authService = $authService; if (isset($config->security->privileges)) { foreach ($config->security->privileges as $privilegeName => $allowedAccessRanks) { $allowedAccessRanks = array_filter(preg_split('/[;,\s]+/', $allowedAccessRanks)); foreach ($allowedAccessRanks as $allowedAccessRank) { if (!isset($this->privilegeMap[$allowedAccessRank])) $this->privilegeMap[$allowedAccessRank] = []; $this->privilegeMap[$allowedAccessRank] []= $privilegeName; } } } } public function getCurrentPrivileges() { $currentAccessRank = $this->authService->getLoggedInUser()->accessRank; $currentAccessRankName = \Szurubooru\Helpers\EnumHelper::accessRankToString($currentAccessRank); if (!isset($this->privilegeMap[$currentAccessRankName])) return []; return $this->privilegeMap[$currentAccessRankName]; } public function hasPrivilege($privilege) { return in_array($privilege, $this->getCurrentPrivileges()); } public function assertPrivilege($privilege) { if (!$this->hasPrivilege($privilege)) throw new \DomainException('Unprivileged operation'); } public function assertLoggedIn($userIdentifier) { if (!$this->isLoggedIn($userIdentifier)) throw new \DomainException('Unprivileged operation'); } public function isLoggedIn($userIdentifier) { $loggedInUser = $this->authService->getLoggedInUser(); if ($userIdentifier instanceof \Szurubooru\Entities\User) return $loggedInUser->name == $userIdentifier->name; elseif (is_string($userIdentifier)) return $loggedInUser->name == $userIdentifier; else throw new \InvalidArgumentException('Invalid user identifier.'); } }