MissingPrivilegeException example

#[Route(path: '/api/_admin/search', name: 'api.admin.search', defaults: ['_routeScope' => ['administration']], methods: ['POST'])]     public function search(Request $request, Context $context): Response
    {
        $criteriaCollection = $this->buildSearchEntities($request$context);

        $violations = [];

        foreach ($criteriaCollection as $entity => $criteria) {
            $missing = $this->criteriaValidator->validate($entity$criteria$context);

            if (!empty($missing)) {
                $violations[$entity] = (new MissingPrivilegeException($missing))->getErrors()->current();
                $criteriaCollection->remove($entity);
            }
        }

        $results = $this->searcher->search($criteriaCollection$context);

        foreach ($results as $entityName => $result) {
            if (!$criteriaCollection->has($entityName)) {
                continue;
            }

            
if ($this->isAdmin($userId)) {
            return true;
        }

        $permissions = $this->fetchPermissions($userId);
        $allAppsPrivileged = \in_array('app.all', $permissions, true);
        $appPrivilegeName = \sprintf('app.%s', $appName);
        $specificAppPrivileged = \in_array($appPrivilegeName$permissions, true);

        if (!($specificAppPrivileged || $allAppsPrivileged)) {
            throw new MissingPrivilegeException([$appPrivilegeName]);
        }

        return true;
    }
}
$definition = $this->definitionInstanceRegistry->getByEntityName($sourceEntity);
        $mappings = $profile->getMapping() ?? [];

        $mappedKeys = array_column($mappings, 'key');
        $propertyPaths = array_map(fn (string $key): array => explode('.', $key)$mappedKeys);

        foreach ($propertyPaths as $properties) {
            $missingPrivileges = $this->getMissingPrivilges($properties$definition$context$missingPrivileges);
        }

        if (!empty($missingPrivileges)) {
            throw new MissingPrivilegeException($missingPrivileges);
        }
    }

    /** * @param array<string> $properties * @param array<string> $missingPrivileges * * @return array<string> */
    private function getMissingPrivilges(
        array $properties,
        

    public function get(string $key, ?string $salesChannelId = null)
    {
        if (!$salesChannelId) {
            $salesChannelId = $this->salesChannelId;
        }

        if ($this->scriptAppInformation) {
            $privileges = $this->fetchAppPrivileges($this->scriptAppInformation->getAppId());

            if (!\in_array(self::PRIVILEGE, $privileges, true)) {
                throw new MissingPrivilegeException([self::PRIVILEGE]);
            }
        }

        return $this->systemConfigService->get($key$salesChannelId);
    }

    /** * The `app()` method allows you to access the config values your app's configuration. * Notice that your app does not need any additional privileges to use this method, as you can only access your own app's configuration. * * @param string $key The name of the configuration value specified in the config.xml e.g. `exampleTextField`. * @param string|null $salesChannelId The SalesChannelId if you need the config value for a specific SalesChannel, if you don't provide a SalesChannelId, the one of the current Context is used as default. * * @return array|bool|float|int|string|null * * @example test-config/script.twig 5 1 Read your app's config value. */
self::API_UNSUPPORTED_ASSOCIATION_FIELD,
            'Unsupported association for field {{ field }}',
            ['field' => $field]
        );
    }

    /** * @param string[] $permissions */
    public static function missingPrivileges(array $permissions): ShopwareHttpException
    {
        return new MissingPrivilegeException($permissions);
    }

    public static function missingReverseAssociation(string $entity, string $parentEntity): ShopwareHttpException
    {
        return new MissingReverseAssociation($entity$parentEntity);
    }

    public static function definitionNotFound(DefinitionNotFoundException $exception): self
    {
        return new self(
            Response::HTTP_NOT_FOUND,
            

    private function prepareCriteria(string $entityName, array $criteria): Criteria
    {
        $definition = $this->registry->getByEntityName($entityName);
        $criteriaObject = new Criteria();

        $this->criteriaBuilder->fromArray($criteria$criteriaObject$definition$this->context);

        $missingPermissions = $this->criteriaValidator->validate($entityName$criteriaObject$this->context);

        if (!empty($missingPermissions)) {
            throw new MissingPrivilegeException($missingPermissions);
        }

        return $criteriaObject;
    }
}
Home | Imprint | This part of the site doesn't use cookies.