public function RestGenerator::getResourceSecurity in OpenAPI 8

Get the security information for the a resource.

Parameters

\Drupal\rest\RestResourceConfigInterface $resource_config: The REST resource.

string $method: The HTTP method.

string[] $formats: The formats.

Return value

array The security elements.

File

src/Plugin/openapi/OpenApiGenerator/RestGenerator.php, line 384

Class

RestGenerator: Defines an OpenApi Schema Generator for the Rest module.

Namespace

Drupal\openapi\Plugin\openapi\OpenApiGenerator

Code

public function getResourceSecurity(RestResourceConfigInterface $resource_config, $method, array $formats) {
  $security = [];
  foreach ($resource_config
    ->getAuthenticationProviders($method) as $auth) {
    switch ($auth) {
      case 'basic_auth':
      case 'cookie':
      case 'oauth':
      case 'oauth2':

        // @TODO: #2977109 - Calculate oauth scopes required.
        $security[] = [
          $auth => [],
        ];
        break;
    }
  }

  // @todo Handle tokens that need to be set in headers.
  if ($this
    ->isEntityResource($resource_config)) {
    $route_name = 'rest.' . $resource_config
      ->id() . ".{$method}";
    $routes = $this->routingProvider
      ->getRoutesByNames([
      $route_name,
    ]);
    if (empty($routes) && count($formats) > 1) {
      $route_name .= ".{$formats[0]}";
      $routes = $this->routingProvider
        ->getRoutesByNames([
        $route_name,
      ]);
    }
    if ($routes) {
      $route = array_pop($routes);

      // Check to see if route is protected by access checks in header.
      if ($route
        ->getRequirement('_csrf_request_header_token')) {
        $security[] = [
          'csrf_token' => [],
        ];
      }
    }
  }
  return $security;
}

You are here