szurubooru/src/Services/PrivilegeService.php

<?php
namespace Szurubooru\Services;

class PrivilegeService
{
	private $authService;
	private $privilegeMap;

	public function __construct(
		\Szurubooru\Config $config,
		\Szurubooru\Services\AuthService $authService)
	{
		$this->authService = $authService;

		if (isset($config->security->privileges))
		{
			foreach ($config->security->privileges as $privilegeName => $allowedAccessRanks)
			{
				$allowedAccessRanks = array_filter(preg_split('/[;,\s]+/', $allowedAccessRanks));
				foreach ($allowedAccessRanks as $allowedAccessRank)
				{
					if (!isset($this->privilegeMap[$allowedAccessRank]))
						$this->privilegeMap[$allowedAccessRank] = [];
					$this->privilegeMap[$allowedAccessRank][] = $privilegeName;
				}
			}
		}
	}

	public function getCurrentPrivileges()
	{
		$currentAccessRank = $this->authService->getLoggedInUser()->accessRank;
		$currentAccessRankName = \Szurubooru\Helpers\EnumHelper::accessRankToString($currentAccessRank);
		if (!isset($this->privilegeMap[$currentAccessRankName]))
			return [];
		return $this->privilegeMap[$currentAccessRankName];
	}

	public function hasPrivilege($privilege)
	{
		return in_array($privilege, $this->getCurrentPrivileges());
	}

	public function assertPrivilege($privilege)
	{
		if (!$this->hasPrivilege($privilege))
			throw new \DomainException('Unprivileged operation');
	}

	public function assertLoggedIn($userIdentifier)
	{
		if (!$this->isLoggedIn($userIdentifier))
			throw new \DomainException('Unprivileged operation');
	}

	public function isLoggedIn($userIdentifier)
	{
		$loggedInUser = $this->authService->getLoggedInUser();
		if ($userIdentifier instanceof \Szurubooru\Entities\User)
		{
			return $loggedInUser->name === $userIdentifier->name;
		}
		elseif (is_string($userIdentifier))
		{
			if ($loggedInUser->email)
			{
				if ($loggedInUser->email === $userIdentifier)
					return true;
			}
			return $loggedInUser->name === $userIdentifier;
		}
		else
		{
			throw new \InvalidArgumentException('Invalid user identifier.');
		}
	}
}
Refactored privilege system 2014-09-06 10:00:26 +02:00			`<?php`
			`namespace Szurubooru\Services;`

			`class PrivilegeService`
			`{`
			`private $authService;`
			`private $privilegeMap;`

			`public function __construct(`
			`\Szurubooru\Config $config,`
			`\Szurubooru\Services\AuthService $authService)`
			`{`
			`$this->authService = $authService;`

			`if (isset($config->security->privileges))`
			`{`
			`foreach ($config->security->privileges as $privilegeName => $allowedAccessRanks)`
			`{`
			`$allowedAccessRanks = array_filter(preg_split('/[;,\s]+/', $allowedAccessRanks));`
			`foreach ($allowedAccessRanks as $allowedAccessRank)`
			`{`
			`if (!isset($this->privilegeMap[$allowedAccessRank]))`
			`$this->privilegeMap[$allowedAccessRank] = [];`
Improved PHP style 2014-09-09 12:34:57 +02:00			`$this->privilegeMap[$allowedAccessRank][] = $privilegeName;`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`}`
			`}`
			`}`
			`}`

			`public function getCurrentPrivileges()`
			`{`
			`$currentAccessRank = $this->authService->getLoggedInUser()->accessRank;`
			`$currentAccessRankName = \Szurubooru\Helpers\EnumHelper::accessRankToString($currentAccessRank);`
			`if (!isset($this->privilegeMap[$currentAccessRankName]))`
			`return [];`
			`return $this->privilegeMap[$currentAccessRankName];`
			`}`

			`public function hasPrivilege($privilege)`
			`{`
			`return in_array($privilege, $this->getCurrentPrivileges());`
			`}`

			`public function assertPrivilege($privilege)`
			`{`
			`if (!$this->hasPrivilege($privilege))`
			`throw new \DomainException('Unprivileged operation');`
			`}`

Added browsing settings 2014-09-07 14:50:16 +02:00			`public function assertLoggedIn($userIdentifier)`
			`{`
			`if (!$this->isLoggedIn($userIdentifier))`
			`throw new \DomainException('Unprivileged operation');`
			`}`

Refactored privilege system 2014-09-06 10:00:26 +02:00			`public function isLoggedIn($userIdentifier)`
			`{`
			`$loggedInUser = $this->authService->getLoggedInUser();`
			`if ($userIdentifier instanceof \Szurubooru\Entities\User)`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`{`
Improved PHP style 2014-09-09 12:34:57 +02:00			`return $loggedInUser->name === $userIdentifier->name;`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`}`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`elseif (is_string($userIdentifier))`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`{`
			`if ($loggedInUser->email)`
			`{`
Improved PHP style 2014-09-09 12:34:57 +02:00			`if ($loggedInUser->email === $userIdentifier)`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`return true;`
			`}`
Improved PHP style 2014-09-09 12:34:57 +02:00			`return $loggedInUser->name === $userIdentifier;`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`}`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`else`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`{`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`throw new \InvalidArgumentException('Invalid user identifier.');`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`}`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`}`
			`}`