vendor/shopware/core/Framework/Api/Acl/AclWriteValidator.php line 22

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Acl;
  5. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  6. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  7. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  8. use Shopware\Core\Framework\Context;
  9. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  10. use Shopware\Core\Framework\DataAbstractionLayer\Write\Command\WriteCommand;
  11. use Shopware\Core\Framework\DataAbstractionLayer\Write\Validation\PreWriteValidationEvent;
  12. use Shopware\Core\Framework\Uuid\Uuid;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. class AclWriteValidator implements EventSubscriberInterface
  16. {
  17.     public static function getSubscribedEvents()
  18.     {
  19.         return [PreWriteValidationEvent::class => 'preValidate'];
  20.     }
  22.     public function preValidate(PreWriteValidationEvent $event): void
  23.     {
  24.         if ($event->getContext()->getScope() === Context::SYSTEM_SCOPE) {
  25.             return;
  26.         }
  28.         $commands $event->getCommands();
  29.         $source $event->getContext()->getSource();
  30.         if (!$source instanceof AdminApiSource || $source->isAdmin()) {
  31.             return;
  32.         }
  34.         $missingPrivileges = [];
  36.         foreach ($commands as $command) {
  37.             $resource $command->getDefinition()->getEntityName();
  38.             $privilege $command->getPrivilege();
  40.             if ($privilege === null) {
  41.                 continue;
  42.             }
  44.             if (is_subclass_of($command->getDefinition(), EntityTranslationDefinition::class)) {
  45.                 $resource $command->getDefinition()->getParentDefinition()->getEntityName();
  47.                 if ($privilege !== AclRoleDefinition::PRIVILEGE_DELETE) {
  48.                     $privilege $this->getPrivilegeForParentWriteOperation($command$commands);
  49.                 }
  50.             }
  52.             if (!$source->isAllowed($resource ':' $privilege)) {
  53.                 $missingPrivileges[] = $resource ':' $privilege;
  54.             }
  55.         }
  57.         $this->tryToThrow($missingPrivileges);
  58.     }
  60.     private function tryToThrow(array $missingPrivileges): void
  61.     {
  62.         if (!empty($missingPrivileges)) {
  63.             throw new MissingPrivilegeException($missingPrivileges);
  64.         }
  65.     }
  67.     /**
  68.      * @param WriteCommand[] $commands
  69.      */
  70.     private function getPrivilegeForParentWriteOperation(WriteCommand $command, array $commands): string
  71.     {
  72.         $pathSuffix '/translations/' Uuid::fromBytesToHex($command->getPrimaryKey()['language_id']);
  73.         $parentCommandPath str_replace($pathSuffix''$command->getPath());
  74.         $parentCommand $this->findCommandByPath($parentCommandPath$commands);
  76.         // writes to translation need privilege from parent command
  77.         // if we update e.g. a product and add translations for a new language
  78.         // the writeCommand on the translation would be an insert
  79.         if ($parentCommand) {
  80.             return (string) $parentCommand->getPrivilege();
  81.         }
  83.         // if we don't have a parentCommand it must be a update,
  84.         // because the parentEntity must already exist
  85.         return AclRoleDefinition::PRIVILEGE_UPDATE;
  86.     }
  88.     /**
  89.      * @param WriteCommand[] $commands
  90.      */
  91.     private function findCommandByPath(string $commandPath, array $commands): ?WriteCommand
  92.     {
  93.         foreach ($commands as $command) {
  94.             if ($command->getPath() === $commandPath) {
  95.                 return $command;
  96.             }
  97.         }
  99.         return null;
  100.     }
  101. }