AccessDeniedHttpException example


        foreach ($pathSegments as $pathSegment) {
            /** @var EntityDefinition $definition */
            $definition = $pathSegment['definition'];

            foreach ($protections as $protection) {
                $protectionInstance = $definition->getProtections()->get($protection);
                if (!$protectionInstance || $protectionInstance->isAllowed($context->getScope())) {
                    continue;
                }

                throw new AccessDeniedHttpException(
                    sprintf('API access for entity "%s" not allowed.', $pathSegment['entity'])
                );
            }
        }
    }

    public function validateEntitySearch(EntitySearchedEvent $event): void
    {
        $definition = $event->getDefinition();
        $readProtection = $definition->getProtections()->get(ReadProtection::class);
        $context = $event->getContext();

        
if ($result->getTotal() === 0) {
            throw OAuthServerException::invalidCredentials();
        }

        return new Response(null, Response::HTTP_NO_CONTENT);
    }

    #[Route(path: '/api/user/{userId}', name: 'api.user.delete', defaults: ['auth_required' => true, '_acl' => ['user:delete']], methods: ['DELETE'])]     public function deleteUser(string $userId, Request $request, Context $context, ResponseFactoryInterface $factory): Response
    {
        if (!$this->hasScope($request, UserVerifiedScope::IDENTIFIER)) {
            throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request', UserVerifiedScope::IDENTIFIER));
        }

        /** @var AdminApiSource $source */
        $source = $context->getSource();

        if (
            !$source->isAllowed('user:update')
            && $source->getUserId() !== $userId
        ) {
            throw new PermissionDeniedException();
        }

        
// happens if Controller is a closure         if (!\is_array($controller)) {
            return;
        }

        $isAllowed = $event->getRequest()->attributes->getBoolean('XmlHttpRequest');

        if ($isAllowed) {
            return;
        }

        throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
    }

    // used to switch session token - when the context token expired     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
    {
        $context = $event->getSalesChannelContext();

        // only update session if token expired and switched         if ($event->getUsedToken() === $context->getToken()) {
            return;
        }

        
Home | Imprint | This part of the site doesn't use cookies.