szurubooru/src/Access.php

132 lines
3.2 KiB
PHP
Raw Normal View History

2013-10-06 13:21:16 +02:00
<?php
class Access
2013-10-06 13:21:16 +02:00
{
private static $privileges = [];
private static $checkPrivileges = true;
2013-10-06 13:21:16 +02:00
public static function init()
{
2013-10-07 23:17:33 +02:00
self::$privileges = [];
2014-04-29 21:35:29 +02:00
foreach (getConfig()->privileges as $key => $minAccessRankName)
2013-10-06 13:21:16 +02:00
{
2013-10-07 23:17:33 +02:00
if (strpos($key, '.') === false)
$key .= '.';
2013-10-18 00:09:50 +02:00
list ($privilegeName, $subPrivilegeName) = explode('.', $key);
2014-04-12 16:22:30 +02:00
$privilegeName = TextCaseConverter::convert($privilegeName,
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
$subPrivilegeName = TextCaseConverter::convert($subPrivilegeName,
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
2013-10-18 00:09:50 +02:00
$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
2013-10-07 23:17:33 +02:00
2013-10-06 13:21:16 +02:00
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
2013-10-07 23:17:33 +02:00
self::$privileges[$key] = $minAccessRank;
2014-05-06 13:07:24 +02:00
if (!isset(self::$privileges[$privilegeName]))
{
self::$privileges[$privilegeName] = $minAccessRank;
}
2013-10-06 13:21:16 +02:00
}
//todo: move to scripts etc.
#if (php_sapi_name() == 'cli')
# self::disablePrivilegeChecking();
2013-10-06 13:21:16 +02:00
}
public static function check(Privilege $privilege, $user = null)
2013-10-06 13:21:16 +02:00
{
if (!self::$checkPrivileges)
return true;
if ($user === null)
$user = Auth::getCurrentUser();
$minAccessRank = AccessRank::Nobody;
2013-10-07 23:17:33 +02:00
2014-05-04 19:06:40 +02:00
$key = TextCaseConverter::convert($privilege->toString(),
2014-04-12 16:22:30 +02:00
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
2014-05-04 19:06:40 +02:00
$privilege->secondary = null;
$key2 = TextCaseConverter::convert($privilege->toString(),
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
2013-10-07 23:17:33 +02:00
if (isset(self::$privileges[$key]))
$minAccessRank = self::$privileges[$key];
2014-05-04 19:06:40 +02:00
elseif (isset(self::$privileges[$key2]))
$minAccessRank = self::$privileges[$key2];
2013-10-07 23:17:33 +02:00
2014-05-04 19:06:40 +02:00
return $user->getAccessRank()->toInteger() >= $minAccessRank;
2013-10-06 13:21:16 +02:00
}
public static function checkEmailConfirmation($user = null)
{
if (!self::$checkPrivileges)
return true;
if ($user === null)
$user = Auth::getCurrentUser();
if (!$user->emailConfirmed)
return false;
return true;
}
2014-05-01 16:18:42 +02:00
public static function assertAuthentication()
{
if (!Auth::isLoggedIn())
2014-05-04 16:27:15 +02:00
self::fail('Not logged in');
2014-05-01 16:18:42 +02:00
}
public static function assert(Privilege $privilege, $user = null)
2013-10-06 13:21:16 +02:00
{
if (!self::check($privilege, $user))
self::fail('Insufficient privileges (' . $privilege->toString() . ')');
2013-10-06 13:21:16 +02:00
}
2013-10-16 18:07:23 +02:00
public static function assertEmailConfirmation($user = null)
2013-10-16 18:07:23 +02:00
{
if (!self::checkEmailConfirmation($user))
2014-05-04 16:27:15 +02:00
self::fail('Need e-mail address confirmation to continue');
}
public static function fail($message)
2014-05-04 16:27:15 +02:00
{
throw new AccessException($message);
2013-10-16 18:07:23 +02:00
}
2013-10-30 16:22:46 +01:00
2014-05-01 16:12:37 +02:00
public static function getIdentity($user)
{
if (!$user)
return 'all';
return $user->getId() == Auth::getCurrentUser()->getId() ? 'own' : 'all';
2014-05-01 16:12:37 +02:00
}
2013-10-30 16:22:46 +01:00
public static function getAllowedSafety()
{
if (!self::$checkPrivileges)
return PostSafety::getAll();
2014-05-01 16:12:37 +02:00
return array_filter(PostSafety::getAll(), function($safety)
2013-10-30 16:22:46 +01:00
{
2014-05-04 19:06:40 +02:00
return Access::check(new Privilege(Privilege::ListPosts, $safety->toString()))
2014-05-01 16:12:37 +02:00
and Auth::getCurrentUser()->hasEnabledSafety($safety);
2013-10-30 16:22:46 +01:00
});
}
public static function disablePrivilegeChecking()
{
self::$checkPrivileges = false;
}
public static function enablePrivilegeChecking()
{
self::$checkPrivileges = true;
}
2013-10-06 13:21:16 +02:00
}