/** * Checks whether or not this user has access for a particular authorization hook. * * Determine if this user has access to the given $hook under the given $params. * @param string $hook The authorization hook to check for access. * @param array $params[optional] An array of field names => values, specifying any additional data to provide the authorization module * when determining whether or not this user has access. * @return boolean True if the user has access, false otherwise. */ public function checkAccess($hook, $params = []) { if ($this->isGuest()) { // TODO: do we sometimes want to allow access to protected resources for guests? Should we model a "guest" group? return false; } // The master (root) account has access to everything. if ($this->id == static::$app->config('user_id_master')) { // Need to use loose comparison for now, because some DBs return `id` as a string return true; } // Try to find an authorization rule for $hook that matches the currently logged-in user, or one of their groups. $rule = UserAuth::fetchUserAuthHook($this->id, $hook); if (empty($rule)) { $pass = false; } else { $ace = new AccessConditionExpression(static::$app); // TODO: should we have to pass the app in, or just make it available statically? $pass = $ace->evaluateCondition($rule['conditions'], $params); } // If no user-specific rule is passed, look for a group-level rule if (!$pass) { $ace = new AccessConditionExpression(static::$app); $groups = $this->getGroupIds(); foreach ($groups as $group_id) { // Try to find an authorization rule for $hook that matches this group $rule = GroupAuth::fetchGroupAuthHook($group_id, $hook); if (!$rule) { continue; } $pass = $ace->evaluateCondition($rule['conditions'], $params); if ($pass) { break; } } } return $pass; }
$controller->configJS(); }); // Theme CSS $app->get('/css/theme.css', function () use($app) { $controller = new UF\BaseController($app); $controller->themeCSS(); }); // Not found page (404) $app->notFound(function () use($app) { if ($app->request->isGet()) { $controller = new UF\BaseController($app); $controller->page404(); } else { $app->alerts->addMessageTranslated("danger", "SERVER_ERROR"); } }); $app->get('/test/auth', function () use($app) { if (0 == "php") { echo "0 = php"; } $params = ["user" => ["id" => 1], "post" => ["id" => 7]]; $conditions = "(equals(self.id,user.id)||hasPost(self.id,post.id))&&subset(post, [\"id\", \"title\", \"content\", \"subject\", 3])"; $ace = new UF\AccessConditionExpression($app); $result = $ace->evaluateCondition($conditions, $params); if ($result) { echo "Passed {$conditions}"; } else { echo "Failed {$conditions}"; } }); $app->run();