Exemple #1
0
 /**
  * Checks whether or not this user has access for a particular authorization hook.
  *
  * Determine if this user has access to the given $hook under the given $params.
  * @param string $hook The authorization hook to check for access.
  * @param array $params[optional] An array of field names => values, specifying any additional data to provide the authorization module
  * when determining whether or not this user has access.
  * @return boolean True if the user has access, false otherwise.
  */
 public function checkAccess($hook, $params = [])
 {
     if ($this->isGuest()) {
         // TODO: do we sometimes want to allow access to protected resources for guests?  Should we model a "guest" group?
         return false;
     }
     // The master (root) account has access to everything.
     if ($this->id == static::$app->config('user_id_master')) {
         // Need to use loose comparison for now, because some DBs return `id` as a string
         return true;
     }
     // Try to find an authorization rule for $hook that matches the currently logged-in user, or one of their groups.
     $rule = UserAuth::fetchUserAuthHook($this->id, $hook);
     if (empty($rule)) {
         $pass = false;
     } else {
         $ace = new AccessConditionExpression(static::$app);
         // TODO: should we have to pass the app in, or just make it available statically?
         $pass = $ace->evaluateCondition($rule['conditions'], $params);
     }
     // If no user-specific rule is passed, look for a group-level rule
     if (!$pass) {
         $ace = new AccessConditionExpression(static::$app);
         $groups = $this->getGroupIds();
         foreach ($groups as $group_id) {
             // Try to find an authorization rule for $hook that matches this group
             $rule = GroupAuth::fetchGroupAuthHook($group_id, $hook);
             if (!$rule) {
                 continue;
             }
             $pass = $ace->evaluateCondition($rule['conditions'], $params);
             if ($pass) {
                 break;
             }
         }
     }
     return $pass;
 }
Exemple #2
0
    $controller->configJS();
});
// Theme CSS
$app->get('/css/theme.css', function () use($app) {
    $controller = new UF\BaseController($app);
    $controller->themeCSS();
});
// Not found page (404)
$app->notFound(function () use($app) {
    if ($app->request->isGet()) {
        $controller = new UF\BaseController($app);
        $controller->page404();
    } else {
        $app->alerts->addMessageTranslated("danger", "SERVER_ERROR");
    }
});
$app->get('/test/auth', function () use($app) {
    if (0 == "php") {
        echo "0 = php";
    }
    $params = ["user" => ["id" => 1], "post" => ["id" => 7]];
    $conditions = "(equals(self.id,user.id)||hasPost(self.id,post.id))&&subset(post, [\"id\", \"title\", \"content\", \"subject\", 3])";
    $ace = new UF\AccessConditionExpression($app);
    $result = $ace->evaluateCondition($conditions, $params);
    if ($result) {
        echo "Passed {$conditions}";
    } else {
        echo "Failed {$conditions}";
    }
});
$app->run();