Add tests later

src/Tqdev/PhpCrudApi/Database/GenericDB.php

@@ -2,6 +2,8 @@
 namespace Tqdev\PhpCrudApi\Database;
 
 use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
+use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
+use Tqdev\PhpCrudApi\Record\Condition\AndCondition;
 use Tqdev\PhpCrudApi\Record\Condition\ColumnCondition;
 use Tqdev\PhpCrudApi\Record\Condition\Condition;
 
@@ -95,6 +97,12 @@ class GenericDB
         return $this->definition;
     }
 
+    private function addAuthorizationCondition(Condition $condition2): Condition
+    {
+        $condition1 = VariableStore::get('authorization.condition');
+        return $condition1 ? AndCondition::fromArray([$condition1, $condition2]) : $condition2;
+    }
+
     public function createSingle(ReflectedTable $table, array $columnValues) /*: ?String*/
     {
         $this->converter->convertColumnValues($table, $columnValues);
@@ -122,6 +130,7 @@ class GenericDB
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '" ' . $whereClause;
@@ -143,6 +152,7 @@ class GenericDB
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'in', implode(',', $ids));
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '" ' . $whereClause;
@@ -155,6 +165,7 @@ class GenericDB
     public function selectCount(ReflectedTable $table, Condition $condition): int
     {
         $tableName = $table->getName();
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT COUNT(*) FROM "' . $tableName . '"' . $whereClause;
@@ -166,6 +177,7 @@ class GenericDB
     {
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '"' . $whereClause;
@@ -182,6 +194,7 @@ class GenericDB
         }
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $orderBy = $this->columns->getOrderBy($table, $columnOrdering);
@@ -202,6 +215,7 @@ class GenericDB
         $updateColumns = $this->columns->getUpdate($table, $columnValues);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array_values($columnValues);
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'UPDATE "' . $tableName . '" SET ' . $updateColumns . $whereClause;
@@ -213,6 +227,7 @@ class GenericDB
     {
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'DELETE FROM "' . $tableName . '" ' . $whereClause;
@@ -229,6 +244,7 @@ class GenericDB
         $updateColumns = $this->columns->getIncrement($table, $columnValues);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
+        $condition = $this->addAuthorizationCondition($condition);
         $parameters = array_values($columnValues);
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'UPDATE "' . $tableName . '" SET ' . $updateColumns . $whereClause;

src/Tqdev/PhpCrudApi/Middleware/AuthorizationMiddleware.php

@@ -4,7 +4,9 @@ namespace Tqdev\PhpCrudApi\Middleware;
 use Tqdev\PhpCrudApi\Column\ReflectionService;
 use Tqdev\PhpCrudApi\Controller\Responder;
 use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
+use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
 use Tqdev\PhpCrudApi\Middleware\Router\Router;
+use Tqdev\PhpCrudApi\Record\FilterInfo;
 use Tqdev\PhpCrudApi\Request;
 use Tqdev\PhpCrudApi\Response;
 
@@ -70,6 +72,23 @@ class AuthorizationMiddleware extends Middleware
         }
     }
 
+    private function handleRecords(String $method, String $path, String $databaseName, String $tableName) /*: void*/
+    {
+        if (!$this->reflection->hasTable($tableName)) {
+            return;
+        }
+        $recordHandler = $this->getProperty('recordHandler', '');
+        if ($recordHandler) {
+            $query = call_user_func($recordHandler, $method, $path, $databaseName, $tableName);
+            $filters = new FilterInfo();
+            $table = $this->reflection->getTable($tableName);
+            $query = str_replace('][]=', ']=', str_replace('=', '[]=', $query));
+            parse_str($query, $params);
+            $condition = $filters->getCombinedConditions($table, $params);
+            VariableStore::set('authorization.condition', $condition);
+        }
+    }
+
     public function handle(Request $request): Response
     {
         $method = $request->getMethod();
@@ -82,6 +101,7 @@ class AuthorizationMiddleware extends Middleware
             if (isset($params['join'])) {
                 $this->handleJoinTables($method, $path, $databaseName, $params['join']);
             }
+            $this->handleRecords($method, $path, $databaseName, $tableName);
         } elseif ($path == 'columns') {
             $tableName = $request->getPathSegment(2);
             if ($tableName) {

src/Tqdev/PhpCrudApi/Middleware/Communication/VariableStore.php

@@ -0,0 +1,20 @@
+<?php
+namespace Tqdev\PhpCrudApi\Middleware\Communication;
+
+class VariableStore
+{
+    static $values = array();
+
+    public static function get(String $key)
+    {
+        if (isset(self::$values[$key])) {
+            return self::$values[$key];
+        }
+        return null;
+    }
+
+    public static function set(String $key, /* object */ $value)
+    {
+        self::$values[$key] = $value;
+    }
+}

tests/config/base.php

@@ -10,6 +10,9 @@ $settings = [
     'authorization.columnHandler' => function ($method, $path, $databaseName, $tableName, $columnName) {
         return !($columnName == 'invisible');
     },
+    'authorization.recordHandler' => function ($method, $path, $databaseName, $tableName) {
+        return ($tableName == 'comments') ? 'filter=id,neq,3' : '';
+    },
     'sanitation.handler' => function ($method, $tableName, $column, $value) {
         return is_string($value) ? strip_tags($value) : $value;
     },