Restrict access to ROLE_SCOPE_API-PROXY

This means the client needs the "api-proxy" oauth scope to access the proxy functionality.

Restrict access to ROLE_SCOPE_API-PROXY
cc78ab0c · Reiter, Christoph · 2d53f54d · cc78ab0c · cc78ab0c · cc78ab0c
Commit cc78ab0c authored 2 years ago by Reiter, Christoph
--- a/src/DataPersister/ProxyDataPersister.php
+++ b/src/DataPersister/ProxyDataPersister.php
@@ -33,6 +33,7 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
    public function persist($data, array $context = []): ProxyData
    {
        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+        $this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');

        if (Tools::isNullOrEmpty($data->getNamespace())) {
            throw new BadRequestException('parameter namespace must not be null nor empty');
@@ -55,5 +56,6 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
    public function remove($data, array $context = []): void
    {
        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+        $this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');
    }
 }
--- a/src/DataProvider/ProxyDataCollectionDataProvider.php
+++ b/src/DataProvider/ProxyDataCollectionDataProvider.php
@@ -19,6 +19,7 @@ final class ProxyDataCollectionDataProvider extends AbstractController implement
    public function getCollection(string $resourceClass, string $operationName = null, array $context = []): iterable
    {
        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+        $this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');

        return [];
    }

--- a/src/DataProvider/ProxyDataItemDataProvider.php
+++ b/src/DataProvider/ProxyDataItemDataProvider.php
@@ -19,6 +19,7 @@ final class ProxyDataItemDataProvider extends AbstractController implements Item
    public function getItem(string $resourceClass, $id, string $operationName = null, array $context = []): ?ProxyData
    {
        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+        $this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');

        return null;
    }

--- a/src/Entity/ProxyData.php
+++ b/src/Entity/ProxyData.php
@@ -12,7 +12,6 @@ use Symfony\Component\Serializer\Annotation\Groups;
 * @ApiResource(
 *     collectionOperations={
 *         "post" = {
- *             "security" = "is_granted('IS_AUTHENTICATED_FULLY')",
 *             "path" = "/proxy/proxydata",
 *             "openapi_context" = {
 *                 "tags" = {"Proxy"},
@@ -26,7 +25,6 @@ use Symfony\Component\Serializer\Annotation\Groups;
 *             }
 *         },
 *         "get" = {
- *             "security" = "is_granted('IS_AUTHENTICATED_FULLY')",
 *             "path" = "/proxy/proxydata",
 *             "openapi_context" = {
 *                 "tags" = {"Proxy"},