Added subprivilege authentication

This commit is contained in:
Marcin Kurczewski 2014-05-02 09:07:22 +02:00
parent 334cca8197
commit 3cdaa85511
5 changed files with 30 additions and 8 deletions

View file

@ -7,12 +7,21 @@ class Api
return \Chibi\Database::transaction(function() use ($job, $jobArgs) return \Chibi\Database::transaction(function() use ($job, $jobArgs)
{ {
$job->prepare($jobArgs);
if ($job->requiresAuthentication()) if ($job->requiresAuthentication())
Access::assertAuthentication(); Access::assertAuthentication();
if ($job->requiresConfirmedEmail()) if ($job->requiresConfirmedEmail())
Access::assertEmailConfirmation(); Access::assertEmailConfirmation();
$p = $job->requiresPrivilege();
list ($privilege, $subPrivilege) = is_array($p)
? $p
: [$p, null];
if ($privilege !== null)
Access::assert($privilege, $subPrivilege);
return $job->execute($jobArgs); return $job->execute($jobArgs);
}); });
} }

View file

@ -1,6 +1,10 @@
<?php <?php
abstract class AbstractJob abstract class AbstractJob
{ {
public function prepare($arguments)
{
}
public abstract function execute($arguments); public abstract function execute($arguments);
public abstract function requiresAuthentication(); public abstract function requiresAuthentication();

View file

@ -3,8 +3,8 @@ class AddCommentJob extends AbstractJob
{ {
public function execute($arguments) public function execute($arguments)
{ {
$post = PostModel::findById($arguments['post-id']);
$user = Auth::getCurrentUser(); $user = Auth::getCurrentUser();
$post = PostModel::findById($arguments['post-id']);
$text = CommentModel::validateText($arguments['text']); $text = CommentModel::validateText($arguments['text']);
$comment = CommentModel::spawn(); $comment = CommentModel::spawn();
@ -15,7 +15,7 @@ class AddCommentJob extends AbstractJob
CommentModel::save($comment); CommentModel::save($comment);
LogHelper::log('{user} commented on {post}', [ LogHelper::log('{user} commented on {post}', [
'user' => TextHelper::reprUser(Auth::getCurrentUser()), 'user' => TextHelper::reprUser($user),
'post' => TextHelper::reprPost($comment->getPost()->id)]); 'post' => TextHelper::reprPost($comment->getPost()->id)]);
return $comment; return $comment;

View file

@ -1,18 +1,24 @@
<?php <?php
class EditCommentJob extends AbstractJob class EditCommentJob extends AbstractJob
{ {
protected $comment;
public function prepare($arguments)
{
$this->comment = CommentModel::findById($arguments['comment-id']);
}
public function execute($arguments) public function execute($arguments)
{ {
$user = Auth::getCurrentUser(); $user = Auth::getCurrentUser();
$comment = CommentModel::findById($arguments['comment-id']); $comment = $this->comment;
$text = CommentModel::validateText($arguments['text']);
$comment->commentDate = time(); $comment->commentDate = time();
$comment->text = $text; $comment->text = CommentModel::validateText($arguments['text']);
CommentModel::save($comment); CommentModel::save($comment);
LogHelper::log('{user} edited comment in {post}', [ LogHelper::log('{user} edited comment in {post}', [
'user' => TextHelper::reprUser(Auth::getCurrentUser()), 'user' => TextHelper::reprUser($user),
'post' => TextHelper::reprPost($comment->getPost())]); 'post' => TextHelper::reprPost($comment->getPost())]);
return $comment; return $comment;
@ -20,7 +26,11 @@ class EditCommentJob extends AbstractJob
public function requiresPrivilege() public function requiresPrivilege()
{ {
return Privilege::EditComment; return
[
Privilege::EditComment,
Access::getIdentity($this->comment->getCommenter())
];
} }
public function requiresAuthentication() public function requiresAuthentication()

View file

@ -10,7 +10,6 @@ class PreviewCommentJob extends AbstractJob
$comment->setCommenter($user); $comment->setCommenter($user);
$comment->commentDate = time(); $comment->commentDate = time();
$comment->text = $text; $comment->text = $text;
return $comment; return $comment;
} }