This repository has been archived on 2023-01-06. You can view files and clone it, but cannot push or open issues or pull requests.
web/app/lib/App/Core/AccessControl.php

108 lines
2.9 KiB
PHP
Raw Permalink Normal View History

2022-01-30 21:11:38 +00:00
<?php
2022-03-02 06:15:12 +00:00
namespace App\Core;
use \Exception;
/**
2022-03-13 19:54:34 +00:00
* Decides what is allowed and what not
2022-03-02 06:15:12 +00:00
* TODO: ...
*/
2022-01-30 21:11:38 +00:00
class AccessControl
{
2022-03-13 19:54:34 +00:00
public App $app;
2022-01-30 21:11:38 +00:00
2022-03-13 19:54:34 +00:00
private array $acl;
2022-04-14 20:59:42 +00:00
private string $current_page;
2022-03-13 19:54:34 +00:00
public function __construct(App $app)
2022-01-30 21:11:38 +00:00
{
2022-03-13 19:54:34 +00:00
$this->app = $app;
2022-02-07 09:36:00 +00:00
2022-03-13 19:54:34 +00:00
$this->acl = [
// routes that need power level 1 and up
[
"routes" => [
2022-03-23 13:03:33 +00:00
"race/configure/*"
2022-03-13 19:54:34 +00:00
],
"catcher" => [
"name" => "page",
"args" => 1,
],
],
// routes that dont need any auth
[
"routes" => [
2022-04-14 20:59:42 +00:00
"*" // this is dumb but security is not that important :D
2022-03-13 19:54:34 +00:00
],
"catcher" => [
"name" => "nothing",
],
]
2022-01-30 21:11:38 +00:00
];
2022-02-07 06:14:33 +00:00
2022-04-14 20:59:42 +00:00
$this->current_page = substr(
2022-04-05 20:28:21 +00:00
$_SERVER["SCRIPT_NAME"],
2022-03-13 19:54:34 +00:00
strlen($this->app->config["root_url"])
);
2022-02-07 09:36:00 +00:00
2022-03-19 17:41:57 +00:00
// TODO: add error handling
2022-03-13 19:54:34 +00:00
foreach ($this->acl as $key => $value)
2022-02-07 09:36:00 +00:00
{
2022-03-13 19:54:34 +00:00
$routes = $value["routes"];
$catcher = $value["catcher"];
2022-02-07 09:36:00 +00:00
2022-03-13 19:54:34 +00:00
foreach ($routes as $key => $value)
2022-02-07 09:36:00 +00:00
{
2022-03-19 17:41:57 +00:00
// if the end of the route is an asterisk we match everything after it
if ($value[-1] == '*')
2022-03-13 19:54:34 +00:00
{
2022-03-19 17:41:57 +00:00
// remove asterisk
$value = substr($value, 0, -1);
// check if string starts with
2022-04-14 20:59:42 +00:00
if (strncmp($this->current_page, $value, strlen($value)) !== 0)
2022-03-19 17:41:57 +00:00
{
continue;
}
} else {
// end is not an asterisk, match full string
2022-04-14 20:59:42 +00:00
if ($value !== $this->current_page)
2022-03-19 17:41:57 +00:00
{
continue;
}
2022-03-13 19:54:34 +00:00
}
2022-03-19 17:41:57 +00:00
2022-03-13 19:54:34 +00:00
if (isset($catcher["args"]))
{
call_user_func([$this, $catcher["name"]], $catcher["args"]);
} else {
call_user_func([$this, $catcher["name"]]);
}
2022-02-07 09:36:00 +00:00
2022-03-13 19:54:34 +00:00
return;
}
2022-02-07 09:36:00 +00:00
}
2022-03-13 19:54:34 +00:00
throw new Exception("Could not find current page in access control list, did you add it?");
2022-01-30 21:11:38 +00:00
}
2022-04-14 20:59:42 +00:00
private function page(int $power_level): void
2022-01-30 21:11:38 +00:00
{
2022-04-14 20:59:42 +00:00
if (!$this->app->user->logged_in || !($this->app->user->power_level >= $power_level))
2022-03-13 19:54:34 +00:00
{
http_response_code(401);
$this->app->view("template/header", ["title" => "Ingen tilgang!"]);
2022-03-14 08:00:07 +00:00
$this->app->view("App/Core/AccessControl/unauthorized");
2022-03-13 19:54:34 +00:00
$this->app->view("template/footer");
die();
2022-02-07 09:36:00 +00:00
}
2022-01-30 21:11:38 +00:00
}
2022-03-13 19:54:34 +00:00
/**
* Does... nothing! For when the page does not need any access control.
*/
private function nothing(): void
{
return;
}
2022-01-30 21:11:38 +00:00
}