1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?xml version="1.0"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Webapi\Model\Authorization\OauthUserContext">
<arguments>
<argument name="request" xsi:type="object">Magento\Framework\Webapi\Rest\Request</argument>
</arguments>
</type>
<type name="Magento\Authorization\Model\CompositeUserContext">
<arguments>
<argument name="userContexts" xsi:type="array">
<item name="tokenUserContext" xsi:type="array">
<item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\TokenUserContext</item>
<item name="sortOrder" xsi:type="string">10</item>
</item>
<item name="oauthUserContext" xsi:type="array">
<item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\OauthUserContext</item>
<item name="sortOrder" xsi:type="string">40</item>
</item>
<item name="guestUserContext" xsi:type="array">
<item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\GuestUserContext</item>
<item name="sortOrder" xsi:type="string">100</item>
</item>
</argument>
</arguments>
</type>
<preference for="Magento\Framework\App\FrontControllerInterface" type="Magento\Webapi\Controller\Rest" />
<preference for="Magento\Framework\Model\ActionValidator\RemoveAction" type="Magento\Framework\Model\ActionValidator\RemoveAction\Allowed" />
<type name="Magento\Webapi\Controller\Rest\Router\Route" shared="false" />
<type name="Magento\Webapi\Controller\Rest">
<arguments>
<argument name="request" xsi:type="object">Magento\Framework\Webapi\Rest\Request\Proxy</argument>
<argument name="response" xsi:type="object">Magento\Framework\Webapi\Rest\Response\Proxy</argument>
<argument name="router" xsi:type="object">Magento\Webapi\Controller\Rest\Router\Proxy</argument>
<argument name="oauthHelper" xsi:type="object">Magento\Framework\Oauth\Helper\Request\Proxy</argument>
</arguments>
</type>
<preference for="Magento\Framework\Authorization\RoleLocatorInterface" type="Magento\Webapi\Model\WebapiRoleLocator" />
<type name="Magento\Framework\Authorization">
<plugin name="guestAuthorization" type="Magento\Webapi\Model\Plugin\GuestAuthorization" />
</type>
<!-- Configuration to check that the permissions are checked on fields -->
<virtualType name="Magento\Framework\Reflection\ExtensionAttributesProcessorPermissionChecked" type="Magento\Framework\Reflection\ExtensionAttributesProcessor">
<arguments>
<argument name="isPermissionChecked" xsi:type="boolean">true</argument>
<argument name="dataObjectProcessor" xsi:type="object">Magento\Framework\Reflection\DataObjectProcessor\Proxy</argument>
</arguments>
</virtualType>
<virtualType name="Magento\Framework\Reflection\DataObjectProcessorPermissionChecked" type="Magento\Framework\Reflection\DataObjectProcessor">
<arguments>
<argument name="extensionAttributesProcessor" xsi:type="object">Magento\Framework\Reflection\ExtensionAttributesProcessorPermissionChecked</argument>
<argument name="customAttributesProcessor" xsi:type="object">Magento\Framework\Reflection\CustomAttributesProcessor\Proxy</argument>
</arguments>
</virtualType>
<type name="Magento\Customer\Model\Authorization\CustomerSessionUserContext">
<plugin name="webApiCustomerSessionUserContext" type="Magento\Webapi\Model\Plugin\Authorization\CustomerSessionUserContext" />
</type>
<type name="Magento\Framework\Webapi\ServiceOutputProcessor">
<arguments>
<argument name="dataObjectProcessor" xsi:type="object">Magento\Framework\Reflection\DataObjectProcessorPermissionChecked</argument>
</arguments>
</type>
<!-- End of configuration to check that permissions are checked on fields -->
<preference for="Magento\Webapi\Controller\Rest\RequestProcessorInterface" type="Magento\Webapi\Controller\Rest\RequestProcessorPool" />
<type name="Magento\Webapi\Controller\Rest\RequestProcessorPool">
<arguments>
<argument name="requestProcessors" xsi:type="array">
<item name="syncSchema" xsi:type="object" sortOrder="50">Magento\Webapi\Controller\Rest\SchemaRequestProcessor</item>
<item name="sync" xsi:type="object" sortOrder="100">Magento\Webapi\Controller\Rest\SynchronousRequestProcessor</item>
</argument>
</arguments>
</type>
</config>