2013-10-06 13:21:16 +02:00
|
|
|
<?php
|
2014-04-29 23:52:17 +02:00
|
|
|
class Access
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
|
|
|
private static $privileges = [];
|
2014-05-05 11:05:57 +02:00
|
|
|
private static $checkPrivileges = true;
|
2013-10-06 13:21:16 +02:00
|
|
|
|
|
|
|
public static function init()
|
|
|
|
{
|
2013-10-07 23:17:33 +02:00
|
|
|
self::$privileges = [];
|
2014-05-15 10:32:53 +02:00
|
|
|
foreach (Core::getConfig()->privileges as $key => $minAccessRankName)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2013-10-07 23:17:33 +02:00
|
|
|
if (strpos($key, '.') === false)
|
|
|
|
$key .= '.';
|
2013-10-18 00:09:50 +02:00
|
|
|
list ($privilegeName, $subPrivilegeName) = explode('.', $key);
|
2014-04-12 16:22:30 +02:00
|
|
|
|
2013-10-18 00:09:50 +02:00
|
|
|
$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
|
2013-10-07 23:17:33 +02:00
|
|
|
|
2014-05-17 15:00:30 +02:00
|
|
|
if (!in_array($privilegeName, Privilege::getAllConstants()))
|
|
|
|
throw new Exception('Invalid privilege name in config: ' . $privilegeName);
|
|
|
|
|
2013-10-06 13:21:16 +02:00
|
|
|
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
|
2013-10-07 23:17:33 +02:00
|
|
|
self::$privileges[$key] = $minAccessRank;
|
2014-02-20 18:44:51 +01:00
|
|
|
|
2014-05-06 13:07:24 +02:00
|
|
|
if (!isset(self::$privileges[$privilegeName]))
|
2014-02-20 18:44:51 +01:00
|
|
|
{
|
|
|
|
self::$privileges[$privilegeName] = $minAccessRank;
|
|
|
|
}
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
2014-05-05 11:05:57 +02:00
|
|
|
|
|
|
|
//todo: move to scripts etc.
|
|
|
|
#if (php_sapi_name() == 'cli')
|
|
|
|
# self::disablePrivilegeChecking();
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
public static function check(Privilege $privilege, $user = null)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2014-05-05 11:05:57 +02:00
|
|
|
if (!self::$checkPrivileges)
|
2013-10-30 22:38:59 +01:00
|
|
|
return true;
|
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
if ($user === null)
|
|
|
|
$user = Auth::getCurrentUser();
|
|
|
|
|
2014-05-02 08:14:16 +02:00
|
|
|
$minAccessRank = AccessRank::Nobody;
|
2013-10-07 23:17:33 +02:00
|
|
|
|
2014-05-17 15:00:30 +02:00
|
|
|
$key = $privilege->toString();
|
2014-05-04 19:06:40 +02:00
|
|
|
$privilege->secondary = null;
|
2014-05-17 15:00:30 +02:00
|
|
|
$key2 = $privilege->toString();
|
2014-05-04 19:06:40 +02:00
|
|
|
|
2013-10-07 23:17:33 +02:00
|
|
|
if (isset(self::$privileges[$key]))
|
|
|
|
$minAccessRank = self::$privileges[$key];
|
2014-05-04 19:06:40 +02:00
|
|
|
elseif (isset(self::$privileges[$key2]))
|
|
|
|
$minAccessRank = self::$privileges[$key2];
|
2013-10-07 23:17:33 +02:00
|
|
|
|
2014-05-04 19:06:40 +02:00
|
|
|
return $user->getAccessRank()->toInteger() >= $minAccessRank;
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
public static function checkEmailConfirmation($user = null)
|
|
|
|
{
|
2014-05-05 11:05:57 +02:00
|
|
|
if (!self::$checkPrivileges)
|
|
|
|
return true;
|
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
if ($user === null)
|
|
|
|
$user = Auth::getCurrentUser();
|
|
|
|
|
2014-05-07 09:26:04 +02:00
|
|
|
if (!$user->getConfirmedEmail())
|
2014-05-05 08:25:52 +02:00
|
|
|
return false;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-05-01 16:18:42 +02:00
|
|
|
public static function assertAuthentication()
|
|
|
|
{
|
|
|
|
if (!Auth::isLoggedIn())
|
2014-05-04 16:27:15 +02:00
|
|
|
self::fail('Not logged in');
|
2014-05-01 16:18:42 +02:00
|
|
|
}
|
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
public static function assert(Privilege $privilege, $user = null)
|
2013-10-06 13:21:16 +02:00
|
|
|
{
|
2014-05-05 08:25:52 +02:00
|
|
|
if (!self::check($privilege, $user))
|
2014-05-17 15:00:30 +02:00
|
|
|
self::fail('Insufficient privileges (' . $privilege->toDisplayString() . ')');
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|
2013-10-16 18:07:23 +02:00
|
|
|
|
2014-05-05 08:25:52 +02:00
|
|
|
public static function assertEmailConfirmation($user = null)
|
2013-10-16 18:07:23 +02:00
|
|
|
{
|
2014-05-05 08:25:52 +02:00
|
|
|
if (!self::checkEmailConfirmation($user))
|
2014-05-04 16:27:15 +02:00
|
|
|
self::fail('Need e-mail address confirmation to continue');
|
|
|
|
}
|
|
|
|
|
2014-05-06 19:39:41 +02:00
|
|
|
public static function fail($message)
|
2014-05-04 16:27:15 +02:00
|
|
|
{
|
2014-05-06 19:39:41 +02:00
|
|
|
throw new AccessException($message);
|
2013-10-16 18:07:23 +02:00
|
|
|
}
|
2013-10-30 16:22:46 +01:00
|
|
|
|
2014-05-01 16:12:37 +02:00
|
|
|
public static function getIdentity($user)
|
|
|
|
{
|
|
|
|
if (!$user)
|
|
|
|
return 'all';
|
2014-05-05 21:20:40 +02:00
|
|
|
return $user->getId() == Auth::getCurrentUser()->getId() ? 'own' : 'all';
|
2014-05-01 16:12:37 +02:00
|
|
|
}
|
|
|
|
|
2013-10-30 16:22:46 +01:00
|
|
|
public static function getAllowedSafety()
|
|
|
|
{
|
2014-05-05 11:05:57 +02:00
|
|
|
if (!self::$checkPrivileges)
|
2013-10-30 22:38:59 +01:00
|
|
|
return PostSafety::getAll();
|
|
|
|
|
2014-05-01 16:12:37 +02:00
|
|
|
return array_filter(PostSafety::getAll(), function($safety)
|
2013-10-30 16:22:46 +01:00
|
|
|
{
|
2014-05-04 19:06:40 +02:00
|
|
|
return Access::check(new Privilege(Privilege::ListPosts, $safety->toString()))
|
2014-05-13 23:10:56 +02:00
|
|
|
and Auth::getCurrentUser()->getSettings()->hasEnabledSafety($safety);
|
2013-10-30 16:22:46 +01:00
|
|
|
});
|
|
|
|
}
|
2014-05-05 11:05:57 +02:00
|
|
|
|
|
|
|
public static function disablePrivilegeChecking()
|
|
|
|
{
|
|
|
|
self::$checkPrivileges = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function enablePrivilegeChecking()
|
|
|
|
{
|
|
|
|
self::$checkPrivileges = true;
|
|
|
|
}
|
2013-10-06 13:21:16 +02:00
|
|
|
}
|