You are here

Home » API reference » JSON:API 8 » CustomQueryParameterNamesAccessCheck.php

class CustomQueryParameterNamesAccessCheck in JSON:API 8

Validates custom (implementation-specific) query parameter names.

@internal

Hierarchy

Expanded class hierarchy of CustomQueryParameterNamesAccessCheck

See also

http://jsonapi.org/format/#query-parameters

1 file declares its use of CustomQueryParameterNamesAccessCheck
CustomQueryParameterNamesAccessCheckTest.php in tests/src/Unit/Access/CustomQueryParameterNamesAccessCheckTest.php
1 string reference to 'CustomQueryParameterNamesAccessCheck'
jsonapi.services.yml in ./jsonapi.services.yml
jsonapi.services.yml
1 service uses CustomQueryParameterNamesAccessCheck
access_check.jsonapi.custom_query_parameter_names in ./jsonapi.services.yml
Drupal\jsonapi\Access\CustomQueryParameterNamesAccessCheck

File

src/Access/CustomQueryParameterNamesAccessCheck.php, line 17

Namespace

Drupal\jsonapi\Access
View source 
class CustomQueryParameterNamesAccessCheck implements AccessInterface {

  /**
   * Denies access when using invalid custom JSON API query parameter names.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request.
   *
   * @return \Drupal\Core\Access\AccessResult
   *   The access result.
   */
  public function access(Request $request) {
    $json_api_params = $request->attributes
      ->get('_json_api_params', []);
    if (!$this
      ->validate($json_api_params)) {
      return AccessResult::forbidden();
    }
    return AccessResult::allowed();
  }

  /**
   * Validates custom JSON API query parameters.
   *
   * @param string[] $json_api_params
   *   The JSON API parameters.
   *
   * @return bool
   *   Whether the parameter is valid.
   */
  protected function validate(array $json_api_params) {
    foreach (array_keys($json_api_params) as $query_parameter_name) {

      // Ignore reserved (official) query parameters.
      if (in_array($query_parameter_name, JsonApiSpec::getReservedQueryParameters())) {
        continue;
      }
      if (!JsonApiSpec::isValidCustomQueryParameter($query_parameter_name)) {
        return FALSE;
      }
    }
    return TRUE;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
CustomQueryParameterNamesAccessCheck::access public function Denies access when using invalid custom JSON API query parameter names.
CustomQueryParameterNamesAccessCheck::validate protected function Validates custom JSON API query parameters.