CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
PermissionDeniedException example
}
private function validate(ApiHook $hook, Context $context): void
{
$scripts = $this->loader->get($hook->getName());
/** @var Script $script */
foreach ($scripts as $script) {
// todo@dr after implementing UI in admin, we can allow "private scripts" if (!$script->isAppScript()) {
throw new PermissionDeniedException();
}
/** @var ScriptAppInformation $appInfo */
$appInfo = $script->getScriptAppInformation();
$source = $context->getSource();
if ($source instanceof AdminApiSource && $source->getIntegrationId() === $appInfo->getIntegrationId()) {
// allow access to app endpoints from the integration of the same app continue;
}
/** @var AdminApiSource $source */
$source = $context->getSource();
$data = $request->request->all();
// only an admin is allowed to set the admin field if (
!$source->isAdmin()
&& isset($data['admin'])
) {
throw new PermissionDeniedException();
}
if (!isset($data['id'])) {
$data['id'] = null;
}
$data['id'] = $integrationId ?: $data['id'];
$events = $context->scope(Context::SYSTEM_SCOPE, fn (Context $context): EntityWrittenContainerEvent => $this->integrationRepository->upsert([$data], $context));
$event = $events->getEventByEntityName(IntegrationDefinition::ENTITY_NAME);
\assert($event !== null);
if (!$this->hasScope($request, UserVerifiedScope::IDENTIFIER)) {
throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request', UserVerifiedScope::IDENTIFIER));
}
/** @var AdminApiSource $source */
$source = $context->getSource();
if (
!$source->isAllowed('user:update')
&& $source->getUserId() !== $userId
) {
throw new PermissionDeniedException();
}
$context->scope(Context::SYSTEM_SCOPE, function DContext $context) use ($userId): void {
$this->userRepository->delete([['id' => $userId]], $context);
});
return $factory->createRedirectResponse($this->userRepository->getDefinition(), $userId, $request, $context);
}
#[Route(path: '/api/user/{userId}/access-keys/{id}', name: 'api.user_access_keys.delete', defaults: ['auth_required' => true, '_acl' => ['user_access_key:delete']], methods: ['DELETE'])] public function deleteUserAccessKey(string $id, Request $request, Context $context, ResponseFactoryInterface $factory): Response
{
throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request', UserVerifiedScope::IDENTIFIER));
}
/** @var AdminApiSource $source */
$source = $context->getSource();
if (
!$source->isAllowed('user:update')
&& $source->getUserId() !== $userId
) {
throw new PermissionDeniedException();
}
$context->scope(Context::SYSTEM_SCOPE, function DContext $context) use ($userId): void {
$this->userRepository->delete([['id' => $userId]], $context);
});
return $factory->createRedirectResponse($this->userRepository->getDefinition(), $userId, $request, $context);
}
#[Route(path: '/api/user/{userId}/access-keys/{id}', name: 'api.user_access_keys.delete', defaults: ['auth_required' => true, '_acl' => ['user_access_key:delete']], methods: ['DELETE'])] public function deleteUserAccessKey(string $id, Request $request, Context $context, ResponseFactoryInterface $factory): Response
{