vendor/shopware/core/Framework/Api/Controller/UserController.php line 81

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Controller;
  5. use League\OAuth2\Server\Exception\OAuthServerException;
  6. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  7. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  8. use Shopware\Core\Framework\Api\Context\Exception\InvalidContextSourceException;
  9. use Shopware\Core\Framework\Api\Controller\Exception\ExpectedUserHttpException;
  10. use Shopware\Core\Framework\Api\Controller\Exception\PermissionDeniedException;
  11. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  12. use Shopware\Core\Framework\Api\OAuth\Scope\UserVerifiedScope;
  13. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  14. use Shopware\Core\Framework\Context;
  15. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  17. use Shopware\Core\Framework\Log\Package;
  18. use Shopware\Core\Framework\Routing\Annotation\Acl;
  19. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  20. use Shopware\Core\Framework\Routing\Annotation\Since;
  21. use Shopware\Core\PlatformRequest;
  22. use Shopware\Core\System\User\UserDefinition;
  23. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  24. use Symfony\Component\HttpFoundation\Request;
  25. use Symfony\Component\HttpFoundation\Response;
  26. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  27. use Symfony\Component\Routing\Annotation\Route;
  29. /**
  30.  * @Route(defaults={"_routeScope"={"api"}})
  31.  */
  32. #[Package('system-settings')]
  33. class UserController extends AbstractController
  34. {
  35.     /**
  36.      * @var EntityRepositoryInterface
  37.      */
  38.     private $userRepository;
  40.     /**
  41.      * @var EntityRepositoryInterface
  42.      */
  43.     private $roleRepository;
  45.     /**
  46.      * @var EntityRepositoryInterface
  47.      */
  48.     private $userRoleRepository;
  50.     /**
  51.      * @var UserDefinition
  52.      */
  53.     private $userDefinition;
  55.     /**
  56.      * @var EntityRepositoryInterface
  57.      */
  58.     private $keyRepository;
  60.     /**
  61.      * @internal
  62.      */
  63.     public function __construct(
  64.         EntityRepositoryInterface $userRepository,
  65.         EntityRepositoryInterface $userRoleRepository,
  66.         EntityRepositoryInterface $roleRepository,
  67.         EntityRepositoryInterface $keyRepository,
  68.         UserDefinition $userDefinition
  69.     ) {
  70.         $this->userRepository $userRepository;
  71.         $this->roleRepository $roleRepository;
  72.         $this->userDefinition $userDefinition;
  73.         $this->keyRepository $keyRepository;
  74.         $this->userRoleRepository $userRoleRepository;
  75.     }
  77.     /**
  78.      * @Since("6.0.0.0")
  79.      * @Route("/api/_info/me", name="api.info.me", methods={"GET"})
  80.      */
  81.     public function me(Context $contextRequest $requestResponseFactoryInterface $responseFactory): Response
  82.     {
  83.         if (!$context->getSource() instanceof AdminApiSource) {
  84.             throw new InvalidContextSourceException(AdminApiSource::class, \get_class($context->getSource()));
  85.         }
  87.         $userId $context->getSource()->getUserId();
  88.         if (!$userId) {
  89.             throw new ExpectedUserHttpException();
  90.         }
  91.         $criteria = new Criteria([$userId]);
  92.         $criteria->addAssociation('aclRoles');
  94.         $user $this->userRepository->search($criteria$context)->first();
  95.         if (!$user) {
  96.             throw OAuthServerException::invalidCredentials();
  97.         }
  99.         return $responseFactory->createDetailResponse(new Criteria(), $user$this->userDefinition$request$context);
  100.     }
  102.     /**
  103.      * @Since("6.3.3.0")
  104.      * @Route("/api/_info/me", name="api.change.me", defaults={"auth_required"=true, "_acl"={"user_change_me"}}, methods={"PATCH"})
  105.      */
  106.     public function updateMe(Context $contextRequest $requestResponseFactoryInterface $responseFactory): Response
  107.     {
  108.         if (!$context->getSource() instanceof AdminApiSource) {
  109.             throw new InvalidContextSourceException(AdminApiSource::class, \get_class($context->getSource()));
  110.         }
  112.         $userId $context->getSource()->getUserId();
  113.         if (!$userId) {
  114.             throw new ExpectedUserHttpException();
  115.         }
  117.         $allowedChanges = ['firstName''lastName''username''localeId''email''avatarMedia''avatarId''password'];
  119.         if (!empty(array_diff(array_keys($request->request->all()), $allowedChanges))) {
  120.             throw new MissingPrivilegeException(['user:update']);
  121.         }
  123.         return $this->upsertUser($userId$request$context$responseFactory);
  124.     }
  126.     /**
  127.      * @Since("6.0.0.0")
  128.      * @Route("/api/_info/ping", name="api.info.ping", methods={"GET"})
  129.      */
  130.     public function status(Context $context): Response
  131.     {
  132.         if (!$context->getSource() instanceof AdminApiSource) {
  133.             throw new InvalidContextSourceException(AdminApiSource::class, \get_class($context->getSource()));
  134.         }
  136.         $userId $context->getSource()->getUserId();
  137.         if (!$userId) {
  138.             throw new ExpectedUserHttpException();
  139.         }
  140.         $result $this->userRepository->searchIds(new Criteria([$userId]), $context);
  142.         if ($result->getTotal() === 0) {
  143.             throw OAuthServerException::invalidCredentials();
  144.         }
  146.         return new Response(nullResponse::HTTP_NO_CONTENT);
  147.     }
  149.     /**
  150.      * @Since("6.2.3.0")
  151.      * @Route("/api/user/{userId}", name="api.user.delete", defaults={"auth_required"=true, "_acl"={"user:delete"}}, methods={"DELETE"})
  152.      */
  153.     public function deleteUser(string $userIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  154.     {
  155.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  156.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  157.         }
  159.         /** @var AdminApiSource $source */
  160.         $source $context->getSource();
  162.         if (
  163.             !$source->isAllowed('user:update')
  164.             && $source->getUserId() !== $userId
  165.         ) {
  166.             throw new PermissionDeniedException();
  167.         }
  169.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($userId): void {
  170.             $this->userRepository->delete([['id' => $userId]], $context);
  171.         });
  173.         return $factory->createRedirectResponse($this->userRepository->getDefinition(), $userId$request$context);
  174.     }
  176.     /**
  177.      * @Since("6.3.0.0")
  178.      * @Route("/api/user/{userId}/access-keys/{id}", name="api.user_access_keys.delete", defaults={"auth_required"=true, "_acl"={"user_access_key:delete"}}, methods={"DELETE"})
  179.      */
  180.     public function deleteUserAccessKey(string $idRequest $requestContext $contextResponseFactoryInterface $factory): Response
  181.     {
  182.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  183.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  184.         }
  186.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($id): void {
  187.             $this->keyRepository->delete([['id' => $id]], $context);
  188.         });
  190.         return $factory->createRedirectResponse($this->keyRepository->getDefinition(), $id$request$context);
  191.     }
  193.     /**
  194.      * @Since("6.2.3.0")
  195.      * @Route("/api/user", name="api.user.create", defaults={"auth_required"=true, "_acl"={"user:create"}}, methods={"POST"})
  196.      */
  197.     public function upsertUser(?string $userIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  198.     {
  199.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  200.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  201.         }
  203.         $data $request->request->all();
  205.         /** @var AdminApiSource $source */
  206.         $source $context->getSource();
  208.         if (!isset($data['id'])) {
  209.             $data['id'] = null;
  210.         }
  211.         $data['id'] = $userId ?: $data['id'];
  213.         if (
  214.             !$source->isAllowed('user:update')
  215.             && $source->getUserId() !== $data['id']
  216.         ) {
  217.             throw new PermissionDeniedException();
  218.         }
  220.         $events $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($data) {
  221.             return $this->userRepository->upsert([$data], $context);
  222.         });
  224.         $event $events->getEventByEntityName(UserDefinition::ENTITY_NAME);
  226.         $eventIds $event->getIds();
  227.         $entityId array_pop($eventIds);
  229.         return $factory->createRedirectResponse($this->userRepository->getDefinition(), $entityId$request$context);
  230.     }
  232.     /**
  233.      * @Since("6.3.3.0")
  234.      * @Route("/api/user/{userId}", name="api.user.update", defaults={"auth_required"=true, "_acl"={"user:update"}}, methods={"PATCH"})
  235.      */
  236.     public function updateUser(?string $userIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  237.     {
  238.         return $this->upsertUser($userId$request$context$factory);
  239.     }
  241.     /**
  242.      * @Since("6.3.2.0")
  243.      * @Route("/api/acl-role", name="api.acl_role.create", defaults={"auth_required"=true, "_acl"={"acl_role:create"}}, methods={"POST"})
  244.      */
  245.     public function upsertRole(?string $roleIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  246.     {
  247.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  248.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  249.         }
  251.         $data $request->request->all();
  253.         if (!isset($data['id'])) {
  254.             $data['id'] = $roleId ?? null;
  255.         }
  257.         $events $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($data) {
  258.             return $this->roleRepository->upsert([$data], $context);
  259.         });
  261.         $event $events->getEventByEntityName(AclRoleDefinition::ENTITY_NAME);
  263.         $eventIds $event->getIds();
  264.         $entityId array_pop($eventIds);
  266.         return $factory->createRedirectResponse($this->roleRepository->getDefinition(), $entityId$request$context);
  267.     }
  269.     /**
  270.      * @Since("6.3.3.0")
  271.      * @Route("/api/acl-role/{roleId}", name="api.acl_role.update", defaults={"auth_required"=true, "_acl"={"acl_role:update"}}, methods={"PATCH"})
  272.      */
  273.     public function updateRole(?string $roleIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  274.     {
  275.         return $this->upsertRole($roleId$request$context$factory);
  276.     }
  278.     /**
  279.      * @Since("6.3.3.0")
  280.      * @Route("/api/user/{userId}/acl-roles/{roleId}", name="api.user_role.delete", defaults={"auth_required"=true, "_acl"={"acl_user_role:delete"}}, methods={"DELETE"})
  281.      */
  282.     public function deleteUserRole(string $userIdstring $roleIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  283.     {
  284.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  285.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  286.         }
  288.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($roleId$userId): void {
  289.             $this->userRoleRepository->delete([['userId' => $userId'aclRoleId' => $roleId]], $context);
  290.         });
  292.         return $factory->createRedirectResponse($this->userRoleRepository->getDefinition(), $roleId$request$context);
  293.     }
  295.     /**
  296.      * @Since("6.3.2.0")
  297.      * @Route("/api/acl-role/{roleId}", name="api.acl_role.delete", defaults={"auth_required"=true, "_acl"={"acl_role:delete"}}, methods={"DELETE"})
  298.      */
  299.     public function deleteRole(string $roleIdRequest $requestContext $contextResponseFactoryInterface $factory): Response
  300.     {
  301.         if (!$this->hasScope($requestUserVerifiedScope::IDENTIFIER)) {
  302.             throw new AccessDeniedHttpException(sprintf('This access token does not have the scope "%s" to process this Request'UserVerifiedScope::IDENTIFIER));
  303.         }
  305.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($roleId): void {
  306.             $this->roleRepository->delete([['id' => $roleId]], $context);
  307.         });
  309.         return $factory->createRedirectResponse($this->roleRepository->getDefinition(), $roleId$request$context);
  310.     }
  312.     private function hasScope(Request $requeststring $scopeIdentifier): bool
  313.     {
  314.         $scopes array_flip($request->attributes->get(PlatformRequest::ATTRIBUTE_OAUTH_SCOPES));
  316.         return isset($scopes[$scopeIdentifier]);
  317.     }
  318. }