFields(array $keys)
Determine which elements in $keys are acceptable under the whitelist policy.