Refactors AccessControl and passes it as dependency to JSON API and Menu
This commit is contained in:
Vlad
@ -2,7 +2,6 @@
|
||||
namespace MailPoet\API\JSON;
|
||||
|
||||
use MailPoet\Config\AccessControl;
|
||||
use MailPoet\Config\Env;
|
||||
use MailPoet\Util\Helpers;
|
||||
use MailPoet\Util\Security;
|
||||
use MailPoet\WP\Hooks;
|
||||
@ -20,9 +19,11 @@ class API {
|
||||
private $_available_api_versions = array(
|
||||
'v1'
|
||||
);
|
||||
private $access_control;
|
||||
const CURRENT_VERSION = 'v1';
|
||||
|
||||
function __construct() {
|
||||
$this->access_control = new AccessControl();
|
||||
foreach($this->_available_api_versions as $available_api_version) {
|
||||
$this->addEndpointNamespace(
|
||||
sprintf('%s\%s', __NAMESPACE__, $available_api_version),
|
||||
@ -127,7 +128,7 @@ class API {
|
||||
throw new \Exception(__('Invalid API endpoint.', 'mailpoet'));
|
||||
}
|
||||
|
||||
$endpoint = new $this->_request_endpoint_class();
|
||||
$endpoint = new $this->_request_endpoint_class($this->access_control);
|
||||
|
||||
// check the accessibility of the requested endpoint's action
|
||||
// by default, an endpoint's action is considered "private"
|
||||
@ -148,12 +149,12 @@ class API {
|
||||
function validatePermissions($request_method, $permissions) {
|
||||
// if method permission is defined, validate it
|
||||
if (!empty($permissions['methods'][$request_method])) {
|
||||
return ($permissions['methods'][$request_method] === Access::ALL) ?
|
||||
return ($permissions['methods'][$request_method] === AccessControl::ACCESS_ALL) ?
|
||||
true :
|
||||
AccessControl::validatePermission($permissions['methods'][$request_method]);
|
||||
$this->access_control->validatePermission($permissions['methods'][$request_method]);
|
||||
}
|
||||
// use global permission
|
||||
return AccessControl::validatePermission($permissions['global']);
|
||||
return $this->access_control->validatePermission($permissions['global']);
|
||||
}
|
||||
|
||||
function checkToken() {
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
<?php
|
||||
namespace MailPoet\API\JSON;
|
||||
|
||||
if(!defined('ABSPATH')) exit;
|
||||
|
||||
final class Access {
|
||||
const ALL = 'all';
|
||||
|
||||
private function __construct() {
|
||||
|
||||
}
|
||||
}
|
||||
@ -12,8 +12,9 @@ class MP2Migrator extends APIEndpoint {
|
||||
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
|
||||
);
|
||||
|
||||
public function __construct() {
|
||||
$this->MP2Migrator = new \MailPoet\Config\MP2Migrator();
|
||||
public function __construct(AccessControl $access_control) {
|
||||
$this->access_control = $access_control;
|
||||
$this->MP2Migrator = new \MailPoet\Config\MP2Migrator($this->access_control);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -13,10 +13,15 @@ class Setup extends APIEndpoint {
|
||||
public $permissions = array(
|
||||
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
|
||||
);
|
||||
private $access_control;
|
||||
|
||||
function __construct(AccessControl $access_control) {
|
||||
$this->access_control = $access_control;
|
||||
}
|
||||
|
||||
function reset() {
|
||||
try {
|
||||
$activator = new Activator();
|
||||
$activator = new Activator($this->access_control);
|
||||
$activator->deactivate();
|
||||
$activator->activate();
|
||||
Hooks::doAction('mailpoet_setup_reset');
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
|
||||
namespace MailPoet\API\JSON\v1;
|
||||
|
||||
use MailPoet\API\JSON\Access as APIAccess;
|
||||
use MailPoet\API\JSON\Endpoint as APIEndpoint;
|
||||
use MailPoet\API\JSON\Error as APIError;
|
||||
use MailPoet\Config\AccessControl;
|
||||
@ -17,7 +16,7 @@ if(!defined('ABSPATH')) exit;
|
||||
class Subscribers extends APIEndpoint {
|
||||
public $permissions = array(
|
||||
'global' => AccessControl::PERMISSION_MANAGE_SUBSCRIBERS,
|
||||
'methods' => array('subscribe' => APIAccess::ALL)
|
||||
'methods' => array('subscribe' => AccessControl::ACCESS_ALL)
|
||||
);
|
||||
|
||||
function get($data = array()) {
|
||||
|
||||
Reference in New Issue
Block a user