OpenXE/classes/Modules/Api/Auth/PermissionGuard.php

<?php

declare(strict_types=1);

namespace Xentral\Modules\Api\Auth;

use Xentral\Components\Database\Database;
use Xentral\Modules\Api\Error\ApiError;
use Xentral\Modules\Api\Exception\AuthorizationErrorException;

class PermissionGuard
{
    /** @var Database */
    private $database;

    /** @var int */
    private $apiAccountId;

    /**
     * PermissionGuard constructor.
     *
     * @param Database $database
     * @param int      $apiAccountId
     */
    public function __construct(Database $database, int $apiAccountId)
    {
        $this->database = $database;
        $this->apiAccountId = $apiAccountId;
    }

    /**
     * @param string $neededPermission
     */
    public function check(string $neededPermission): void
    {
        $permissions = $this->getApiAccountPermissions();

        $hasPermission = in_array($neededPermission, $permissions);

        if (!$hasPermission) {
            throw new AuthorizationErrorException(
                'Api account has not needed permissions',
                ApiError::CODE_API_ACCOUNT_PERMISSION_MISSING
            );
        }
    }

    /**
     * @param string $action
     *
     * @return void
     */
    public function checkStandardApiAction(string $action): void
    {
        $neededPermission = 'standard_' . strtolower($action);
        $this->check($neededPermission);
    }

    /**
     * @return array
     */
    private function getApiAccountPermissions(): array
    {
        $jsonEncodedPermissions = $this->database->fetchValue(
            'SELECT `permissions` FROM `api_account` WHERE `id` = :api_account_id',
            ['api_account_id' => $this->apiAccountId]
        );

        if( $jsonEncodedPermissions === null ) {
            return [];
        }

        $permissions = json_decode($jsonEncodedPermissions, true);

        return is_array($permissions)
            ? $permissions
            : [];
    }
}
Initial xentral_oss_20.3.c9ffacf 2021-05-21 08:49:41 +02:00			`<?php`

			`declare(strict_types=1);`

			`namespace Xentral\Modules\Api\Auth;`

			`use Xentral\Components\Database\Database;`
			`use Xentral\Modules\Api\Error\ApiError;`
			`use Xentral\Modules\Api\Exception\AuthorizationErrorException;`

			`class PermissionGuard`
			`{`
			`/** @var Database */`
			`private $database;`

			`/** @var int */`
			`private $apiAccountId;`

			`/**`
			`* PermissionGuard constructor.`
			`*`
			`* @param Database $database`
			`* @param int $apiAccountId`
			`*/`
			`public function __construct(Database $database, int $apiAccountId)`
			`{`
			`$this->database = $database;`
			`$this->apiAccountId = $apiAccountId;`
			`}`

			`/**`
			`* @param string $neededPermission`
			`*/`
			`public function check(string $neededPermission): void`
			`{`
			`$permissions = $this->getApiAccountPermissions();`

			`$hasPermission = in_array($neededPermission, $permissions);`

			`if (!$hasPermission) {`
			`throw new AuthorizationErrorException(`
			`'Api account has not needed permissions',`
			`ApiError::CODE_API_ACCOUNT_PERMISSION_MISSING`
			`);`
			`}`
			`}`

			`/**`
			`* @param string $action`
			`*`
			`* @return void`
			`*/`
			`public function checkStandardApiAction(string $action): void`
			`{`
			`$neededPermission = 'standard_' . strtolower($action);`
			`$this->check($neededPermission);`
			`}`

			`/**`
			`* @return array`
			`*/`
			`private function getApiAccountPermissions(): array`
			`{`
			`$jsonEncodedPermissions = $this->database->fetchValue(`
			'SELECT `permissions` FROM `api_account` WHERE `id` = :api_account_id',
			`['api_account_id' => $this->apiAccountId]`
			`);`

			`if( $jsonEncodedPermissions === null ) {`
			`return [];`
			`}`

			`$permissions = json_decode($jsonEncodedPermissions, true);`

			`return is_array($permissions)`
			`? $permissions`
			`: [];`
			`}`
			`}`