Elgg  Version 4.3
PageOwnerCanEditGatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Router\Middleware;
4 
7 
14 
23  public function __invoke(\Elgg\Request $request) {
24  $this->assertAccess($request);
25  }
26 
37  protected function assertAccess(\Elgg\Request $request, string $type = '', string $subtype = '') {
38 
39  $route = $request->getHttpRequest()->getRoute();
40  if (!$route instanceof Route) {
41  return;
42  }
43 
44  // force detection of page owner for legacy routes
45  $route->setDefault('_detect_page_owner', true);
46 
47  $page_owner = $route->resolvePageOwner();
48  if (!$page_owner instanceof \ElggEntity) {
49  return;
50  }
51 
52  if (!$page_owner->canEdit()) {
53  throw new EntityPermissionsException();
54  }
55 
56  if (!empty($type) && $page_owner->getType() !== $type) {
57  throw new EntityPermissionsException();
58  }
59 
60  if (!empty($subtype) && $page_owner->getSubtype() !== $subtype) {
61  throw new EntityPermissionsException();
62  }
63  }
64 }
__invoke(\Elgg\Request $request)
Validate the current request.
$request
Definition: livesearch.php:11
$type
Definition: delete.php:21
assertAccess(\Elgg\Request $request, string $type= '', string $subtype= '')
Validate the current request.
Route Wrapper.
Definition: Route.php:8
Thrown when entity can not be edited or container permissions do not allow it to be written...
$page_owner
Definition: add.php:15
$subtype
Definition: delete.php:22
Request container.
Definition: Request.php:12
Check if the current route page owner can be edited (by the current logged in user) ...