This commit is contained in:
William 2022-03-13 20:54:34 +01:00
parent 24df7e272e
commit ea2cca035a
11 changed files with 136 additions and 56 deletions

View File

@ -51,6 +51,6 @@ unset($config, $database, $session, $user);
* *
* Decides if the user is allowed to view current page. * Decides if the user is allowed to view current page.
*/ */
new AccessControl($app->user, $app->config['root_url']); new AccessControl($app);
return $app; return $app;

View File

@ -5,60 +5,102 @@ namespace App\Core;
use \Exception; use \Exception;
/** /**
* Decides what is allowed and what not
* TODO: ... * TODO: ...
*/ */
class AccessControl class AccessControl
{ {
public User $user; public App $app;
public string $currentPage;
private array $routes;
public function __construct(User $user, string $rootUrl) private array $acl;
private string $currentPage;
public function __construct(App $app)
{ {
// FUCK IT, WILL FIX LATER $this->app = $app;
return;
$this->routes = [ $this->acl = [
"index.php" => ["catcher", 0], // routes that need power level 1 and up
"example.php", [
"simulator.php" => ["catcher", 2], "routes" => [
"login.php", "teamtable/edit/"
"logout.php", ],
"view-teams.php", "catcher" => [
"confirm-logout.php", "name" => "page",
"args" => 1,
],
],
// routes that dont need any auth
[
"routes" => [
""
],
"catcher" => [
"name" => "nothing",
],
]
]; ];
$this->user = $user; $this->currentPage = substr(
$this->currentPage = substr($_SERVER["PHP_SELF"], strlen($rootUrl)); $_SERVER["PHP_SELF"],
strlen($this->app->config["root_url"])
);
// FUCK IT, WILL FIX LATER foreach ($this->acl as $key => $value)
return;
foreach ($this->routes as $key => $value)
{ {
if ($key !== $this->currentPage) $routes = $value["routes"];
$catcher = $value["catcher"];
foreach ($routes as $key => $value)
{
// check if string starts with
if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
{ {
continue; continue;
} }
#if ($value !== $this->currentPage)
#{
# continue;
#}
if ($value) if (isset($catcher["args"]))
{ {
call_user_func([$this, $value[0]], $value[1]); call_user_func([$this, $catcher["name"]], $catcher["args"]);
} else {
call_user_func([$this, $catcher["name"]]);
} }
return; return;
} }
throw new Exception("Could not find current page in access control routes array, did you add it?");
} }
private function catcher($powerLevel): void throw new Exception("Could not find current page in access control list, did you add it?");
}
private function page(int $powerLevel): void
{
if ($this->app->user->loggedIn && $this->app->user->powerLevel <= $powerLevel)
{ {
if (isset($this->user->powerLevel) && $this->user->powerLevel <= $powerLevel) {
# code...
echo "Authorized!"; echo "Authorized!";
} else { } else {
echo "Unauthorized!"; http_response_code(401);
$this->app->view("template/header", ["title" => "Ingen tilgang!"]);
$this->app->view("Core/AccessControl/unauthorized");
$this->app->view("template/footer");
die();
} }
} }
/**
* Does... nothing! For when the page does not need any access control.
*/
private function nothing(): void
{
return;
}
private function api($powerLevel): void
{
// ...
}
} }

View File

@ -5,7 +5,7 @@ namespace App\Teamtable;
use \InvalidArgumentException; use \InvalidArgumentException;
/** /**
* Represents a team in the teamtable database * Represents a record in the teamtable
*/ */
class Team class Team
{ {

View File

@ -0,0 +1,15 @@
<?php
namespace App\Timetable;
use \DateTime;
/**
* Represents a record in timetable
*/
class Time
{
public int $id;
public int $teamId;
public DateTime $date;
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Timetable;
use \PDO;
class TimeMapper
{
public PDO $dbh;
public function __construct(PDO $dbh)
{
$this->dbh = $dbh;
}
private function mapRowToTeam(array $row): Time
{
$team = new Time();
return $team;
}
public function create(Time $time): Time
{
$sth = $this->dbh->prepare('INSERT INTO tidtabell (LagID) VALUES (?)');
$sth->execute([$time->teamId]);
return TRUE;
}
}

View File

@ -1,8 +1,10 @@
<?php <?php
use App\Core\Database as Database; use App\Core\Database;
use App\Teamtable\TeamMapper as TeamMapper; use App\Teamtable\Team;
use App\Teamtable\Team as Team; use App\Teamtable\TeamMapper;
use App\Timetable\Time;
use App\Timetable\TimeMapper;
class Cardreader class Cardreader
{ {
@ -10,16 +12,19 @@ class Cardreader
public TeamMapper $teamMapper; public TeamMapper $teamMapper;
public TimeMapper $timeMapper;
public function __construct(Database $database) public function __construct(Database $database)
{ {
$this->dbh = $database->conn; $this->dbh = $database->conn;
$this->teamMapper = new TeamMapper($this->dbh); $this->teamMapper = new TeamMapper($this->dbh);
$this->timeMapper = new TimeMapper($this->dbh);
} }
/** /**
* Returns TRUE if team exists, FALSE if not * Returns TRUE if team exists, FALSE if not
*/ */
public function recieve(string $cardnumber): bool public function receive(string $cardnumber, int $timeout): bool
{ {
$team = $this->teamMapper->getByCardnumber($cardnumber); $team = $this->teamMapper->getByCardnumber($cardnumber);
if ($team) if ($team)

View File

@ -1,6 +1,6 @@
<?php <?php
use App\Core\Database as Database; use App\Core\Database;
class Example class Example
{ {

View File

@ -1,8 +1,8 @@
<?php <?php
use App\Core\Database as Database; use App\Core\Database;
use App\Teamtable\Team as Team; use App\Teamtable\Team;
use App\Teamtable\TeamMapper as TeamMapper; use App\Teamtable\TeamMapper;
/** /**
* Does stuffs with the teamtable * Does stuffs with the teamtable
@ -11,9 +11,6 @@ class Teamtable
{ {
public PDO $dbh; public PDO $dbh;
/**
* We use a data mapper pattern
*/
public TeamMapper $teamMapper; public TeamMapper $teamMapper;
public function __construct(Database $database) public function __construct(Database $database)
@ -22,25 +19,16 @@ class Teamtable
$this->teamMapper = new TeamMapper($this->dbh); $this->teamMapper = new TeamMapper($this->dbh);
} }
/**
* Fetch entire team table
*/
public function getAll(): array public function getAll(): array
{ {
return $this->teamMapper->getAll(); return $this->teamMapper->getAll();
} }
/**
* Find team with supplied id
*/
public function get(int $id): ?Team public function get(int $id): ?Team
{ {
return $this->teamMapper->get($id); return $this->teamMapper->get($id);
} }
/**
* Inserts team into database
*/
public function create(Team $team): Team public function create(Team $team): Team
{ {
return $this->teamMapper->create($team); return $this->teamMapper->create($team);

View File

@ -0,0 +1,2 @@
<h1>Ingen tilgang!</h1>
<p>Du har ikke tilstrekkelig tillatelse til å se denne siden.</p>

View File

@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
$cardnumber = $_POST['cardnumber']; $cardnumber = $_POST['cardnumber'];
if (!(strlen($cardnumber) > 32)) { if (!(strlen($cardnumber) > 32)) {
if ($cardreader->recieve($cardnumber)) if ($cardreader->receive($cardnumber))
{ {
$app->session->flash("Lag funnet for \"{$cardnumber}\"", "success"); $app->session->flash("Lag funnet for \"{$cardnumber}\"", "success");
} else { } else {