How is the «resource ref='anonymous'» webapi.xml rule handled for a request?

dmitry_fedyuk · April 5, 2017, 1:05pm

Context

Usage

mage2pro/core/blob/2.4.27/Payment/etc/webapi.xml#L6-L9


	<route url='/V1/df-payment/:cartId/place-order' method='POST'>
		<service class='Df\Payment\PlaceOrder' method='guest'/>
		<resources><resource ref='anonymous'/></resources>
	</route>

Implementation

Magento\Integration\Api\AuthorizationServiceInterface::PERMISSION_ANONYMOUS

github.com

magento/magento2/blob/2.1.5/app/code/Magento/Integration/Api/AuthorizationServiceInterface.php#L21-L21


const PERMISSION_ANONYMOUS = 'anonymous';

Magento\Webapi\Model\Plugin\GuestAuthorization::aroundIsAllowed()

github.com

magento/magento2/blob/2.1.5/app/code/Magento/Webapi/etc/webapi_rest/di.xml#L44-L46


<type name="Magento\Framework\Authorization">
    <plugin name="guestAuthorization" type="Magento\Webapi\Model\Plugin\GuestAuthorization" />
</type>

github.com

magento/magento2/blob/2.1.5/app/code/Magento/Webapi/Model/Plugin/GuestAuthorization.php#L11-L41


/**
* Plugin around \Magento\Framework\Authorization::isAllowed
*
* Plugin to allow guest users to access resources with anonymous permission
*/
class GuestAuthorization
{
   /**
    * Check if resource for which access is needed has anonymous permissions defined in webapi config.
    *
    * @param \Magento\Framework\Authorization $subject
    * @param callable $proceed
    * @param string $resource
    * @param string $privilege
    * @return bool true If resource permission is anonymous,
    * to allow any user access without further checks in parent method
    * @SuppressWarnings(PHPMD.UnusedFormalParameter)
    */
   public function aroundIsAllowed(
       \Magento\Framework\Authorization $subject,
       \Closure $proceed,
       $resource,
       $privilege = null
   ) {
       if ($resource == AuthorizationService::PERMISSION_ANONYMOUS) {
           return true;
       } else {
           return $proceed($resource, $privilege);
       }
   }
}

dmitry_fedyuk · April 5, 2017, 1:31pm