CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
AccessDeniedHttpException example
foreach ($pathSegments as $pathSegment) {
/** @var EntityDefinition $definition */
$definition = $pathSegment['definition'];
foreach ($protections as $protection) {
$protectionInstance = $definition->getProtections()->get($protection);
if (!$protectionInstance || $protectionInstance->isAllowed($context->getScope())) {
continue;
}
throw new AccessDeniedHttpException(
sprintf('API access for entity "%s" not allowed.', $pathSegment['entity'])
);
}
}
}
public function validateEntitySearch(EntitySearchedEvent $event): void
{
$definition = $event->getDefinition();
$readProtection = $definition->getProtections()->get(ReadProtection::class);
$context = $event->getContext();
if ($result->getTotal() === 0) {
throw OAuthServerException::invalidCredentials();
}
return new Response(null, Response::HTTP_NO_CONTENT);
}
#[Route(path: '/api/user/{userId}', name: 'api.user.delete', defaults: ['auth_required' => true, '_acl' => ['user:delete']], methods: ['DELETE'])] public function deleteUser(string $userId, Request $request, Context $context, ResponseFactoryInterface $factory): Response
{
if (!$this->hasScope($request, UserVerifiedScope::IDENTIFIER)) {
throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request', UserVerifiedScope::IDENTIFIER));
}
/** @var AdminApiSource $source */
$source = $context->getSource();
if (
!$source->isAllowed('user:update')
&& $source->getUserId() !== $userId
) {
throw new PermissionDeniedException();
}
throw OAuthServerException::invalidCredentials();
}
return new Response(null, Response::HTTP_NO_CONTENT);
}
#[Route(path: '/api/user/{userId}', name: 'api.user.delete', defaults: ['auth_required' => true, '_acl' => ['user:delete']], methods: ['DELETE'])] public function deleteUser(string $userId, Request $request, Context $context, ResponseFactoryInterface $factory): Response
{
if (!$this->hasScope($request, UserVerifiedScope::IDENTIFIER)) {
throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request', UserVerifiedScope::IDENTIFIER));
}
/** @var AdminApiSource $source */
$source = $context->getSource();
if (
!$source->isAllowed('user:update')
&& $source->getUserId() !== $userId
) {
throw new PermissionDeniedException();
}
// happens if Controller is a closure
if (!\is_array($controller)) {
return;
}
$isAllowed = $event->getRequest()->attributes->getBoolean('XmlHttpRequest');
if ($isAllowed) {
return;
}
throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
}
// used to switch session token - when the context token expired public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
{
$context = $event->getSalesChannelContext();
// only update session if token expired and switched if ($event->getUsedToken() === $context->getToken()) {
return;
}
return;
}
$isAllowed = $event->getRequest()->attributes->getBoolean('XmlHttpRequest');
if ($isAllowed) {
return;
}
throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
}
// used to switch session token - when the context token expired public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
{
$context = $event->getSalesChannelContext();
// only update session if token expired and switched if ($event->getUsedToken() === $context->getToken()) {
return;
}