AnonymousResourceSecurity.php

Go to the documentation of this file.

<?php
namespace Magento\WebapiSecurity\Model\Plugin;

use Magento\Webapi\Model\Config\Converter;

class AnonymousResourceSecurity
{
    const XML_ALLOW_INSECURE = 'webapi/webapisecurity/allow_insecure';

    protected $config;

    protected $resources;

    public function __construct(\Magento\Framework\App\Config\ReinitableConfigInterface $config, $resources)
    {
        $this->config = $config;
        $this->resources = $resources;
    }

    public function afterConvert(Converter $subject, $nodes)
    {
        if (empty($nodes)) {
            return $nodes;
        }
        $useInsecure = $this->config->getValue(self::XML_ALLOW_INSECURE);
        if ($useInsecure) {
            foreach (array_keys($this->resources) as $resource) {
                list($route, $requestType) = explode("::", $resource);
                if ($result = $this->getNode($route, $requestType, $nodes["routes"])) {
                    if (isset($result[$requestType]['resources'])) {
                        $result[$requestType]['resources'] = ['anonymous' => true];
                        $nodes['routes'][$route] = $result;
                    }

                    if (isset($result[$requestType]['service']['class'])
                        && isset($result[$requestType]['service']['method'])
                    ) {
                        $serviceName = $result[$requestType]['service']['class'];
                        $serviceMethod = $result[$requestType]['service']['method'];
                        $nodes['services'][$serviceName]['V1']['methods'][$serviceMethod]['resources'] = ['anonymous'];
                    }
                }
            }
        }

        return $nodes;
    }

    private function getNode($route, $requestType, $source)
    {
        if (isset($source[$route][$requestType])) {
            return $source[$route];
        }
        return null;
    }
}