Пример #1
0
 /**
  * Adds a backend routes
  * @param $appInstance
  * @return void
  */
 public static function addRouteDefinitions(Slim $appInstance)
 {
     $appInstance->group('/admin', function () use($appInstance) {
         $appInstance->get('/', function () {
             print '<h1>A Simple Backend</h1>';
         });
         $appInstance->map("/chpass", function () use($appInstance) {
             if (EMA_ADMIN_CHPASS) {
                 AdminPasswordChange_controller::process();
             } else {
                 $appInstance->pass();
             }
         })->via('GET', 'POST');
         $appInstance->map("/update", function () use($appInstance) {
             ClassAndMethodsDispatcher::updateGPMethods();
         })->via('GET', 'POST');
         $appInstance->post("/login", function () use($appInstance) {
             $appInstance->response->headers->set('Cache-Control', 'no-store');
             if (isset($_POST['username']) && is_string($_POST['username']) && (isset($_POST['password']) && is_string($_POST['password']))) {
                 try {
                     try {
                         $user = new UserAuth();
                     } catch (SessionExpired $e) {
                         $user = new UserAuth();
                     }
                     $user->userLogin($_POST['username'], $_POST['password']);
                     if (!$user->isAdmin()) {
                         $user->logout();
                         throw new LoginIncorrect('You are not allowed to login here');
                     }
                     $appInstance->response->headers->set('Content-Type', 'application/json');
                     print json_encode($user->getSessionAuthData());
                 } catch (LoginIncorrect $e) {
                     $appInstance->response->headers->set('Content-Type', 'text/plain');
                     $appInstance->response->setStatus(400);
                     print $e->getMessage();
                 }
             } else {
                 $appInstance->response->headers->set('Content-Type', 'text/plain');
                 $appInstance->response->setStatus(400);
                 print 'Bad request';
             }
         });
         $appInstance->map('/logout', function () use($appInstance) {
             try {
                 $user = new UserAuth();
                 if ($user->isUserLoggedInSimple()) {
                     $user->logout();
                 }
             } catch (SessionExpired $e) {
             }
         })->via('GET', 'POST');
     });
 }
Пример #2
0
 /**
  * @param $policyPattern
  * @param bool $isExternalCall
  * @return bool
  */
 protected static function isAccessible($policyPattern, $isExternalCall = false)
 {
     if (empty($policyPattern)) {
         return false;
     }
     $isExternalCall = (bool) $isExternalCall;
     $policy = self::parseGpPolicy($policyPattern);
     if (count($policy) === 0) {
         return false;
     }
     $checkAccessModifier = function ($accessModifier) use($isExternalCall) {
         if ($accessModifier === 'a') {
             return true;
         } else {
             if ($isExternalCall === true && $accessModifier === 'e') {
                 return true;
             } elseif ($isExternalCall === false && $accessModifier === 'i') {
                 return true;
             } else {
                 return false;
             }
         }
     };
     $allowedForAll = false;
     if (array_key_exists('ALL', $policy)) {
         $allowedForAll = $checkAccessModifier($policy['ALL']);
     }
     $user = new UserAuth();
     if ($user->isUserLoggedInSimple()) {
         $gpId = $user->getGroup();
         if ($user->isAdmin()) {
             return true;
         }
         $allowedForUser = false;
         if (array_key_exists($gpId, $policy)) {
             $allowedForUser = $checkAccessModifier($policy[$gpId]);
         }
         return $allowedForUser || $allowedForAll;
     } else {
         return $allowedForAll;
     }
 }