/**
* Checks whether or not this user has access for a particular authorization hook.
*
* Determine if this user has access to the given $hook under the given $params.
* @param string $hook The authorization hook to check for access.
* @param array $params[optional] An array of field names => values, specifying any additional data to provide the authorization module
* when determining whether or not this user has access.
* @return boolean True if the user has access, false otherwise.
*/
public function checkAccess($hook, $params = [])
{
if ($this->isGuest()) {
// TODO: do we sometimes want to allow access to protected resources for guests? Should we model a "guest" group?
return false;
}
// The master (root) account has access to everything.
if ($this->id == static::$app->config('user_id_master')) {
// Need to use loose comparison for now, because some DBs return `id` as a string
return true;
}
// Try to find an authorization rule for $hook that matches the currently logged-in user, or one of their groups.
$rule = UserAuth::fetchUserAuthHook($this->id, $hook);
if (empty($rule)) {
$pass = false;
} else {
$ace = new AccessConditionExpression(static::$app);
// TODO: should we have to pass the app in, or just make it available statically?
$pass = $ace->evaluateCondition($rule['conditions'], $params);
}
// If no user-specific rule is passed, look for a group-level rule
if (!$pass) {
$ace = new AccessConditionExpression(static::$app);
$groups = $this->getGroupIds();
foreach ($groups as $group_id) {
// Try to find an authorization rule for $hook that matches this group
$rule = GroupAuth::fetchGroupAuthHook($group_id, $hook);
if (!$rule) {
continue;
}
$pass = $ace->evaluateCondition($rule['conditions'], $params);
if ($pass) {
break;
}
}
}
return $pass;
}
$controller->configJS();
});
// Theme CSS
$app->get('/css/theme.css', function () use($app) {
$controller = new UF\BaseController($app);
$controller->themeCSS();
});
// Not found page (404)
$app->notFound(function () use($app) {
if ($app->request->isGet()) {
$controller = new UF\BaseController($app);
$controller->page404();
} else {
$app->alerts->addMessageTranslated("danger", "SERVER_ERROR");
}
});
$app->get('/test/auth', function () use($app) {
if (0 == "php") {
echo "0 = php";
}
$params = ["user" => ["id" => 1], "post" => ["id" => 7]];
$conditions = "(equals(self.id,user.id)||hasPost(self.id,post.id))&&subset(post, [\"id\", \"title\", \"content\", \"subject\", 3])";
$ace = new UF\AccessConditionExpression($app);
$result = $ace->evaluateCondition($conditions, $params);
if ($result) {
echo "Passed {$conditions}";
} else {
echo "Failed {$conditions}";
}
});
$app->run();
