Commit 48716433 authored by totten's avatar totten

CRM-16757 - Split extern/cxn.php into createApiServer() and CRM_Cxn_ApiRouter

parent ac61750f
<?php
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.6 |
+--------------------------------------------------------------------+
| Copyright (C) 2011 Marty Wright |
| Licensed to CiviCRM under the Academic Free License version 3.0. |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
* Class CRM_Cxn_ApiRouter
*
* The ApiRouter receives an incoming API request from CiviConnect,
* validates it, configures permissions, and sends it to the API layer.
*/
class CRM_Cxn_ApiRouter {
/**
* @param array $cxn
* @param string $entity
* @param string $action
* @param array $params
* @return mixed
*/
public static function route($cxn, $entity, $action, $params) {
$SUPER_PERM = array('administer CiviCRM');
require_once 'api/v3/utils.php';
// FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
!CRM_Utils_System::isSSL() &&
strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
) {
return civicrm_api3_create_error('System policy requires HTTPS.');
}
// Note: $cxn and cxnId are authenticated before router is called.
$dao = new CRM_Cxn_DAO_Cxn();
$dao->cxn_id = $cxn['cxnId'];
if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
return civicrm_api3_create_error('Failed to lookup connection authorizations.');
}
if (!$dao->is_active) {
return civicrm_api3_create_error('Connection is inactive.');
}
if (!is_string($entity) || !is_string($action) || !is_array($params)) {
return civicrm_api3_create_error('API parameters are malformed.');
}
if (
empty($cxn['perm']['api'])
|| !is_array($cxn['perm']['api'])
|| empty($cxn['perm']['grant'])
|| !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
) {
return civicrm_api3_create_error('Connection has no permissions.');
}
$whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
Civi\Core\Container::singleton()
->get('dispatcher')
->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
if ($cxn['perm']['grant'] === '*') {
CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
}
else {
CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
}
$params['check_permissions'] = 'whitelist';
return civicrm_api($entity, $action, $params);
}
}
......@@ -166,4 +166,17 @@ class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn {
return $client;
}
/**
* Construct a server for handling API requests.
*
* @return \Civi\Cxn\Rpc\ApiServer
*/
public static function createApiServer() {
$cxnStore = new CRM_Cxn_CiviCxnStore();
$apiServer = new \Civi\Cxn\Rpc\ApiServer($cxnStore);
$apiServer->setLog(new CRM_Utils_SystemLogger());
$apiServer->setRouter(array('CRM_Cxn_ApiRouter', 'route'));
return $apiServer;
}
}
......@@ -30,56 +30,6 @@ $config = CRM_Core_Config::singleton();
CRM_Utils_System::loadBootStrap(array(), FALSE);
$apiServer = new \Civi\Cxn\Rpc\ApiServer(new CRM_Cxn_CiviCxnStore());
$apiServer->setLog(new CRM_Utils_SystemLogger());
$apiServer->setRouter(function ($cxn, $entity, $action, $params) {
$SUPER_PERM = array('administer CiviCRM');
require_once 'api/v3/utils.php';
// FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
!CRM_Utils_System::isSSL() &&
strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
) {
return civicrm_api3_create_error('System policy requires HTTPS.');
}
// Note: $cxn and cxnId are authenticated before router is called.
$dao = new CRM_Cxn_DAO_Cxn();
$dao->cxn_id = $cxn['cxnId'];
if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
return civicrm_api3_create_error('Failed to lookup connection authorizations.');
}
if (!$dao->is_active) {
return civicrm_api3_create_error('Connection is inactive.');
}
if (!is_string($entity) || !is_string($action) || !is_array($params)) {
return civicrm_api3_create_error('API parameters are malformed.');
}
if (
empty($cxn['perm']['api'])
|| !is_array($cxn['perm']['api'])
|| empty($cxn['perm']['grant'])
|| !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
) {
return civicrm_api3_create_error('Connection has no permissions.');
}
$whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
Civi\Core\Container::singleton()
->get('dispatcher')
->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
if ($cxn['perm']['grant'] === '*') {
CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
}
else {
CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
}
$params['check_permissions'] = 'whitelist';
return civicrm_api($entity, $action, $params);
});
$apiServer->handle(file_get_contents('php://input'))->send();
CRM_Cxn_BAO_Cxn::createApiServer()
->handle(file_get_contents('php://input'))
->send();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment