vendor/shopware/platform/src/Core/Framework/Api/Acl/AclWriteValidator.php line 38

Open in your IDE?
  1. <?php declare(strict_types=1);
  2. namespace Shopware\Core\Framework\Api\Acl;
  3. use Shopware\Core\Framework\Api\Acl\Event\CommandAclValidationEvent;
  4. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  5. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  6. use Shopware\Core\Framework\Api\Context\AdminSalesChannelApiSource;
  7. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  8. use Shopware\Core\Framework\Context;
  9. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  10. use Shopware\Core\Framework\DataAbstractionLayer\Write\Command\WriteCommand;
  11. use Shopware\Core\Framework\DataAbstractionLayer\Write\Validation\PreWriteValidationEvent;
  12. use Shopware\Core\Framework\Uuid\Uuid;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  15. class AclWriteValidator implements EventSubscriberInterface
  16. {
  17.     /**
  18.      * @var EventDispatcherInterface
  19.      */
  20.     private $eventDispatcher;
  21.     public function __construct(EventDispatcherInterface $eventDispatcher)
  22.     {
  23.         $this->eventDispatcher $eventDispatcher;
  24.     }
  25.     /**
  26.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  27.      */
  28.     public static function getSubscribedEvents()
  29.     {
  30.         return [PreWriteValidationEvent::class => 'preValidate'];
  31.     }
  32.     public function preValidate(PreWriteValidationEvent $event): void
  33.     {
  34.         $context $event->getContext();
  35.         $source $event->getContext()->getSource();
  36.         if ($source instanceof AdminSalesChannelApiSource) {
  37.             $context $source->getOriginalContext();
  38.             $source $context->getSource();
  39.         }
  40.         if ($context->getScope() === Context::SYSTEM_SCOPE || !$source instanceof AdminApiSource || $source->isAdmin()) {
  41.             return;
  42.         }
  43.         $commands $event->getCommands();
  44.         $missingPrivileges = [];
  45.         foreach ($commands as $command) {
  46.             $resource $command->getDefinition()->getEntityName();
  47.             $privilege $command->getPrivilege();
  48.             if ($privilege === null) {
  49.                 continue;
  50.             }
  51.             if (is_subclass_of($command->getDefinition(), EntityTranslationDefinition::class)) {
  52.                 $resource $command->getDefinition()->getParentDefinition()->getEntityName();
  53.                 if ($privilege !== AclRoleDefinition::PRIVILEGE_DELETE) {
  54.                     $privilege $this->getPrivilegeForParentWriteOperation($command$commands);
  55.                 }
  56.             }
  57.             if (!$source->isAllowed($resource ':' $privilege)) {
  58.                 $missingPrivileges[] = $resource ':' $privilege;
  59.             }
  60.             $event = new CommandAclValidationEvent($missingPrivileges$source$command);
  61.             $this->eventDispatcher->dispatch($event);
  62.             $missingPrivileges $event->getMissingPrivileges();
  63.         }
  64.         $this->tryToThrow($missingPrivileges);
  65.     }
  66.     private function tryToThrow(array $missingPrivileges): void
  67.     {
  68.         if (!empty($missingPrivileges)) {
  69.             throw new MissingPrivilegeException($missingPrivileges);
  70.         }
  71.     }
  72.     /**
  73.      * @param WriteCommand[] $commands
  74.      */
  75.     private function getPrivilegeForParentWriteOperation(WriteCommand $command, array $commands): string
  76.     {
  77.         $pathSuffix '/translations/' Uuid::fromBytesToHex($command->getPrimaryKey()['language_id']);
  78.         $parentCommandPath str_replace($pathSuffix''$command->getPath());
  79.         $parentCommand $this->findCommandByPath($parentCommandPath$commands);
  80.         // writes to translation need privilege from parent command
  81.         // if we update e.g. a product and add translations for a new language
  82.         // the writeCommand on the translation would be an insert
  83.         if ($parentCommand) {
  84.             return (string) $parentCommand->getPrivilege();
  85.         }
  86.         // if we don't have a parentCommand it must be a update,
  87.         // because the parentEntity must already exist
  88.         return AclRoleDefinition::PRIVILEGE_UPDATE;
  89.     }
  90.     /**
  91.      * @param WriteCommand[] $commands
  92.      */
  93.     private function findCommandByPath(string $commandPath, array $commands): ?WriteCommand
  94.     {
  95.         foreach ($commands as $command) {
  96.             if ($command->getPath() === $commandPath) {
  97.                 return $command;
  98.             }
  99.         }
  100.         return null;
  101.     }
  102. }