Update

2025-11-13 19:52:28 +03:00
parent 8aeeb05b7d
commit 807dec3b6c
4646 changed files with 163445 additions and 626017 deletions
--- a/core/bitrix/modules/rest/lib/engine/MethodDescription.php
+++ b/core/bitrix/modules/rest/lib/engine/MethodDescription.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Bitrix\Rest\Engine;
+class MethodDescription
+{
+	public function __construct(private string $scope, private $class, private string $method)
+	{
+	}
+
+	public function getScope(): string
+	{
+		return $this->scope;
+	}
+
+	/**
+	 * @return mixed
+	 */
+	public function getClass()
+	{
+		return $this->class;
+	}
+
+	public function getMethod(): string
+	{
+		return $this->method;
+	}
+}
--- a/core/bitrix/modules/rest/lib/engine/access.php
+++ b/core/bitrix/modules/rest/lib/engine/access.php
@@ -501,7 +501,7 @@ class Access
 				else
 				{
 					// choose subscription
-					$code = 'limit_subscription_market_marketpaid';
+					$code = 'limit_subscription_market_access_buy_marketplus';
 				}
 			}
 		}
@@ -654,7 +654,7 @@ class Access
 		}
 		elseif ($canBuySubscription)
 		{
-			$code = 'limit_subscription_market_access_buy_marketplus';
+			$code = 'limit_subscription_market_marketpaid_trialend';
 		}
 		elseif ($isB24 && $isDemo)
 		{
--- a/core/bitrix/modules/rest/lib/engine/actionfilter/usercandooperation.php
+++ b/core/bitrix/modules/rest/lib/engine/actionfilter/usercandooperation.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Bitrix\Rest\Engine\ActionFilter;
+
+use Bitrix\Main\Error;
+use Bitrix\Main\Event;
+use Bitrix\Main\EventResult;
+
+/**
+ * @package Bitrix\Rest\Engine\ActionFilter
+ */
+class UserCanDoOperation extends Base
+{
+	public function __construct(protected readonly array $operations)
+	{
+		parent::__construct();
+	}
+
+	public function onBeforeAction(Event $event)
+	{
+		global $USER;
+
+		foreach ($this->operations as $operation)
+		{
+			if (!$USER->CanDoOperation($operation))
+			{
+				$this->addError(new Error(
+					'The current user cannot perform operation: ' . $operation,
+					\CRestApiServer::STATUS_FORBIDDEN
+				));
+
+				return new EventResult(EventResult::ERROR, null, null, $this);
+			}
+		}
+
+		return new EventResult(EventResult::SUCCESS, null, null, $this);
+	}
+}
--- a/core/bitrix/modules/rest/lib/engine/restmanager.php
+++ b/core/bitrix/modules/rest/lib/engine/restmanager.php
@@ -12,6 +12,7 @@ use Bitrix\Main\Errorable;
 use Bitrix\Main\Error;
 use Bitrix\Main\ErrorCollection;
 use Bitrix\Main\HttpResponse;
+use Bitrix\Main\SystemException;
 use Bitrix\Main\Type\Contract;
 use Bitrix\Main\Type\Date;
 use Bitrix\Main\Type\DateTime;
@@ -19,6 +20,12 @@ use Bitrix\Main\UI\PageNavigation;
 use Bitrix\Main\Web\Uri;
 use Bitrix\Rest\Engine\ScopeManager;
 use Bitrix\Rest\RestException;
+use Bitrix\Rest\V3\Controllers\RestController;
+use Bitrix\Rest\V3\Exceptions\Internal\InternalException;
+use Bitrix\Rest\V3\Exceptions\MethodNotFoundException;
+use Bitrix\Rest\V3\Interaction\Response\ArrayResponse;
+use Bitrix\Rest\V3\Interaction\Response\Response;
+use Bitrix\Rest\V3\Resolver as V3Resolver;

 class RestManager extends \IRestService
 {
@@ -56,6 +63,10 @@ class RestManager extends \IRestService
 			return false;
 		}

+		if ($controller instanceof RestController) { // rest V1 do not support V3 methods
+			return false;
+		}
+
 		return [
 			'scope' => static::getModuleScopeAlias($potentialActionData['scope']),
 			'callback' => [
@@ -109,7 +120,7 @@ class RestManager extends \IRestService
 	 * Processes method to services.
 	 *
 	 * @param array $params Input parameters ($_GET, $_POST).
-	 * @param     string $start Start position.
+	 * @param string $start Start position.
 	 * @param \CRestServer $restServer REST server.
 	 *
 	 * @return array
@@ -130,6 +141,7 @@ class RestManager extends \IRestService
 			['action' => $methodData['method']],
 			[], [], []
 		);
+
 		$router = new Engine\Router($request);

 		/** @var Controller $controller */
@@ -139,6 +151,7 @@ class RestManager extends \IRestService
 			$router->getAction(),
 			Controller::SCOPE_REST
 		);
+
 		if (!$controller)
 		{
 			throw new RestException("Unknown {$method}. There is not controller in module {$router->getModule()}");
@@ -351,13 +364,19 @@ class RestManager extends \IRestService

 		$firstError = reset($errors);

-		return new RestException($firstError->getMessage(), $firstError->getCode());
+		return new RestException(
+			$firstError->getMessage(). " (internal error)", // should be just "internal error" here to avoid exposing details
+			$firstError->getCode(),
+			previous: $firstError->getCustomData() instanceof \Bitrix\Rest\V3\Exceptions\RestException
+				? $firstError->getCustomData()
+				: null
+		);
 	}

 	/**
 	 * @param array $autoWirings
 	 */
-	private function registerAutoWirings(array $autoWirings): void
+	public function registerAutoWirings(array $autoWirings): void
 	{
 		foreach ($autoWirings as $parameter)
 		{
@@ -368,7 +387,7 @@ class RestManager extends \IRestService
 	/**
 	 * @param array $autoWirings
 	 */
-	private function unRegisterAutoWirings(array $autoWirings): void
+	public function unRegisterAutoWirings(array $autoWirings): void
 	{
 		foreach ($autoWirings as $parameter)
 		{
@@ -379,7 +398,7 @@ class RestManager extends \IRestService
 	/**
 	 * @return array
 	 */
-	private function getAutoWirings(): array
+	public function getAutoWirings(): array
 	{
 		$buildRules = [
 			'restServer' => [
--- a/core/bitrix/modules/rest/lib/engine/scopemanager.php
+++ b/core/bitrix/modules/rest/lib/engine/scopemanager.php
@@ -93,6 +93,11 @@ class ScopeManager
 							);
 						}
 					}
+
+					if (isset($controllersConfig['rest']) && !isset($this->scopeList[$moduleId])) // scopes for V3
+					{
+						$this->scopeList[$moduleId] = $moduleId;
+					}
 				}
 			}