2013-10-06 13:21:16 +02:00
|
|
|
<?php
|
2014-04-29 23:52:17 +02:00
|
|
|
class Access
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
|
|
|
|
private static $privileges = [];
|
|
|
|
|
|
|
|
|
|
public static function init()
|
|
|
|
|
{
|
2013-10-07 23:17:33 +02:00
|
|
|
self::$privileges = [];
|
2014-04-29 21:35:29 +02:00
|
|
|
foreach (getConfig()->privileges as $key => $minAccessRankName)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2013-10-07 23:17:33 +02:00
|
|
|
if (strpos($key, '.') === false)
|
|
|
|
|
$key .= '.';
|
2013-10-18 00:09:50 +02:00
|
|
|
list ($privilegeName, $subPrivilegeName) = explode('.', $key);
|
2014-04-12 16:22:30 +02:00
|
|
|
|
|
|
|
|
$privilegeName = TextCaseConverter::convert($privilegeName,
|
|
|
|
|
TextCaseConverter::CAMEL_CASE,
|
|
|
|
|
TextCaseConverter::SPINAL_CASE);
|
|
|
|
|
$subPrivilegeName = TextCaseConverter::convert($subPrivilegeName,
|
|
|
|
|
TextCaseConverter::CAMEL_CASE,
|
|
|
|
|
TextCaseConverter::SPINAL_CASE);
|
|
|
|
|
|
2013-10-18 00:09:50 +02:00
|
|
|
$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
|
2013-10-07 23:17:33 +02:00
|
|
|
|
2013-10-06 13:21:16 +02:00
|
|
|
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
|
2013-10-07 23:17:33 +02:00
|
|
|
self::$privileges[$key] = $minAccessRank;
|
2014-02-20 18:44:51 +01:00
|
|
|
|
|
|
|
|
if (!isset(self::$privileges[$privilegeName]) or
|
|
|
|
|
self::$privileges[$privilegeName] > $minAccessRank)
|
|
|
|
|
{
|
|
|
|
|
self::$privileges[$privilegeName] = $minAccessRank;
|
|
|
|
|
}
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-05-04 16:27:15 +02:00
|
|
|
public static function check(Privilege $privilege)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2013-10-30 22:38:59 +01:00
|
|
|
if (php_sapi_name() == 'cli')
|
|
|
|
|
return true;
|
|
|
|
|
|
2014-05-01 16:12:37 +02:00
|
|
|
$user = Auth::getCurrentUser();
|
2014-05-02 08:14:16 +02:00
|
|
|
$minAccessRank = AccessRank::Nobody;
|
2013-10-07 23:17:33 +02:00
|
|
|
|
2014-05-04 16:27:15 +02:00
|
|
|
$key = TextCaseConverter::convert(Privilege::toString($privilege->primary),
|
2014-04-12 16:22:30 +02:00
|
|
|
TextCaseConverter::CAMEL_CASE,
|
|
|
|
|
TextCaseConverter::SPINAL_CASE);
|
|
|
|
|
|
2013-10-07 23:17:33 +02:00
|
|
|
if (isset(self::$privileges[$key]))
|
|
|
|
|
{
|
|
|
|
|
$minAccessRank = self::$privileges[$key];
|
|
|
|
|
}
|
2014-05-04 16:27:15 +02:00
|
|
|
if ($privilege->secondary != null)
|
2013-10-07 23:17:33 +02:00
|
|
|
{
|
2014-05-04 16:27:15 +02:00
|
|
|
$key2 = $key . '.' . strtolower($privilege->secondary);
|
2013-10-07 23:17:33 +02:00
|
|
|
if (isset(self::$privileges[$key2]))
|
|
|
|
|
{
|
|
|
|
|
$minAccessRank = self::$privileges[$key2];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-18 15:10:53 +01:00
|
|
|
return intval($user->accessRank) >= $minAccessRank;
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
|
|
|
|
|
2014-05-01 16:18:42 +02:00
|
|
|
public static function assertAuthentication()
|
|
|
|
|
{
|
|
|
|
|
if (!Auth::isLoggedIn())
|
2014-05-04 16:27:15 +02:00
|
|
|
self::fail('Not logged in');
|
2014-05-01 16:18:42 +02:00
|
|
|
}
|
|
|
|
|
|
2014-05-04 16:27:15 +02:00
|
|
|
public static function assert(Privilege $privilege)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2014-05-04 16:27:15 +02:00
|
|
|
if (!self::check($privilege))
|
|
|
|
|
self::fail();
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
2013-10-16 18:07:23 +02:00
|
|
|
|
2014-04-29 23:52:17 +02:00
|
|
|
public static function assertEmailConfirmation()
|
2013-10-16 18:07:23 +02:00
|
|
|
{
|
2014-05-01 16:12:37 +02:00
|
|
|
$user = Auth::getCurrentUser();
|
2013-12-18 15:10:53 +01:00
|
|
|
if (!$user->emailConfirmed)
|
2014-05-04 16:27:15 +02:00
|
|
|
self::fail('Need e-mail address confirmation to continue');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function fail($message = 'Insufficient privileges')
|
|
|
|
|
{
|
|
|
|
|
throw new SimpleException($message);
|
2013-10-16 18:07:23 +02:00
|
|
|
}
|
2013-10-30 16:22:46 +01:00
|
|
|
|
2014-05-01 16:12:37 +02:00
|
|
|
public static function getIdentity($user)
|
|
|
|
|
{
|
|
|
|
|
if (!$user)
|
|
|
|
|
return 'all';
|
|
|
|
|
return $user->id == Auth::getCurrentUser()->id ? 'own' : 'all';
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-30 16:22:46 +01:00
|
|
|
public static function getAllowedSafety()
|
|
|
|
|
{
|
2013-10-30 22:38:59 +01:00
|
|
|
if (php_sapi_name() == 'cli')
|
|
|
|
|
return PostSafety::getAll();
|
|
|
|
|
|
2014-05-01 16:12:37 +02:00
|
|
|
return array_filter(PostSafety::getAll(), function($safety)
|
2013-10-30 16:22:46 +01:00
|
|
|
{
|
2014-05-04 16:27:15 +02:00
|
|
|
return Access::check(new Privilege(Privilege::ListPosts, PostSafety::toString($safety)))
|
2014-05-01 16:12:37 +02:00
|
|
|
and Auth::getCurrentUser()->hasEnabledSafety($safety);
|
2013-10-30 16:22:46 +01:00
|
|
|
});
|
|
|
|
|
}
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
|
|
|
|
|
2014-04-29 23:52:17 +02:00
|
|
|
Access::init();
|
