custom/plugins/SwagPlatformSecurity/src/Fixes/NEXT32889/PatchedStateMachineActionController.php line 25

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Swag\Security\Fixes\NEXT32889;
  5. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  6. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  7. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  8. use Shopware\Core\Framework\Context;
  9. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  10. use Shopware\Core\System\StateMachine\Api\StateMachineActionController;
  11. use Symfony\Component\HttpFoundation\JsonResponse;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\Routing\Annotation\Route;
  16. /**
  17.  * @internal
  18.  * @RouteScope(scopes={"api"})
  19.  */
  20. class PatchedStateMachineActionController extends StateMachineActionController
  21. {
  22.     /**
  23.      * @Route("/api/_action/state-machine/{entityName}/{entityId}/state", name="api.state_machine.states", methods={"GET"})
  24.      */
  25.     public function getAvailableTransitions(
  26.         Request $request,
  27.         Context $context,
  28.         string $entityName,
  29.         string $entityId
  30.     ): JsonResponse {
  31.         $this->validatePrivilege($entityNameAclRoleDefinition::PRIVILEGE_READ$context);
  33.         return parent::getAvailableTransitions($request$context$entityName$entityId);
  34.     }
  36.     /**
  37.      * @Route("/api/_action/state-machine/{entityName}/{entityId}/state/{transition}", name="api.state_machine.transition_state", methods={"POST"})
  38.      */
  39.     public function transitionState(
  40.         Request $request,
  41.         Context $context,
  42.         ResponseFactoryInterface $responseFactory,
  43.         string $entityName,
  44.         string $entityId,
  45.         string $transition
  46.     ): Response {
  47.         $this->validatePrivilege($entityNameAclRoleDefinition::PRIVILEGE_UPDATE$context);
  49.         return parent::transitionState($request$context$responseFactory$entityName$entityId$transition);
  50.     }
  52.     private function validatePrivilege(string $entityNamestring $privilegeContext $context): void
  53.     {
  54.         $permission $entityName ':' $privilege;
  55.         if (!$context->isAllowed($permission)) {
  56.             $reflectionException = new \ReflectionClass(MissingPrivilegeException::class);
  57.             $reflectionConstructor $reflectionException->getConstructor();
  59.             if ($reflectionConstructor->getNumberOfRequiredParameters() > 0) {
  60.                 throw new MissingPrivilegeException($permission);
  61.             } else {
  62.                 throw new MissingPrivilegeException([$permission]);
  63.             }
  64.         }
  65.     }
  66. }