szurubooru/src/Access.php

<?php
class Access
{
	private static $privileges = [];
	private static $checkPrivileges = true;

	public static function init()
	{
		self::$privileges = [];
		foreach (getConfig()->privileges as $key => $minAccessRankName)
		{
			if (strpos($key, '.') === false)
				$key .= '.';
			list ($privilegeName, $subPrivilegeName) = explode('.', $key);

			$privilegeName = TextCaseConverter::convert($privilegeName,
				TextCaseConverter::CAMEL_CASE,
				TextCaseConverter::SPINAL_CASE);
			$subPrivilegeName = TextCaseConverter::convert($subPrivilegeName,
				TextCaseConverter::CAMEL_CASE,
				TextCaseConverter::SPINAL_CASE);

			$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');

			$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
			self::$privileges[$key] = $minAccessRank;

			if (!isset(self::$privileges[$privilegeName]))
			{
				self::$privileges[$privilegeName] = $minAccessRank;
			}
		}

		//todo: move to scripts etc.
		#if (php_sapi_name() == 'cli')
		#	self::disablePrivilegeChecking();
	}

	public static function check(Privilege $privilege, $user = null)
	{
		if (!self::$checkPrivileges)
			return true;

		if ($user === null)
			$user = Auth::getCurrentUser();

		$minAccessRank = AccessRank::Nobody;

		$key = TextCaseConverter::convert($privilege->toString(),
			TextCaseConverter::CAMEL_CASE,
			TextCaseConverter::SPINAL_CASE);

		$privilege->secondary = null;
		$key2 = TextCaseConverter::convert($privilege->toString(),
			TextCaseConverter::CAMEL_CASE,
			TextCaseConverter::SPINAL_CASE);

		if (isset(self::$privileges[$key]))
			$minAccessRank = self::$privileges[$key];
		elseif (isset(self::$privileges[$key2]))
			$minAccessRank = self::$privileges[$key2];

		return $user->getAccessRank()->toInteger() >= $minAccessRank;
	}

	public static function checkEmailConfirmation($user = null)
	{
		if (!self::$checkPrivileges)
			return true;

		if ($user === null)
			$user = Auth::getCurrentUser();

		if (!$user->getConfirmedEmail())
			return false;
		return true;
	}

	public static function assertAuthentication()
	{
		if (!Auth::isLoggedIn())
			self::fail('Not logged in');
	}

	public static function assert(Privilege $privilege, $user = null)
	{
		if (!self::check($privilege, $user))
			self::fail('Insufficient privileges (' . $privilege->toString() . ')');
	}

	public static function assertEmailConfirmation($user = null)
	{
		if (!self::checkEmailConfirmation($user))
			self::fail('Need e-mail address confirmation to continue');
	}

	public static function fail($message)
	{
		throw new AccessException($message);
	}

	public static function getIdentity($user)
	{
		if (!$user)
			return 'all';
		return $user->getId() == Auth::getCurrentUser()->getId() ? 'own' : 'all';
	}

	public static function getAllowedSafety()
	{
		if (!self::$checkPrivileges)
			return PostSafety::getAll();

		return array_filter(PostSafety::getAll(), function($safety)
		{
			return Access::check(new Privilege(Privilege::ListPosts, $safety->toString()))
				and Auth::getCurrentUser()->hasEnabledSafety($safety);
		});
	}

	public static function disablePrivilegeChecking()
	{
		self::$checkPrivileges = false;
	}

	public static function enablePrivilegeChecking()
	{
		self::$checkPrivileges = true;
	}
}
Added privileges support 2013-10-06 13:21:16 +02:00			`<?php`
PrivilegesHelper shortened to Access Methods are shorter, too 2014-04-29 23:52:17 +02:00			`class Access`
Added privileges support 2013-10-06 13:21:16 +02:00			`{`
			`private static $privileges = [];`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00			`private static $checkPrivileges = true;`
Added privileges support 2013-10-06 13:21:16 +02:00
			`public static function init()`
			`{`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00			`self::$privileges = [];`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`foreach (getConfig()->privileges as $key => $minAccessRankName)`
Added privileges support 2013-10-06 13:21:16 +02:00			`{`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00			`if (strpos($key, '.') === false)`
			`$key .= '.';`
Closed #43 2013-10-18 00:09:50 +02:00			`list ($privilegeName, $subPrivilegeName) = explode('.', $key);`
Text case conversion moved to gist 2014-04-12 16:22:30 +02:00
			`$privilegeName = TextCaseConverter::convert($privilegeName,`
			`TextCaseConverter::CAMEL_CASE,`
			`TextCaseConverter::SPINAL_CASE);`
			`$subPrivilegeName = TextCaseConverter::convert($subPrivilegeName,`
			`TextCaseConverter::CAMEL_CASE,`
			`TextCaseConverter::SPINAL_CASE);`

Closed #43 2013-10-18 00:09:50 +02:00			`$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00
Added privileges support 2013-10-06 13:21:16 +02:00			`$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00			`self::$privileges[$key] = $minAccessRank;`
Registered users can mass tag their own posts 2014-02-20 18:44:51 +01:00
More restrictive privilege system 2014-05-06 13:07:24 +02:00			`if (!isset(self::$privileges[$privilegeName]))`
Registered users can mass tag their own posts 2014-02-20 18:44:51 +01:00			`{`
			`self::$privileges[$privilegeName] = $minAccessRank;`
			`}`
Added privileges support 2013-10-06 13:21:16 +02:00			`}`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00
			`//todo: move to scripts etc.`
			`#if (php_sapi_name() == 'cli')`
			`# self::disablePrivilegeChecking();`
Added privileges support 2013-10-06 13:21:16 +02:00			`}`

Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`public static function check(Privilege $privilege, $user = null)`
Added privileges support 2013-10-06 13:21:16 +02:00			`{`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00			`if (!self::$checkPrivileges)`
Added script for CLI post search Other updates include removing unnecessary context retrieval and making post query builder CLI friendly. 2013-10-30 22:38:59 +01:00			`return true;`

Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`if ($user === null)`
			`$user = Auth::getCurrentUser();`

Changed default access rank from admin to none 2014-05-02 08:14:16 +02:00			`$minAccessRank = AccessRank::Nobody;`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00
Implemented new enums 2014-05-04 19:06:40 +02:00			`$key = TextCaseConverter::convert($privilege->toString(),`
Text case conversion moved to gist 2014-04-12 16:22:30 +02:00			`TextCaseConverter::CAMEL_CASE,`
			`TextCaseConverter::SPINAL_CASE);`

Implemented new enums 2014-05-04 19:06:40 +02:00			`$privilege->secondary = null;`
			`$key2 = TextCaseConverter::convert($privilege->toString(),`
			`TextCaseConverter::CAMEL_CASE,`
			`TextCaseConverter::SPINAL_CASE);`

Safety-related privileges; internals 2013-10-07 23:17:33 +02:00			`if (isset(self::$privileges[$key]))`
			`$minAccessRank = self::$privileges[$key];`
Implemented new enums 2014-05-04 19:06:40 +02:00			`elseif (isset(self::$privileges[$key2]))`
			`$minAccessRank = self::$privileges[$key2];`
Safety-related privileges; internals 2013-10-07 23:17:33 +02:00
Implemented new enums 2014-05-04 19:06:40 +02:00			`return $user->getAccessRank()->toInteger() >= $minAccessRank;`
Added privileges support 2013-10-06 13:21:16 +02:00			`}`

Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`public static function checkEmailConfirmation($user = null)`
			`{`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00			`if (!self::$checkPrivileges)`
			`return true;`

Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`if ($user === null)`
			`$user = Auth::getCurrentUser();`

Fixed issues with confirmation e-mails 2014-05-07 09:26:04 +02:00			`if (!$user->getConfirmedEmail())`
Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`return false;`
			`return true;`
			`}`

Moved authentication check to Access 2014-05-01 16:18:42 +02:00			`public static function assertAuthentication()`
			`{`
			`if (!Auth::isLoggedIn())`
Changes to privilege system 2014-05-04 16:27:15 +02:00			`self::fail('Not logged in');`
Moved authentication check to Access 2014-05-01 16:18:42 +02:00			`}`

Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`public static function assert(Privilege $privilege, $user = null)`
Added privileges support 2013-10-06 13:21:16 +02:00			`{`
Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`if (!self::check($privilege, $user))`
Better privilege checking for batch operations 2014-05-06 19:39:41 +02:00			`self::fail('Insufficient privileges (' . $privilege->toString() . ')');`
Added privileges support 2013-10-06 13:21:16 +02:00			`}`
Closed #32 2013-10-16 18:07:23 +02:00
Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`public static function assertEmailConfirmation($user = null)`
Closed #32 2013-10-16 18:07:23 +02:00			`{`
Fixed login when mail activation is enabled 2014-05-05 08:25:52 +02:00			`if (!self::checkEmailConfirmation($user))`
Changes to privilege system 2014-05-04 16:27:15 +02:00			`self::fail('Need e-mail address confirmation to continue');`
			`}`

Better privilege checking for batch operations 2014-05-06 19:39:41 +02:00			`public static function fail($message)`
Changes to privilege system 2014-05-04 16:27:15 +02:00			`{`
Better privilege checking for batch operations 2014-05-06 19:39:41 +02:00			`throw new AccessException($message);`
Closed #32 2013-10-16 18:07:23 +02:00			`}`
Tag list respects safety settings 2013-10-30 16:22:46 +01:00
Simplified auth 2014-05-01 16:12:37 +02:00			`public static function getIdentity($user)`
			`{`
			`if (!$user)`
			`return 'all';`
Continued work on getter/setters: entity IDs 2014-05-05 21:20:40 +02:00			`return $user->getId() == Auth::getCurrentUser()->getId() ? 'own' : 'all';`
Simplified auth 2014-05-01 16:12:37 +02:00			`}`

Tag list respects safety settings 2013-10-30 16:22:46 +01:00			`public static function getAllowedSafety()`
			`{`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00			`if (!self::$checkPrivileges)`
Added script for CLI post search Other updates include removing unnecessary context retrieval and making post query builder CLI friendly. 2013-10-30 22:38:59 +01:00			`return PostSafety::getAll();`

Simplified auth 2014-05-01 16:12:37 +02:00			`return array_filter(PostSafety::getAll(), function($safety)`
Tag list respects safety settings 2013-10-30 16:22:46 +01:00			`{`
Implemented new enums 2014-05-04 19:06:40 +02:00			`return Access::check(new Privilege(Privilege::ListPosts, $safety->toString()))`
Simplified auth 2014-05-01 16:12:37 +02:00			`and Auth::getCurrentUser()->hasEnabledSafety($safety);`
Tag list respects safety settings 2013-10-30 16:22:46 +01:00			`});`
			`}`
Moved security disabling from Api to Access 2014-05-05 11:05:57 +02:00
			`public static function disablePrivilegeChecking()`
			`{`
			`self::$checkPrivileges = false;`
			`}`

			`public static function enablePrivilegeChecking()`
			`{`
			`self::$checkPrivileges = true;`
			`}`
Added privileges support 2013-10-06 13:21:16 +02:00			`}`