diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-12 14:41:23 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
| commit | c33940f64a1e5b59afd700010247382f5b7b2df3 (patch) | |
| tree | 453b8810c90cd78e75a1425a4f4f002e585d121a /src | |
| parent | 951828a4f1175f99666a48629ea125640cc7c598 (diff) | |
Moved permission checks to Authenticator class
Diffstat (limited to 'src')
| -rw-r--r-- | src/Helpers/Authenticator.php | 60 | ||||
| -rw-r--r-- | src/Middleware/LegacyMiddleware.php | 6 | ||||
| -rw-r--r-- | src/Renderer/Twig/Extensions/Authentication.php | 13 |
3 files changed, 62 insertions, 17 deletions
diff --git a/src/Helpers/Authenticator.php b/src/Helpers/Authenticator.php index 3061fbc1..edceaa44 100644 --- a/src/Helpers/Authenticator.php +++ b/src/Helpers/Authenticator.php @@ -2,6 +2,7 @@ namespace Engelsystem\Helpers; +use Carbon\Carbon; use Engelsystem\Models\User\User; use Engelsystem\Models\User\User as UserRepository; use Psr\Http\Message\ServerRequestInterface; @@ -21,6 +22,9 @@ class Authenticator /** @var UserRepository */ protected $userRepository; + /** @var string[] */ + protected $permissions; + /** * @param ServerRequestInterface $request * @param Session $session @@ -90,4 +94,60 @@ class Authenticator return $this->user; } + + /** + * @param string[]|string $abilities + * @return bool + */ + public function can($abilities): bool + { + $abilities = (array)$abilities; + + if (empty($this->permissions)) { + $userId = $this->session->get('uid'); + + if ($userId) { + if ($user = $this->user()) { + $this->permissions = $this->getPermissionsByUser($user); + + $user->last_login_at = new Carbon(); + $user->save(); + } else { + $this->session->remove('uid'); + } + } + + if (empty($this->permissions)) { + $this->permissions = $this->getPermissionsByGroup(-10); + } + } + + foreach ($abilities as $ability) { + if (!in_array($ability, $this->permissions)) { + return false; + } + } + + return true; + } + + /** + * @param User $user + * @return array + * @codeCoverageIgnore + */ + protected function getPermissionsByUser($user) + { + return privileges_for_user($user->id); + } + + /** + * @param int $groupId + * @return array + * @codeCoverageIgnore + */ + protected function getPermissionsByGroup(int $groupId) + { + return privileges_for_group($groupId); + } } diff --git a/src/Middleware/LegacyMiddleware.php b/src/Middleware/LegacyMiddleware.php index ce1eadef..b1315fda 100644 --- a/src/Middleware/LegacyMiddleware.php +++ b/src/Middleware/LegacyMiddleware.php @@ -62,7 +62,6 @@ class LegacyMiddleware implements MiddlewareInterface ServerRequestInterface $request, RequestHandlerInterface $handler ): ResponseInterface { - global $privileges; global $page; /** @var Request $appRequest */ @@ -79,10 +78,7 @@ class LegacyMiddleware implements MiddlewareInterface $title = $content = ''; if ( preg_match('~^\w+$~i', $page) - && ( - in_array($page, $this->free_pages) - || (isset($privileges) && in_array($page, $privileges)) - ) + && (in_array($page, $this->free_pages) || $this->auth->can($page)) ) { list($title, $content) = $this->loadPage($page); } diff --git a/src/Renderer/Twig/Extensions/Authentication.php b/src/Renderer/Twig/Extensions/Authentication.php index 20ede828..538526da 100644 --- a/src/Renderer/Twig/Extensions/Authentication.php +++ b/src/Renderer/Twig/Extensions/Authentication.php @@ -27,7 +27,7 @@ class Authentication extends TwigExtension return [ new TwigFunction('is_user', [$this, 'isAuthenticated']), new TwigFunction('is_guest', [$this, 'isGuest']), - new TwigFunction('has_permission_to', [$this, 'checkAuth']), + new TwigFunction('has_permission_to', [$this->auth, 'can']), ]; } @@ -46,15 +46,4 @@ class Authentication extends TwigExtension { return !$this->isAuthenticated(); } - - /** - * @param $privilege - * @return bool - */ - public function checkAuth($privilege) - { - global $privileges; - - return in_array($privilege, $privileges); - } } |