vendor/shopware/core/Framework/Api/Acl/AclWriteValidator.php line 43

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Acl;
  5. use Shopware\Core\Framework\Api\Acl\Event\CommandAclValidationEvent;
  6. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  7. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  8. use Shopware\Core\Framework\Api\Context\AdminSalesChannelApiSource;
  9. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  10. use Shopware\Core\Framework\Context;
  11. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  12. use Shopware\Core\Framework\DataAbstractionLayer\Write\Command\WriteCommand;
  13. use Shopware\Core\Framework\DataAbstractionLayer\Write\Validation\PreWriteValidationEvent;
  14. use Shopware\Core\Framework\Log\Package;
  15. use Shopware\Core\Framework\Uuid\Uuid;
  16. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  17. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  19. /**
  20.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  21.  */
  22. #[Package('system-settings')]
  23. class AclWriteValidator implements EventSubscriberInterface
  24. {
  25.     private EventDispatcherInterface $eventDispatcher;
  27.     /**
  28.      * @internal
  29.      */
  30.     public function __construct(EventDispatcherInterface $eventDispatcher)
  31.     {
  32.         $this->eventDispatcher $eventDispatcher;
  33.     }
  35.     /**
  36.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  37.      */
  38.     public static function getSubscribedEvents()
  39.     {
  40.         return [PreWriteValidationEvent::class => 'preValidate'];
  41.     }
  43.     public function preValidate(PreWriteValidationEvent $event): void
  44.     {
  45.         $context $event->getContext();
  46.         $source $event->getContext()->getSource();
  47.         if ($source instanceof AdminSalesChannelApiSource) {
  48.             $context $source->getOriginalContext();
  49.             $source $context->getSource();
  50.         }
  52.         if ($context->getScope() === Context::SYSTEM_SCOPE || !$source instanceof AdminApiSource || $source->isAdmin()) {
  53.             return;
  54.         }
  56.         $commands $event->getCommands();
  57.         $missingPrivileges = [];
  59.         foreach ($commands as $command) {
  60.             $resource $command->getDefinition()->getEntityName();
  61.             $privilege $command->getPrivilege();
  63.             if ($privilege === null) {
  64.                 continue;
  65.             }
  67.             if (is_subclass_of($command->getDefinition(), EntityTranslationDefinition::class)) {
  68.                 $resource $command->getDefinition()->getParentDefinition()->getEntityName();
  70.                 if ($privilege !== AclRoleDefinition::PRIVILEGE_DELETE) {
  71.                     $privilege $this->getPrivilegeForParentWriteOperation($command$commands);
  72.                 }
  73.             }
  75.             if (!$source->isAllowed($resource ':' $privilege)) {
  76.                 $missingPrivileges[] = $resource ':' $privilege;
  77.             }
  79.             $event = new CommandAclValidationEvent($missingPrivileges$source$command);
  80.             $this->eventDispatcher->dispatch($event);
  81.             $missingPrivileges $event->getMissingPrivileges();
  82.         }
  84.         $this->tryToThrow($missingPrivileges);
  85.     }
  87.     /**
  88.      * @param list<string> $missingPrivileges
  89.      */
  90.     private function tryToThrow(array $missingPrivileges): void
  91.     {
  92.         if (!empty($missingPrivileges)) {
  93.             throw new MissingPrivilegeException($missingPrivileges);
  94.         }
  95.     }
  97.     /**
  98.      * @param WriteCommand[] $commands
  99.      */
  100.     private function getPrivilegeForParentWriteOperation(WriteCommand $command, array $commands): string
  101.     {
  102.         $pathSuffix '/translations/' Uuid::fromBytesToHex($command->getPrimaryKey()['language_id']);
  103.         $parentCommandPath str_replace($pathSuffix''$command->getPath());
  104.         $parentCommand $this->findCommandByPath($parentCommandPath$commands);
  106.         // writes to translation need privilege from parent command
  107.         // if we update e.g. a product and add translations for a new language
  108.         // the writeCommand on the translation would be an insert
  109.         if ($parentCommand) {
  110.             return (string) $parentCommand->getPrivilege();
  111.         }
  113.         // if we don't have a parentCommand it must be a update,
  114.         // because the parentEntity must already exist
  115.         return AclRoleDefinition::PRIVILEGE_UPDATE;
  116.     }
  118.     /**
  119.      * @param WriteCommand[] $commands
  120.      */
  121.     private function findCommandByPath(string $commandPath, array $commands): ?WriteCommand
  122.     {
  123.         foreach ($commands as $command) {
  124.             if ($command->getPath() === $commandPath) {
  125.                 return $command;
  126.             }
  127.         }
  129.         return null;
  130.     }
  131. }