Moved permission checks to Authenticator class

main
Igor Scheller 6 years ago committed by msquare
parent 951828a4f1
commit c33940f64a

@ -78,9 +78,7 @@ function angeltypes_about_controller()
*/ */
function angeltype_delete_controller() function angeltype_delete_controller()
{ {
global $privileges; if (!auth()->can('admin_angel_types')) {
if (!in_array('admin_angel_types', $privileges)) {
redirect(page_link_to('angeltypes')); redirect(page_link_to('angeltypes'));
} }
@ -105,10 +103,8 @@ function angeltype_delete_controller()
*/ */
function angeltype_edit_controller() function angeltype_edit_controller()
{ {
global $privileges;
// In supporter mode only allow to modify description // In supporter mode only allow to modify description
$supporter_mode = !in_array('admin_angel_types', $privileges); $supporter_mode = !auth()->can('admin_angel_types');
$request = request(); $request = request();
if ($request->has('angeltype_id')) { if ($request->has('angeltype_id')) {
@ -178,10 +174,9 @@ function angeltype_edit_controller()
*/ */
function angeltype_controller() function angeltype_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
if (!in_array('angeltypes', $privileges)) { if (!auth()->can('angeltypes')) {
redirect(page_link_to('/')); redirect(page_link_to('/'));
} }
@ -210,8 +205,8 @@ function angeltype_controller()
$angeltype, $angeltype,
$members, $members,
$user_angeltype, $user_angeltype,
in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'], auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'],
in_array('admin_angel_types', $privileges), auth()->can('admin_angel_types'),
$user_angeltype['supporter'], $user_angeltype['supporter'],
$user_driver_license, $user_driver_license,
$user, $user,
@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype)
*/ */
function angeltype_controller_shiftsFilter($angeltype, $days) function angeltype_controller_shiftsFilter($angeltype, $days)
{ {
global $privileges;
$request = request(); $request = request();
$shiftsFilter = new ShiftsFilter( $shiftsFilter = new ShiftsFilter(
in_array('user_shifts_admin', $privileges), auth()->can('user_shifts_admin'),
Room_ids(), Room_ids(),
[$angeltype['id']] [$angeltype['id']]
); );
@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days)
*/ */
function angeltypes_list_controller() function angeltypes_list_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
if (!in_array('angeltypes', $privileges)) { if (!auth()->can('angeltypes')) {
redirect(page_link_to('/')); redirect(page_link_to('/'));
} }
@ -296,7 +288,7 @@ function angeltypes_list_controller()
) )
]; ];
if (in_array('admin_angel_types', $privileges)) { if (auth()->can('admin_angel_types')) {
$actions[] = button( $actions[] = button(
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
__('edit'), __('edit'),
@ -340,7 +332,7 @@ function angeltypes_list_controller()
return [ return [
angeltypes_title(), angeltypes_title(),
AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges)) AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types'))
]; ];
} }

@ -16,9 +16,7 @@ function event_config_title()
*/ */
function event_config_edit_controller() function event_config_edit_controller()
{ {
global $privileges; if (!auth()->can('admin_event_config')) {
if (!in_array('admin_event_config', $privileges)) {
redirect(page_link_to('/')); redirect(page_link_to('/'));
} }

@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer;
*/ */
function room_controller() function room_controller()
{ {
global $privileges; if (!auth()->can('view_rooms')) {
if (!in_array('view_rooms', $privileges)) {
redirect(page_link_to()); redirect(page_link_to());
} }

@ -35,7 +35,6 @@ function shift_entries_controller()
*/ */
function shift_entry_create_controller() function shift_entry_create_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -50,7 +49,7 @@ function shift_entry_create_controller()
$angeltype = AngelType($request->input('angeltype_id')); $angeltype = AngelType($request->input('angeltype_id'));
if (in_array('user_shifts_admin', $privileges)) { if (auth()->can('user_shifts_admin')) {
return shift_entry_create_controller_admin($shift, $angeltype); return shift_entry_create_controller_admin($shift, $angeltype);
} }

@ -43,13 +43,11 @@ function shift_edit_link($shift)
*/ */
function shift_edit_controller() function shift_edit_controller()
{ {
global $privileges;
$msg = ''; $msg = '';
$valid = true; $valid = true;
$request = request(); $request = request();
if (!in_array('admin_shifts', $privileges)) { if (!auth()->can('admin_shifts')) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
@ -203,10 +201,9 @@ function shift_edit_controller()
*/ */
function shift_delete_controller() function shift_delete_controller()
{ {
global $privileges;
$request = request(); $request = request();
if (!in_array('user_shifts_admin', $privileges)) { if (!auth()->can('user_shifts_admin')) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
@ -253,11 +250,10 @@ function shift_delete_controller()
*/ */
function shift_controller() function shift_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
if (!in_array('user_shifts', $privileges)) { if (!auth()->can('user_shifts')) {
redirect(page_link_to('/')); redirect(page_link_to('/'));
} }
@ -332,9 +328,7 @@ function shifts_controller()
*/ */
function shift_next_controller() function shift_next_controller()
{ {
global $privileges; if (!auth()->can('user_shifts')) {
if (!in_array('user_shifts', $privileges)) {
redirect(page_link_to('/')); redirect(page_link_to('/'));
} }
@ -363,7 +357,7 @@ function shifts_json_export_controller()
if (!$user) { if (!$user) {
engelsystem_error('Key invalid.'); engelsystem_error('Key invalid.');
} }
if (!in_array('shifts_json_export', privileges_for_user($user->id))) { if (!auth()->can('shifts_json_export')) {
engelsystem_error('No privilege for shifts_json_export.'); engelsystem_error('No privilege for shifts_json_export.');
} }

@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller()
*/ */
function user_angeltypes_confirm_all_controller() function user_angeltypes_confirm_all_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller()
redirect(page_link_to('angeltypes')); redirect(page_link_to('angeltypes'));
} }
if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) { if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) {
error(__('You are not allowed to confirm all users for this angeltype.')); error(__('You are not allowed to confirm all users for this angeltype.'));
redirect(page_link_to('angeltypes')); redirect(page_link_to('angeltypes'));
} }
@ -235,11 +234,10 @@ function user_angeltype_delete_controller()
*/ */
function user_angeltype_update_controller() function user_angeltype_update_controller()
{ {
global $privileges;
$supporter = false; $supporter = false;
$request = request(); $request = request();
if (!in_array('admin_angel_types', $privileges)) { if (!auth()->can('admin_angel_types')) {
error(__('You are not allowed to set supporter rights.')); error(__('You are not allowed to set supporter rights.'));
redirect(page_link_to('angeltypes')); redirect(page_link_to('angeltypes'));
} }
@ -360,7 +358,6 @@ function user_angeltype_add_controller()
*/ */
function user_angeltype_join_controller($angeltype) function user_angeltype_join_controller($angeltype)
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype); $user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype);
@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype)
)); ));
success($success_message); success($success_message);
if (in_array('admin_user_angeltypes', $privileges)) { if (auth()->can('admin_user_angeltypes')) {
UserAngelType_confirm($user_angeltype_id, $user->id); UserAngelType_confirm($user_angeltype_id, $user->id);
engelsystem_log(sprintf( engelsystem_log(sprintf(
'User %s confirmed as %s.', 'User %s confirmed as %s.',

@ -96,13 +96,12 @@ function user_driver_license_load_user()
*/ */
function user_driver_license_edit_controller() function user_driver_license_edit_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
$user_source = user_driver_license_load_user(); $user_source = user_driver_license_load_user();
// only privilege admin_user can edit other users driver license information // only privilege admin_user can edit other users driver license information
if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) { if ($user->id != $user_source->id && !auth()->can('admin_user')) {
redirect(user_driver_license_edit_link()); redirect(user_driver_license_edit_link());
} }

@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = [])
*/ */
function user_worklog_controller() function user_worklog_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
if (!in_array('admin_user_worklog', $privileges)) { if (!auth()->can('admin_user_worklog')) {
redirect(user_link($user->id)); redirect(user_link($user->id));
} }

@ -46,7 +46,6 @@ function users_controller()
*/ */
function user_delete_controller() function user_delete_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -56,7 +55,7 @@ function user_delete_controller()
$user_source = $user; $user_source = $user;
} }
if (!in_array('admin_user', $privileges)) { if (!auth()->can('admin_user')) {
redirect(page_link_to('')); redirect(page_link_to(''));
} }
@ -138,7 +137,6 @@ function user_link($userId)
*/ */
function user_edit_vouchers_controller() function user_edit_vouchers_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -148,7 +146,7 @@ function user_edit_vouchers_controller()
$user_source = $user; $user_source = $user;
} }
if (!in_array('admin_user', $privileges)) { if (!auth()->can('admin_user')) {
redirect(page_link_to('')); redirect(page_link_to(''));
} }
@ -190,7 +188,6 @@ function user_edit_vouchers_controller()
*/ */
function user_controller() function user_controller()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -203,7 +200,7 @@ function user_controller()
} }
} }
$shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges)); $shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin'));
foreach ($shifts as &$shift) { foreach ($shifts as &$shift) {
// TODO: Move queries to model // TODO: Move queries to model
$shift['needed_angeltypes'] = DB::select(' $shift['needed_angeltypes'] = DB::select('
@ -242,15 +239,15 @@ function user_controller()
$user_source->name, $user_source->name,
User_view( User_view(
$user_source, $user_source,
in_array('admin_user', $privileges), auth()->can('admin_user'),
User_is_freeloader($user_source), User_is_freeloader($user_source),
User_angeltypes($user_source->id), User_angeltypes($user_source->id),
User_groups($user_source->id), User_groups($user_source->id),
$shifts, $shifts,
$user->id == $user_source->id, $user->id == $user_source->id,
$tshirt_score, $tshirt_score,
in_array('admin_active', $privileges), auth()->can('admin_active'),
in_array('admin_user_worklog', $privileges), auth()->can('admin_user_worklog'),
UserWorkLogsForUser($user_source->id) UserWorkLogsForUser($user_source->id)
) )
]; ];
@ -263,10 +260,9 @@ function user_controller()
*/ */
function users_list_controller() function users_list_controller()
{ {
global $privileges;
$request = request(); $request = request();
if (!in_array('admin_user', $privileges)) { if (!auth()->can('admin_user')) {
redirect(page_link_to('')); redirect(page_link_to(''));
} }

@ -21,9 +21,3 @@ if ($app->get('config')->get('maintenance')) {
echo $maintenance; echo $maintenance;
die(); die();
} }
/**
* Init authorization
*/
load_auth();

@ -422,17 +422,16 @@ function Shift_signup_allowed_admin($needed_angeltype, $shift_entries)
*/ */
function Shift_signout_allowed($shift, $angeltype, $signout_user_id) function Shift_signout_allowed($shift, $angeltype, $signout_user_id)
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
// user shifts admin can sign out any user at any time // user shifts admin can sign out any user at any time
if (in_array('user_shifts_admin', $privileges)) { if (auth()->can('user_shifts_admin')) {
return true; return true;
} }
// angeltype supporter can sign out any user at any time from their supported angeltype // angeltype supporter can sign out any user at any time from their supported angeltype
if ( if (
in_array('shiftentry_edit_angeltype_supporter', $privileges) auth()->can('shiftentry_edit_angeltype_supporter')
&& User_is_AngelType_supporter($user, $angeltype) && User_is_AngelType_supporter($user, $angeltype)
) { ) {
return true; return true;
@ -466,14 +465,12 @@ function Shift_signup_allowed(
$needed_angeltype, $needed_angeltype,
$shift_entries $shift_entries
) { ) {
global $privileges; if (auth()->can('user_shifts_admin')) {
if (in_array('user_shifts_admin', $privileges)) {
return Shift_signup_allowed_admin($needed_angeltype, $shift_entries); return Shift_signup_allowed_admin($needed_angeltype, $shift_entries);
} }
if ( if (
in_array('shiftentry_edit_angeltype_supporter', $privileges) auth()->can('shiftentry_edit_angeltype_supporter')
&& User_is_AngelType_supporter(auth()->user(), $angeltype) && User_is_AngelType_supporter(auth()->user(), $angeltype)
) { ) {
return Shift_signup_allowed_angeltype_supporter($needed_angeltype, $shift_entries); return Shift_signup_allowed_angeltype_supporter($needed_angeltype, $shift_entries);

@ -17,7 +17,6 @@ function admin_free_title()
*/ */
function admin_free() function admin_free()
{ {
global $privileges;
$request = request(); $request = request();
$search = ''; $search = '';
@ -88,7 +87,7 @@ function admin_free()
'dect' => $usr->contact->dect, 'dect' => $usr->contact->dect,
'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'), 'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'),
'actions' => 'actions' =>
in_array('admin_user', $privileges) auth()->can('admin_user')
? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs') ? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs')
: '' : ''
]; ];

@ -8,7 +8,6 @@ use Engelsystem\Models\User\User;
*/ */
function admin_news() function admin_news()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
@ -32,7 +31,7 @@ function admin_news()
case 'edit': case 'edit':
$user_source = User::find($news['UID']); $user_source = User::find($news['UID']);
if ( if (
!in_array('admin_news_html', $privileges) !auth()->can('admin_news_html')
&& strip_tags($news['Text']) != $news['Text'] && strip_tags($news['Text']) != $news['Text']
) { ) {
$html .= warning( $html .= warning(
@ -62,7 +61,7 @@ function admin_news()
case 'save': case 'save':
$text = $request->postData('eText'); $text = $request->postData('eText');
if (!in_array('admin_news_html', $privileges)) { if (!auth()->can('admin_news_html')) {
$text = strip_tags($text); $text = strip_tags($text);
} }

@ -18,10 +18,10 @@ function admin_questions_title()
*/ */
function admin_new_questions() function admin_new_questions()
{ {
global $privileges, $page; global $page;
if ($page != 'admin_questions') { if ($page != 'admin_questions') {
if (in_array('admin_questions', $privileges)) { if (auth()->can('admin_questions')) {
$new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL')); $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
if ($new_messages > 0) { if ($new_messages > 0) {

@ -16,7 +16,6 @@ function admin_user_title()
*/ */
function admin_user() function admin_user()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$tshirt_sizes = config('tshirt_sizes'); $tshirt_sizes = config('tshirt_sizes');
$request = request(); $request = request();
@ -83,7 +82,7 @@ function admin_user()
$html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n"; $html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n";
// Aktiv erzwingen // Aktiv erzwingen
if (in_array('admin_active', $privileges)) { if (auth()->can('admin_active')) {
$html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n"; $html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n";
$html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n"; $html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n";
} }
@ -249,7 +248,7 @@ function admin_user()
case 'save': case 'save':
$force_active = $user->state->force_active; $force_active = $user->state->force_active;
$user_source = User::find($user_id); $user_source = User::find($user_id);
if (in_array('admin_active', $privileges)) { if (auth()->can('admin_active')) {
$force_active = $request->input('force_active'); $force_active = $request->input('force_active');
} }
if ($user_source->settings->email_human) { if ($user_source->settings->email_human) {

@ -39,7 +39,6 @@ function logout_title()
*/ */
function guest_register() function guest_register()
{ {
global $privileges;
$authUser = auth()->user(); $authUser = auth()->user();
$tshirt_sizes = config('tshirt_sizes'); $tshirt_sizes = config('tshirt_sizes');
$enable_tshirt_size = config('enable_tshirt_size'); $enable_tshirt_size = config('enable_tshirt_size');
@ -71,7 +70,7 @@ function guest_register()
} }
} }
if (!in_array('register', $privileges) || (!$authUser && !config('registration_enabled'))) { if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) {
error(__('Registration is disabled.')); error(__('Registration is disabled.'));
return page_with_title(register_title(), [ return page_with_title(register_title(), [
@ -472,9 +471,7 @@ function guest_login()
*/ */
function get_register_hint() function get_register_hint()
{ {
global $privileges; if (auth()->can('register') && config('registration_enabled')) {
if (in_array('register', $privileges) && config('registration_enabled')) {
return join('', [ return join('', [
'<p>' . __('Please sign up, if you want to help us!') . '</p>', '<p>' . __('Please sign up, if you want to help us!') . '</p>',
buttons([ buttons([

@ -17,7 +17,7 @@ function user_atom()
if (empty($user)) { if (empty($user)) {
engelsystem_error('Key invalid.'); engelsystem_error('Key invalid.');
} }
if (!in_array('atom', privileges_for_user($user->id))) { if (!auth()->can('atom')) {
engelsystem_error('No privilege for atom.'); engelsystem_error('No privilege for atom.');
} }

@ -15,7 +15,7 @@ function user_ical()
if (!$user) { if (!$user) {
engelsystem_error('Key invalid.'); engelsystem_error('Key invalid.');
} }
if (!in_array('ical', privileges_for_user($user->id))) { if (!auth()->can('ical')) {
engelsystem_error('No privilege for ical.'); engelsystem_error('No privilege for ical.');
} }

@ -18,13 +18,12 @@ function myshifts_title()
*/ */
function user_myshifts() function user_myshifts()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$request = request(); $request = request();
if ( if (
$request->has('id') $request->has('id')
&& in_array('user_shifts_admin', $privileges) && auth()->can('user_shifts_admin')
&& preg_match('/^\d{1,}$/', $request->input('id')) && preg_match('/^\d{1,}$/', $request->input('id'))
&& User::find($request->input('id')) && User::find($request->input('id'))
) { ) {
@ -79,7 +78,7 @@ function user_myshifts()
if ($request->hasPostData('submit')) { if ($request->hasPostData('submit')) {
$valid = true; $valid = true;
if (in_array('user_shifts_admin', $privileges)) { if (auth()->can('user_shifts_admin')) {
$freeloaded = $request->has('freeloaded'); $freeloaded = $request->has('freeloaded');
$freeload_comment = strip_request_item_nl('freeload_comment'); $freeload_comment = strip_request_item_nl('freeload_comment');
if ($freeloaded && $freeload_comment == '') { if ($freeloaded && $freeload_comment == '') {
@ -120,7 +119,7 @@ function user_myshifts()
$shift['Comment'], $shift['Comment'],
$shift['freeloaded'], $shift['freeloaded'],
$shift['freeload_comment'], $shift['freeload_comment'],
in_array('user_shifts_admin', $privileges) auth()->can('user_shifts_admin')
); );
} else { } else {
redirect(page_link_to('user_myshifts')); redirect(page_link_to('user_myshifts'));

@ -91,7 +91,7 @@ function news_text($news)
*/ */
function display_news($news) function display_news($news)
{ {
global $privileges, $page; global $page;
$html = ''; $html = '';
$html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">'; $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
@ -101,7 +101,7 @@ function display_news($news)
$html .= '<div class="panel-body">' . news_text($news) . '</div>'; $html .= '<div class="panel-body">' . news_text($news) . '</div>';
$html .= '<div class="panel-footer text-muted">'; $html .= '<div class="panel-footer text-muted">';
if (in_array('admin_news', $privileges)) { if (auth()->can('admin_news')) {
$html .= '<div class="pull-right">' $html .= '<div class="pull-right">'
. button_glyph( . button_glyph(
page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]),
@ -198,7 +198,6 @@ function user_news_comments()
*/ */
function user_news() function user_news()
{ {
global $privileges;
$user = auth()->user(); $user = auth()->user();
$display_news = config('display_news'); $display_news = config('display_news');
$request = request(); $request = request();
@ -206,13 +205,13 @@ function user_news()
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
$isMeeting = $request->postData('treffen'); $isMeeting = $request->postData('treffen');
if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { if ($request->has('text') && $request->has('betreff') && auth()->can('admin_news')) {
if (!$request->has('treffen')) { if (!$request->has('treffen')) {
$isMeeting = 0; $isMeeting = 0;
} }
$text = $request->postData('text'); $text = $request->postData('text');
if (!in_array('admin_news_html', $privileges)) { if (!auth()->can('admin_news_html')) {
$text = strip_tags($text); $text = strip_tags($text);
} }
@ -266,7 +265,7 @@ function user_news()
} }
$html .= '</ul></div>'; $html .= '</ul></div>';
if (in_array('admin_news', $privileges)) { if (auth()->can('admin_news')) {
$html .= '<hr />'; $html .= '<hr />';
$html .= '<h2>' . __('Create news:') . '</h2>'; $html .= '<h2>' . __('Create news:') . '</h2>';

@ -168,7 +168,7 @@ function load_types()
*/ */
function view_user_shifts() function view_user_shifts()
{ {
global $privileges, $ical_shifts; global $ical_shifts;
$user = auth()->user(); $user = auth()->user();
$session = session(); $session = session();
@ -182,13 +182,13 @@ function view_user_shifts()
$rooms[0]['id'] $rooms[0]['id']
]; ];
$type_ids = array_map('get_ids_from_array', $types); $type_ids = array_map('get_ids_from_array', $types);
$shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); $shiftsFilter = new ShiftsFilter(auth()->can('user_shifts_admin'), $room_ids, $type_ids);
$session->set('shifts-filter', $shiftsFilter->sessionExport()); $session->set('shifts-filter', $shiftsFilter->sessionExport());
} }
$shiftsFilter = new ShiftsFilter(); $shiftsFilter = new ShiftsFilter();
$shiftsFilter->sessionImport($session->get('shifts-filter')); $shiftsFilter->sessionImport($session->get('shifts-filter'));
update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); update_ShiftsFilter($shiftsFilter, auth()->can('user_shifts_admin'), $days);
$session->set('shifts-filter', $shiftsFilter->sessionExport()); $session->set('shifts-filter', $shiftsFilter->sessionExport());
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);

@ -1,35 +1,8 @@
<?php <?php
use Carbon\Carbon;
use Engelsystem\Database\DB; use Engelsystem\Database\DB;
use Engelsystem\Models\User\User; use Engelsystem\Models\User\User;
/**
* Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
*/
function load_auth()
{
global $privileges;
$session = session();
if ($session->has('uid')) {
$user = auth()->user();
if ($user) {
$user->last_login_at = new Carbon();
$user->save();
$privileges = privileges_for_user($user->id);
return;
}
$session->remove('uid');
}
// guest privileges
$privileges = privileges_for_group(-10);
}
/** /**
* generate a salt (random string) of arbitrary length suitable for the use with crypt() * generate a salt (random string) of arbitrary length suitable for the use with crypt()
* *

@ -45,15 +45,15 @@ function header_render_hints()
*/ */
function make_user_submenu() function make_user_submenu()
{ {
global $privileges, $page; global $page;
$user_submenu = make_language_select(); $user_submenu = make_language_select();
if (in_array('user_settings', $privileges) || in_array('logout', $privileges)) { if (auth()->can('user_settings') || auth()->can('logout')) {
$user_submenu[] = toolbar_item_divider(); $user_submenu[] = toolbar_item_divider();
} }
if (in_array('user_settings', $privileges)) { if (auth()->can('user_settings')) {
$user_submenu[] = toolbar_item_link( $user_submenu[] = toolbar_item_link(
page_link_to('user_settings'), page_link_to('user_settings'),
'list-alt', 'list-alt',
@ -62,7 +62,7 @@ function make_user_submenu()
); );
} }
if (in_array('logout', $privileges)) { if (auth()->can('logout')) {
$user_submenu[] = toolbar_item_link( $user_submenu[] = toolbar_item_link(
page_link_to('logout'), page_link_to('logout'),
'log-out', 'log-out',
@ -79,7 +79,7 @@ function make_user_submenu()
*/ */
function make_navigation() function make_navigation()
{ {
global $page, $privileges; global $page;
$menu = []; $menu = [];
$pages = [ $pages = [
@ -91,7 +91,7 @@ function make_navigation()
]; ];
foreach ($pages as $menu_page => $title) { foreach ($pages as $menu_page => $title) {
if (in_array($menu_page, $privileges)) { if (auth()->can($menu_page)) {
$menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page); $menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page);
} }
} }
@ -115,7 +115,7 @@ function make_navigation()
]; ];
foreach ($admin_pages as $menu_page => $title) { foreach ($admin_pages as $menu_page => $title) {
if (in_array($menu_page, $privileges)) { if (auth()->can($menu_page)) {
$admin_menu[] = toolbar_item_link( $admin_menu[] = toolbar_item_link(
page_link_to($menu_page), page_link_to($menu_page),
'', '',
@ -140,16 +140,14 @@ function make_navigation()
*/ */
function make_room_navigation($menu) function make_room_navigation($menu)
{ {
global $privileges; if (!auth()->can('view_rooms')) {
if (!in_array('view_rooms', $privileges)) {
return $menu; return $menu;
} }
// Get a list of all rooms // Get a list of all rooms
$rooms = Rooms(); $rooms = Rooms();
$room_menu = []; $room_menu = [];
if (in_array('admin_rooms', $privileges)) { if (auth()->can('admin_rooms')) {
$room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', __('Manage rooms')); $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', __('Manage rooms'));
} }
if (count($room_menu) > 0) { if (count($room_menu) > 0) {

@ -564,14 +564,12 @@ function AngelTypes_about_view_angeltype($angeltype)
*/ */
function AngelTypes_about_view($angeltypes, $user_logged_in) function AngelTypes_about_view($angeltypes, $user_logged_in)
{ {
global $privileges;
$buttons = []; $buttons = [];
if ($user_logged_in) { if ($user_logged_in) {
$buttons[] = button(page_link_to('angeltypes'), angeltypes_title(), 'back'); $buttons[] = button(page_link_to('angeltypes'), angeltypes_title(), 'back');
} else { } else {
if (in_array('register', $privileges) && config('registration_enabled')) { if (auth()->can('register') && config('registration_enabled')) {
$buttons[] = button(page_link_to('register'), register_title()); $buttons[] = button(page_link_to('register'), register_title());
} }

@ -64,9 +64,7 @@ function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalen
*/ */
function Room_name_render($room) function Room_name_render($room)
{ {
global $privileges; if (auth()->can('view_rooms')) {
if (in_array('view_rooms', $privileges)) {
return '<a href="' . room_link($room) . '">' . glyph('map-marker') . $room['Name'] . '</a>'; return '<a href="' . room_link($room) . '">' . glyph('map-marker') . $room['Name'] . '</a>';
} }

@ -97,8 +97,6 @@ class ShiftCalendarShiftRenderer
*/ */
private function renderShiftNeededAngeltypes($shift, $needed_angeltypes, $shift_entries, $user) private function renderShiftNeededAngeltypes($shift, $needed_angeltypes, $shift_entries, $user)
{ {
global $privileges;
$shift_entries_filtered = []; $shift_entries_filtered = [];
foreach ($needed_angeltypes as $needed_angeltype) { foreach ($needed_angeltypes as $needed_angeltype) {
$shift_entries_filtered[$needed_angeltype['id']] = []; $shift_entries_filtered[$needed_angeltype['id']] = [];
@ -130,7 +128,7 @@ class ShiftCalendarShiftRenderer
$shift_signup_state = new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, 0); $shift_signup_state = new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, 0);
} }
if (in_array('user_shifts_admin', $privileges)) { if (auth()->can('user_shifts_admin')) {
$html .= '<li class="list-group-item">'; $html .= '<li class="list-group-item">';
$html .= button(shift_entry_create_link_admin($shift), $html .= button(shift_entry_create_link_admin($shift),
glyph('plus') . __('Add more angels'), glyph('plus') . __('Add more angels'),
@ -253,10 +251,8 @@ class ShiftCalendarShiftRenderer
*/ */
private function renderShiftHead($shift, $class) private function renderShiftHead($shift, $class)
{ {
global $privileges;
$header_buttons = ''; $header_buttons = '';
if (in_array('admin_shifts', $privileges)) { if (auth()->can('admin_shifts')) {
$header_buttons = '<div class="pull-right">' . table_buttons([ $header_buttons = '<div class="pull-right">' . table_buttons([
button( button(
page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), page_link_to('user_shifts', ['edit_shift' => $shift['SID']]),

@ -6,8 +6,7 @@
*/ */
function ShiftType_name_render($shifttype) function ShiftType_name_render($shifttype)
{ {
global $privileges; if (auth()->can('shifttypes')) {
if (in_array('shifttypes', $privileges)) {
return '<a href="' . shifttype_link($shifttype) . '">' . $shifttype['name'] . '</a>'; return '<a href="' . shifttype_link($shifttype) . '">' . $shifttype['name'] . '</a>';
} }
return $shifttype['name']; return $shifttype['name'];

@ -102,12 +102,10 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null)
*/ */
function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupState $shift_signup_state) function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupState $shift_signup_state)
{ {
global $privileges; $shift_admin = auth()->can('admin_shifts');
$user_shift_admin = auth()->can('user_shifts_admin');
$shift_admin = in_array('admin_shifts', $privileges); $admin_rooms = auth()->can('admin_rooms');
$user_shift_admin = in_array('user_shifts_admin', $privileges); $admin_shifttypes = auth()->can('shifttypes');
$admin_rooms = in_array('admin_rooms', $privileges);
$admin_shifttypes = in_array('shifttypes', $privileges);
$parsedown = new Parsedown(); $parsedown = new Parsedown();

@ -352,8 +352,6 @@ function User_view_shiftentries($needed_angel_type)
*/ */
function User_view_myshift($shift, $user_source, $its_me) function User_view_myshift($shift, $user_source, $its_me)
{ {
global $privileges;
$shift_info = '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>'; $shift_info = '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>';
if ($shift['title']) { if ($shift['title']) {
$shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift['title'] . '</a>'; $shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift['title'] . '</a>';
@ -382,7 +380,7 @@ function User_view_myshift($shift, $user_source, $its_me)
$myshift['duration'] = '<p class="text-danger">' $myshift['duration'] = '<p class="text-danger">'
. round(-($shift['end'] - $shift['start']) / 3600 * 2, 2) . '&nbsp;h' . round(-($shift['end'] - $shift['start']) / 3600 * 2, 2) . '&nbsp;h'
. '</p>'; . '</p>';
if (in_array('user_shifts_admin', $privileges)) { if (auth()->can('user_shifts_admin')) {
$myshift['comment'] .= '<br />' $myshift['comment'] .= '<br />'
. '<p class="text-danger">' . __('Freeloaded') . ': ' . $shift['freeload_comment'] . '</p>'; . '<p class="text-danger">' . __('Freeloaded') . ': ' . $shift['freeload_comment'] . '</p>';
} else { } else {
@ -393,7 +391,7 @@ function User_view_myshift($shift, $user_source, $its_me)
$myshift['actions'] = [ $myshift['actions'] = [
button(shift_link($shift), glyph('eye-open') . __('view'), 'btn-xs') button(shift_link($shift), glyph('eye-open') . __('view'), 'btn-xs')
]; ];
if ($its_me || in_array('user_shifts_admin', $privileges)) { if ($its_me || auth()->can('user_shifts_admin')) {
$myshift['actions'][] = button( $myshift['actions'][] = button(
page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source->id]), page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source->id]),
glyph('edit') . __('edit'), glyph('edit') . __('edit'),

@ -2,6 +2,7 @@
namespace Engelsystem\Helpers; namespace Engelsystem\Helpers;
use Carbon\Carbon;
use Engelsystem\Models\User\User; use Engelsystem\Models\User\User;
use Engelsystem\Models\User\User as UserRepository; use Engelsystem\Models\User\User as UserRepository;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
@ -21,6 +22,9 @@ class Authenticator
/** @var UserRepository */ /** @var UserRepository */
protected $userRepository; protected $userRepository;
/** @var string[] */
protected $permissions;
/** /**
* @param ServerRequestInterface $request * @param ServerRequestInterface $request
* @param Session $session * @param Session $session
@ -90,4 +94,60 @@ class Authenticator
return $this->user; return $this->user;
} }
/**
* @param string[]|string $abilities
* @return bool
*/
public function can($abilities): bool
{
$abilities = (array)$abilities;
if (empty($this->permissions)) {
$userId = $this->session->get('uid');
if ($userId) {
if ($user = $this->user()) {
$this->permissions = $this->getPermissionsByUser($user);
$user->last_login_at = new Carbon();
$user->save();
} else {
$this->session->remove('uid');
}
}
if (empty($this->permissions)) {
$this->permissions = $this->getPermissionsByGroup(-10);
}
}
foreach ($abilities as $ability) {
if (!in_array($ability, $this->permissions)) {
return false;
}
}
return true;
}
/**
* @param User $user
* @return array
* @codeCoverageIgnore
*/
protected function getPermissionsByUser($user)
{
return privileges_for_user($user->id);
}
/**
* @param int $groupId
* @return array
* @codeCoverageIgnore
*/
protected function getPermissionsByGroup(int $groupId)
{
return privileges_for_group($groupId);
}
} }

@ -62,7 +62,6 @@ class LegacyMiddleware implements MiddlewareInterface
ServerRequestInterface $request, ServerRequestInterface $request,
RequestHandlerInterface $handler RequestHandlerInterface $handler
): ResponseInterface { ): ResponseInterface {
global $privileges;
global $page; global $page;
/** @var Request $appRequest */ /** @var Request $appRequest */
@ -79,10 +78,7 @@ class LegacyMiddleware implements MiddlewareInterface
$title = $content = ''; $title = $content = '';
if ( if (
preg_match('~^\w+$~i', $page) preg_match('~^\w+$~i', $page)
&& ( && (in_array($page, $this->free_pages) || $this->auth->can($page))
in_array($page, $this->free_pages)
|| (isset($privileges) && in_array($page, $privileges))
)
) { ) {
list($title, $content) = $this->loadPage($page); list($title, $content) = $this->loadPage($page);
} }

@ -27,7 +27,7 @@ class Authentication extends TwigExtension
return [ return [
new TwigFunction('is_user', [$this, 'isAuthenticated']), new TwigFunction('is_user', [$this, 'isAuthenticated']),
new TwigFunction('is_guest', [$this, 'isGuest']), new TwigFunction('is_guest', [$this, 'isGuest']),
new TwigFunction('has_permission_to', [$this, 'checkAuth']), new TwigFunction('has_permission_to', [$this->auth, 'can']),
]; ];
} }
@ -46,15 +46,4 @@ class Authentication extends TwigExtension
{ {
return !$this->isAuthenticated(); return !$this->isAuthenticated();
} }
/**
* @param $privilege
* @return bool
*/
public function checkAuth($privilege)
{
global $privileges;
return in_array($privilege, $privileges);
}
} }

@ -99,4 +99,56 @@ class AuthenticatorTest extends ServiceProviderTest
UserModelImplementation::$user = null; UserModelImplementation::$user = null;
$this->assertEquals($user, $auth->apiUser()); $this->assertEquals($user, $auth->apiUser());
} }
/**
* @covers \Engelsystem\Helpers\Authenticator::can
*/
public function testCan()
{
/** @var ServerRequestInterface|MockObject $request */
$request = $this->getMockForAbstractClass(ServerRequestInterface::class);
/** @var Session|MockObject $session */
$session = $this->createMock(Session::class);
/** @var UserModelImplementation|MockObject $userRepository */
$userRepository = new UserModelImplementation();
/** @var User|MockObject $user */
$user = $this->createMock(User::class);
$user->expects($this->once())
->method('save');
$session->expects($this->exactly(2))
->method('get')
->with('uid')
->willReturn(42);
$session->expects($this->once())
->method('remove')
->with('uid');
/** @var Authenticator|MockObject $auth */
$auth = $this->getMockBuilder(Authenticator::class)
->setConstructorArgs([$request, $session, $userRepository])
->setMethods(['getPermissionsByGroup', 'getPermissionsByUser', 'user'])
->getMock();
$auth->expects($this->exactly(1))
->method('getPermissionsByGroup')
->with(-10)
->willReturn([]);
$auth->expects($this->exactly(1))
->method('getPermissionsByUser')
->with($user)
->willReturn(['bar']);
$auth->expects($this->exactly(2))
->method('user')
->willReturnOnConsecutiveCalls(null, $user);
// No user, no permissions
$this->assertFalse($auth->can('foo'));
// User exists, has permissions
$this->assertTrue($auth->can('bar'));
// Permissions cached
$this->assertTrue($auth->can('bar'));
}
} }

@ -76,6 +76,9 @@ class LegacyMiddlewareTest extends TestCase
$auth->expects($this->atLeastOnce()) $auth->expects($this->atLeastOnce())
->method('user') ->method('user')
->willReturn(false); ->willReturn(false);
$auth->expects($this->atLeastOnce())
->method('can')
->willReturn(false);
$translator->expects($this->exactly(2)) $translator->expects($this->exactly(2))
->method('translate') ->method('translate')

@ -23,7 +23,7 @@ class AuthenticationTest extends ExtensionTest
$this->assertExtensionExists('is_user', [$extension, 'isAuthenticated'], $functions); $this->assertExtensionExists('is_user', [$extension, 'isAuthenticated'], $functions);
$this->assertExtensionExists('is_guest', [$extension, 'isGuest'], $functions); $this->assertExtensionExists('is_guest', [$extension, 'isGuest'], $functions);
$this->assertExtensionExists('has_permission_to', [$extension, 'checkAuth'], $functions); $this->assertExtensionExists('has_permission_to', [$auth, 'can'], $functions);
} }
/** /**
@ -53,23 +53,4 @@ class AuthenticationTest extends ExtensionTest
$this->assertTrue($extension->isAuthenticated()); $this->assertTrue($extension->isAuthenticated());
$this->assertFalse($extension->isGuest()); $this->assertFalse($extension->isGuest());
} }
/**
* @covers \Engelsystem\Renderer\Twig\Extensions\Authentication::checkAuth
*/
public function testCheckAuth()
{
global $privileges;
$privileges = [];
/** @var Authenticator|MockObject $auth */
$auth = $this->createMock(Authenticator::class);
$extension = new Authentication($auth);
$this->assertFalse($extension->checkAuth('foo.bar'));
$privileges = ['foo.bar'];
$this->assertTrue($extension->checkAuth('foo.bar'));
}
} }

Loading…
Cancel
Save