public function Api::validatePurgeToken in Fastly 8.3

Used to validate an API Token's scope for purging capabilities.

Return value

bool FALSE if any corrupt data is passed or token is inadequate for purging.

1 call to Api::validatePurgeToken()

Api::validatePurgeCredentials in src/Api.php

Used to validate API token for purge related scope.

File

src/Api.php, line 199

Class

Api

Fastly API for Drupal.

Namespace

Drupal\fastly

Code

public function validatePurgeToken() {
  try {
    $token = $this
      ->getToken();
    if (!empty($token->scopes)) {

      // GET /tokens/self will return scopes for the passed token, but that
      // alone is not enough to know if a token can perform purge actions.
      // Global scope tokens require the engineer or superuser role.
      $potentially_valid_purge_scopes = 'global';

      // Purge tokens require both purge_all and purge_select.
      $valid_purge_scopes = [
        'purge_all',
        'purge_select',
      ];
      if (array_intersect($valid_purge_scopes, $token->scopes) === $valid_purge_scopes) {
        return TRUE;
      }
      elseif (in_array($potentially_valid_purge_scopes, $token->scopes, TRUE)) {
        try {
          $current_user = $this
            ->getCurrentUser();
          if (!empty($current_user->role)) {
            if ($current_user->role === 'engineer' || $current_user->role === 'superuser') {
              return TRUE;
            }
            elseif ($current_user->role === 'billing' || $current_user->role === 'user') {
              return FALSE;
            }
            else {
              return FALSE;
            }
          }
          else {
            return FALSE;
          }
        } catch (\Exception $e) {
          return FALSE;
        }
      }
      else {
        return FALSE;
      }
    }
    else {
      return FALSE;
    }
  } catch (\Exception $e) {
    return FALSE;
  }
}