1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Api2
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27: /**
28: * API ACL filter
29: *
30: * @category Mage
31: * @package Mage_Api2
32: * @author Magento Core Team <core@magentocommerce.com>
33: */
34: class Mage_Api2_Model_Acl_Filter
35: {
36: /**
37: * Attributes allowed for use
38: *
39: * @var array
40: */
41: protected $_allowedAttributes;
42:
43: /**
44: * A list of attributes to be included into output
45: *
46: * @var array
47: */
48: protected $_attributesToInclude;
49:
50: /**
51: * Associated resource model
52: *
53: * @var Mage_Api2_Model_Resource
54: */
55: protected $_resource;
56:
57: /**
58: * Object constructor
59: *
60: * @param Mage_Api2_Model_Resource $resource
61: */
62: public function __construct(Mage_Api2_Model_Resource $resource)
63: {
64: $this->_resource = $resource;
65: }
66:
67: /**
68: * Return only the data which keys are allowed
69: *
70: * @param array $allowedAttributes List of attributes available to use
71: * @param array $data Associative array attribute to value
72: * @return array
73: */
74: protected function _filter(array $allowedAttributes, array $data)
75: {
76: foreach ($data as $attribute => $value) {
77: if (!in_array($attribute, $allowedAttributes)) {
78: unset($data[$attribute]);
79: }
80: }
81: return $data;
82: }
83:
84: /**
85: * Strip attributes in of collection items
86: *
87: * @param array $items
88: * @return array
89: */
90: public function collectionIn($items)
91: {
92: foreach ($items as &$data) {
93: $data = is_array($data) ? $this->in($data) : array();
94: }
95: return $items;
96: }
97:
98: /**
99: * Strip attributes out of collection items
100: *
101: * @param array $items
102: * @return array
103: */
104: public function collectionOut($items)
105: {
106: foreach ($items as &$data) {
107: $data = $this->out($data);
108: }
109: return $items;
110: }
111:
112: /**
113: * Fetch array of allowed attributes for given resource type, operation and user type.
114: *
115: * @param string $operationType OPTIONAL One of Mage_Api2_Model_Resource::OPERATION_ATTRIBUTE_... constant
116: * @return array
117: */
118: public function getAllowedAttributes($operationType = null)
119: {
120: if (null === $this->_allowedAttributes) {
121: /** @var $helper Mage_Api2_Helper_Data */
122: $helper = Mage::helper('api2/data');
123:
124: if (null === $operationType) {
125: $operationType = $helper->getTypeOfOperation($this->_resource->getOperation());
126: }
127: if ($helper->isAllAttributesAllowed($this->_resource->getUserType())) {
128: $this->_allowedAttributes = array_keys($this->_resource->getAvailableAttributes(
129: $this->_resource->getUserType(), $operationType
130: ));
131: } else {
132: $this->_allowedAttributes = $helper->getAllowedAttributes(
133: $this->_resource->getUserType(), $this->_resource->getResourceType(), $operationType
134: );
135: }
136: // force attributes to be no filtered
137: foreach ($this->_resource->getForcedAttributes() as $forcedAttr) {
138: if (!in_array($forcedAttr, $this->_allowedAttributes)) {
139: $this->_allowedAttributes[] = $forcedAttr;
140: }
141: }
142: }
143: return $this->_allowedAttributes;
144: }
145:
146: /**
147: * Retrieve a list of attributes to be included in output based on available and requested attributes
148: *
149: * @return array
150: */
151: public function getAttributesToInclude()
152: {
153: if (null === $this->_attributesToInclude) {
154: $allowedAttrs = $this->getAllowedAttributes(Mage_Api2_Model_Resource::OPERATION_ATTRIBUTE_READ);
155: $requestedAttrs = $this->_resource->getRequest()->getRequestedAttributes();
156:
157: if ($requestedAttrs) {
158: foreach ($allowedAttrs as $allowedAttr) {
159: if (in_array($allowedAttr, $requestedAttrs)) {
160: $this->_attributesToInclude[] = $allowedAttr;
161: }
162: }
163: } else {
164: $this->_attributesToInclude = $allowedAttrs;
165: }
166: }
167: return $this->_attributesToInclude;
168: }
169:
170: /**
171: * Filter data for write operations
172: *
173: * @param array $requestData
174: * @return array
175: */
176: public function in(array $requestData)
177: {
178: $allowedAttributes = $this->getAllowedAttributes(Mage_Api2_Model_Resource::OPERATION_ATTRIBUTE_WRITE);
179:
180: return $this->_filter($allowedAttributes, $requestData);
181: }
182:
183: /**
184: * Filter data before output
185: *
186: * @param array $retrievedData
187: * @return array
188: */
189: public function out(array $retrievedData)
190: {
191: return $this->_filter($this->getAttributesToInclude(), $retrievedData);
192: }
193: }
194: