src/Core/Framework/Api/OAuth/ScopeRepository.php line 83

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\OAuth;
  5. use Doctrine\DBAL\Connection;
  6. use League\OAuth2\Server\Entities\ClientEntityInterface;
  7. use League\OAuth2\Server\Entities\ScopeEntityInterface;
  8. use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
  9. use Shopware\Core\Framework\Api\OAuth\Client\ApiClient;
  10. use Shopware\Core\Framework\Api\OAuth\Scope\AdminScope;
  11. use Shopware\Core\Framework\Api\OAuth\Scope\UserVerifiedScope;
  12. use Shopware\Core\Framework\Api\OAuth\Scope\WriteScope;
  13. use Shopware\Core\Framework\Log\Package;
  15. #[Package('core')]
  16. class ScopeRepository implements ScopeRepositoryInterface
  17. {
  18.     /**
  19.      * @var ScopeEntityInterface[]
  20.      */
  21.     private readonly array $scopes;
  23.     /**
  24.      * @internal
  25.      *
  26.      * @param ScopeEntityInterface[] $scopes
  27.      */
  28.     public function __construct(iterable $scopes, private readonly Connection $connection)
  29.     {
  30.         $scopeIndex = [];
  31.         foreach ($scopes as $scope) {
  32.             $scopeIndex[$scope->getIdentifier()] = $scope;
  33.         }
  35.         $this->scopes $scopeIndex;
  36.     }
  38.     /**
  39.      * {@inheritdoc}
  40.      */
  41.     public function getScopeEntityByIdentifier($identifier): ?ScopeEntityInterface
  42.     {
  43.         return $this->scopes[$identifier] ?? null;
  44.     }
  46.     /**
  47.      * {@inheritdoc}
  48.      */
  49.     public function finalizeScopes(
  50.         array $scopes,
  51.         $grantType,
  52.         ClientEntityInterface $clientEntity,
  53.         $userIdentifier null
  54.     ): array {
  55.         $hasWrite false;
  57.         if ($grantType === 'password') {
  58.             $hasWrite true;
  59.         }
  61.         if ($grantType !== 'password') {
  62.             $scopes $this->removeScope($scopesUserVerifiedScope::class);
  63.         }
  65.         if ($grantType === 'client_credentials' && $clientEntity instanceof ApiClient && $clientEntity->getWriteAccess()) {
  66.             $hasWrite true;
  67.         }
  69.         if (!$hasWrite) {
  70.             $scopes $this->removeScope($scopesWriteScope::class);
  71.         }
  73.         if ($hasWrite) {
  74.             $scopes[] = new WriteScope();
  75.         }
  77.         $isAdmin $this->connection->createQueryBuilder()
  78.             ->select('admin')
  79.             ->from('user')
  80.             ->where('id = UNHEX(:accessKey)')
  81.             ->setParameter('accessKey'$userIdentifier)
  82.             ->setMaxResults(1)
  83.             ->executeQuery()
  84.             ->fetchOne();
  86.         if ($isAdmin) {
  87.             $scopes[] = new AdminScope();
  88.         }
  90.         return $this->uniqueScopes($scopes);
  91.     }
  93.     private function uniqueScopes(array $scopes): array
  94.     {
  95.         $uniqueScopes = [];
  97.         /** @var ScopeEntityInterface $scope */
  98.         foreach ($scopes as $scope) {
  99.             $uniqueScopes[$scope->getIdentifier()] = $scope;
  100.         }
  102.         return array_values($uniqueScopes);
  103.     }
  105.     private function removeScope(array $scopesstring $class): array
  106.     {
  107.         foreach ($scopes as $index => $scope) {
  108.             if ($scope instanceof $class) {
  109.                 unset($scopes[$index]);
  110.             }
  111.         }
  113.         return $scopes;
  114.     }
  115. }