vendor/shopware/core/Framework/Api/Acl/AclWriteValidator.php line 41

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Acl;
  5. use Shopware\Core\Framework\Api\Acl\Event\CommandAclValidationEvent;
  6. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  7. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  8. use Shopware\Core\Framework\Api\Context\AdminSalesChannelApiSource;
  9. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  10. use Shopware\Core\Framework\Context;
  11. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  12. use Shopware\Core\Framework\DataAbstractionLayer\Write\Command\WriteCommand;
  13. use Shopware\Core\Framework\DataAbstractionLayer\Write\Validation\PreWriteValidationEvent;
  14. use Shopware\Core\Framework\Uuid\Uuid;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  18. /**
  19.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  20.  */
  21. class AclWriteValidator implements EventSubscriberInterface
  22. {
  23.     private EventDispatcherInterface $eventDispatcher;
  25.     /**
  26.      * @internal
  27.      */
  28.     public function __construct(EventDispatcherInterface $eventDispatcher)
  29.     {
  30.         $this->eventDispatcher $eventDispatcher;
  31.     }
  33.     /**
  34.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  35.      */
  36.     public static function getSubscribedEvents()
  37.     {
  38.         return [PreWriteValidationEvent::class => 'preValidate'];
  39.     }
  41.     public function preValidate(PreWriteValidationEvent $event): void
  42.     {
  43.         $context $event->getContext();
  44.         $source $event->getContext()->getSource();
  45.         if ($source instanceof AdminSalesChannelApiSource) {
  46.             $context $source->getOriginalContext();
  47.             $source $context->getSource();
  48.         }
  50.         if ($context->getScope() === Context::SYSTEM_SCOPE || !$source instanceof AdminApiSource || $source->isAdmin()) {
  51.             return;
  52.         }
  54.         $commands $event->getCommands();
  55.         $missingPrivileges = [];
  57.         foreach ($commands as $command) {
  58.             $resource $command->getDefinition()->getEntityName();
  59.             $privilege $command->getPrivilege();
  61.             if ($privilege === null) {
  62.                 continue;
  63.             }
  65.             if (is_subclass_of($command->getDefinition(), EntityTranslationDefinition::class)) {
  66.                 $resource $command->getDefinition()->getParentDefinition()->getEntityName();
  68.                 if ($privilege !== AclRoleDefinition::PRIVILEGE_DELETE) {
  69.                     $privilege $this->getPrivilegeForParentWriteOperation($command$commands);
  70.                 }
  71.             }
  73.             if (!$source->isAllowed($resource ':' $privilege)) {
  74.                 $missingPrivileges[] = $resource ':' $privilege;
  75.             }
  77.             $event = new CommandAclValidationEvent($missingPrivileges$source$command);
  78.             $this->eventDispatcher->dispatch($event);
  79.             $missingPrivileges $event->getMissingPrivileges();
  80.         }
  82.         $this->tryToThrow($missingPrivileges);
  83.     }
  85.     /**
  86.      * @param list<string> $missingPrivileges
  87.      */
  88.     private function tryToThrow(array $missingPrivileges): void
  89.     {
  90.         if (!empty($missingPrivileges)) {
  91.             throw new MissingPrivilegeException($missingPrivileges);
  92.         }
  93.     }
  95.     /**
  96.      * @param WriteCommand[] $commands
  97.      */
  98.     private function getPrivilegeForParentWriteOperation(WriteCommand $command, array $commands): string
  99.     {
  100.         $pathSuffix '/translations/' Uuid::fromBytesToHex($command->getPrimaryKey()['language_id']);
  101.         $parentCommandPath str_replace($pathSuffix''$command->getPath());
  102.         $parentCommand $this->findCommandByPath($parentCommandPath$commands);
  104.         // writes to translation need privilege from parent command
  105.         // if we update e.g. a product and add translations for a new language
  106.         // the writeCommand on the translation would be an insert
  107.         if ($parentCommand) {
  108.             return (string) $parentCommand->getPrivilege();
  109.         }
  111.         // if we don't have a parentCommand it must be a update,
  112.         // because the parentEntity must already exist
  113.         return AclRoleDefinition::PRIVILEGE_UPDATE;
  114.     }
  116.     /**
  117.      * @param WriteCommand[] $commands
  118.      */
  119.     private function findCommandByPath(string $commandPath, array $commands): ?WriteCommand
  120.     {
  121.         foreach ($commands as $command) {
  122.             if ($command->getPath() === $commandPath) {
  123.                 return $command;
  124.             }
  125.         }
  127.         return null;
  128.     }
  129. }