private function isWhitelisted(Request $request)
{
$filter = $this->params['transformations'];
if (empty($filter['whitelist']) && empty($filter['blacklist'])) {
// No filter has been configured
return false;
}
// Fetch transformations from the request
$transformations = $request->getTransformations();
if (empty($transformations)) {
// No transformations are present in the request, no need to check
return false;
}
$whitelist = array_flip($filter['whitelist']);
$blacklist = array_flip($filter['blacklist']);
foreach ($transformations as $transformation) {
if (isset($blacklist[$transformation['name']])) {
// Transformation is explicitly blacklisted
return false;
}
if (!empty($whitelist) && !isset($whitelist[$transformation['name']])) {
// We have a whitelist, but the transformation is not listed in it, so we must deny
// the request
return false;
}
}
// All transformations in the request are whitelisted
return true;
}