Clientbase
/
json-api-server
mirror of https://github.com/basemaster/json-api-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enforce resource listability

This commit is contained in:
Toby Zerner 2021-01-15 08:37:49 +10:30
parent 0c8de3a75a
commit f53a07c143
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Endpoint/Index.php
View File

@ -19,6 +19,7 @@ use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
use Tobyz\JsonApiServer\Adapter\AdapterInterface; use Tobyz\JsonApiServer\Adapter\AdapterInterface;
use Tobyz\JsonApiServer\Exception\BadRequestException; use Tobyz\JsonApiServer\Exception\BadRequestException;
use Tobyz\JsonApiServer\Exception\ForbiddenException;
use Tobyz\JsonApiServer\JsonApi; use Tobyz\JsonApiServer\JsonApi;
use Tobyz\JsonApiServer\ResourceType; use Tobyz\JsonApiServer\ResourceType;
use Tobyz\JsonApiServer\Schema\Attribute; use Tobyz\JsonApiServer\Schema\Attribute;
@ -51,6 +52,10 @@ class Index
$adapter = $this->resource->getAdapter(); $adapter = $this->resource->getAdapter();
$schema = $this->resource->getSchema(); $schema = $this->resource->getSchema();
if (! evaluate($schema->isListable(), [$context])) {
throw new ForbiddenException;
}
$query = $adapter->newQuery(); $query = $adapter->newQuery();
run_callbacks($schema->getListeners('listing'), [$query, $context]); run_callbacks($schema->getListeners('listing'), [$query, $context]);