2014-09-06 10:00:26 +02:00
|
|
|
<?php
|
|
|
|
|
namespace Szurubooru\Services;
|
|
|
|
|
|
|
|
|
|
class PrivilegeService
|
|
|
|
|
{
|
|
|
|
|
private $authService;
|
|
|
|
|
private $privilegeMap;
|
|
|
|
|
|
|
|
|
|
public function __construct(
|
|
|
|
|
\Szurubooru\Config $config,
|
|
|
|
|
\Szurubooru\Services\AuthService $authService)
|
|
|
|
|
{
|
|
|
|
|
$this->authService = $authService;
|
|
|
|
|
|
|
|
|
|
if (isset($config->security->privileges))
|
|
|
|
|
{
|
|
|
|
|
foreach ($config->security->privileges as $privilegeName => $allowedAccessRanks)
|
|
|
|
|
{
|
|
|
|
|
$allowedAccessRanks = array_filter(preg_split('/[;,\s]+/', $allowedAccessRanks));
|
|
|
|
|
foreach ($allowedAccessRanks as $allowedAccessRank)
|
|
|
|
|
{
|
|
|
|
|
if (!isset($this->privilegeMap[$allowedAccessRank]))
|
|
|
|
|
$this->privilegeMap[$allowedAccessRank] = [];
|
2014-09-09 12:34:57 +02:00
|
|
|
$this->privilegeMap[$allowedAccessRank][] = $privilegeName;
|
2014-09-06 10:00:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getCurrentPrivileges()
|
|
|
|
|
{
|
2014-09-13 23:58:13 +02:00
|
|
|
$currentAccessRank = $this->authService->getLoggedInUser()->getAccessRank();
|
2014-09-06 10:00:26 +02:00
|
|
|
$currentAccessRankName = \Szurubooru\Helpers\EnumHelper::accessRankToString($currentAccessRank);
|
|
|
|
|
if (!isset($this->privilegeMap[$currentAccessRankName]))
|
|
|
|
|
return [];
|
|
|
|
|
return $this->privilegeMap[$currentAccessRankName];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function hasPrivilege($privilege)
|
|
|
|
|
{
|
|
|
|
|
return in_array($privilege, $this->getCurrentPrivileges());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function assertPrivilege($privilege)
|
|
|
|
|
{
|
|
|
|
|
if (!$this->hasPrivilege($privilege))
|
2014-09-27 21:33:31 +02:00
|
|
|
$this->fail();
|
2014-09-06 10:00:26 +02:00
|
|
|
}
|
|
|
|
|
|
2014-09-27 21:33:31 +02:00
|
|
|
public function assertLoggedIn($userIdentifier = null)
|
2014-09-07 14:50:16 +02:00
|
|
|
{
|
2014-09-27 21:33:31 +02:00
|
|
|
if ($userIdentifier)
|
|
|
|
|
{
|
|
|
|
|
if (!$this->isLoggedIn($userIdentifier))
|
|
|
|
|
$this->fail();
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2014-10-07 20:56:33 +02:00
|
|
|
if (!$this->authService->isLoggedIn())
|
2014-09-27 21:33:31 +02:00
|
|
|
$this->fail();
|
|
|
|
|
}
|
2014-09-07 14:50:16 +02:00
|
|
|
}
|
|
|
|
|
|
2014-09-06 10:00:26 +02:00
|
|
|
public function isLoggedIn($userIdentifier)
|
|
|
|
|
{
|
|
|
|
|
$loggedInUser = $this->authService->getLoggedInUser();
|
|
|
|
|
if ($userIdentifier instanceof \Szurubooru\Entities\User)
|
2014-09-08 13:06:32 +02:00
|
|
|
{
|
2014-09-13 23:58:13 +02:00
|
|
|
return $loggedInUser->getId() and ($loggedInUser->getId() === $userIdentifier->getId());
|
2014-09-08 13:06:32 +02:00
|
|
|
}
|
2014-09-06 10:00:26 +02:00
|
|
|
elseif (is_string($userIdentifier))
|
2014-09-08 13:06:32 +02:00
|
|
|
{
|
2014-09-13 23:58:13 +02:00
|
|
|
if ($loggedInUser->getEmail())
|
2014-09-08 13:06:32 +02:00
|
|
|
{
|
2014-09-13 23:58:13 +02:00
|
|
|
if ($loggedInUser->getEmail() === $userIdentifier)
|
2014-09-08 13:06:32 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
2014-09-13 23:58:13 +02:00
|
|
|
return $loggedInUser->getName() === $userIdentifier;
|
2014-09-08 13:06:32 +02:00
|
|
|
}
|
2014-09-06 10:00:26 +02:00
|
|
|
else
|
2014-09-08 13:06:32 +02:00
|
|
|
{
|
2014-09-06 10:00:26 +02:00
|
|
|
throw new \InvalidArgumentException('Invalid user identifier.');
|
2014-09-08 13:06:32 +02:00
|
|
|
}
|
2014-09-06 10:00:26 +02:00
|
|
|
}
|
2014-09-27 21:33:31 +02:00
|
|
|
|
|
|
|
|
private function fail()
|
|
|
|
|
{
|
|
|
|
|
throw new \DomainException('Unprivileged operation');
|
|
|
|
|
}
|
2014-09-06 10:00:26 +02:00
|
|
|
}
|
