Commit

2022-03-19 18:41:57 +01:00 · 2022-03-19 18:41:57 +01:00 · 41d6e6f9f4
commit 41d6e6f9f4
parent cf7aac0a0e
2 changed files with 21 additions and 14 deletions
--- a/app/lib/App/Core/AccessControl.php
+++ b/app/lib/App/Core/AccessControl.php
@ -23,7 +23,7 @@ class AccessControl
            // routes that need power level 1 and up
            [
                "routes" => [
-                    "race/"
+                    "race/*"
                ],
                "catcher" => [
                    "name" => "page",
@ -33,7 +33,7 @@ class AccessControl
            // routes that dont need any auth
            [
                "routes" => [
-                    ""
+                    "*"
                ],
                "catcher" => [
                    "name" => "nothing",
@ -46,6 +46,7 @@ class AccessControl
            strlen($this->app->config["root_url"])
        );

+        // TODO: add error handling
        foreach ($this->acl as $key => $value)
        {
            $routes  = $value["routes"];
@ -53,15 +54,23 @@ class AccessControl

            foreach ($routes as $key => $value)
            {
-                // check if string starts with
-                if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
+                // if the end of the route is an asterisk we match everything after it
+                if ($value[-1] == '*')
                {
-                    continue;
+                    // remove asterisk
+                    $value = substr($value, 0, -1);
+                    // check if string starts with
+                    if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
+                    {
+                        continue;
+                    }
+                } else {
+                    // end is not an asterisk, match full string
+                    if ($value !== $this->currentPage)
+                    {
+                        continue;
+                    }
                }
-                #if ($value !== $this->currentPage)
-                #{
-                #    continue;
-                #}

                if (isset($catcher["args"]))
                {
@ -79,10 +88,8 @@ class AccessControl

    private function page(int $powerLevel): void
    {
-        if ($this->app->user->loggedIn && $this->app->user->powerLevel >= $powerLevel)
+        if (!$this->app->user->loggedIn || !($this->app->user->powerLevel >= $powerLevel))
        {
-            # code...
-        } else {
            http_response_code(401);
            $this->app->view("template/header", ["title" => "Ingen tilgang!"]);
            $this->app->view("App/Core/AccessControl/unauthorized");
--- a/app/view/App/Core/AccessControl/unauthorized.php
+++ b/app/view/App/Core/AccessControl/unauthorized.php
@ -1,2 +1,2 @@
 <h1>Ingen tilgang!</h1>
-<p>Du har ikke tilstrekkelig tillatelse til å se denne siden.</p>
+<p>Du har ikke tilstrekkelige tillatelser til å se denne siden.</p>