Commit
This commit is contained in:
parent
24df7e272e
commit
ea2cca035a
@ -51,6 +51,6 @@ unset($config, $database, $session, $user);
|
|||||||
*
|
*
|
||||||
* Decides if the user is allowed to view current page.
|
* Decides if the user is allowed to view current page.
|
||||||
*/
|
*/
|
||||||
new AccessControl($app->user, $app->config['root_url']);
|
new AccessControl($app);
|
||||||
|
|
||||||
return $app;
|
return $app;
|
@ -5,60 +5,102 @@ namespace App\Core;
|
|||||||
use \Exception;
|
use \Exception;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Decides what is allowed and what not
|
||||||
* TODO: ...
|
* TODO: ...
|
||||||
*/
|
*/
|
||||||
class AccessControl
|
class AccessControl
|
||||||
{
|
{
|
||||||
public User $user;
|
public App $app;
|
||||||
public string $currentPage;
|
|
||||||
private array $routes;
|
|
||||||
|
|
||||||
public function __construct(User $user, string $rootUrl)
|
private array $acl;
|
||||||
|
private string $currentPage;
|
||||||
|
|
||||||
|
public function __construct(App $app)
|
||||||
{
|
{
|
||||||
// FUCK IT, WILL FIX LATER
|
$this->app = $app;
|
||||||
return;
|
|
||||||
|
|
||||||
$this->routes = [
|
$this->acl = [
|
||||||
"index.php" => ["catcher", 0],
|
// routes that need power level 1 and up
|
||||||
"example.php",
|
[
|
||||||
"simulator.php" => ["catcher", 2],
|
"routes" => [
|
||||||
"login.php",
|
"teamtable/edit/"
|
||||||
"logout.php",
|
],
|
||||||
"view-teams.php",
|
"catcher" => [
|
||||||
"confirm-logout.php",
|
"name" => "page",
|
||||||
|
"args" => 1,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
// routes that dont need any auth
|
||||||
|
[
|
||||||
|
"routes" => [
|
||||||
|
""
|
||||||
|
],
|
||||||
|
"catcher" => [
|
||||||
|
"name" => "nothing",
|
||||||
|
],
|
||||||
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
$this->user = $user;
|
$this->currentPage = substr(
|
||||||
$this->currentPage = substr($_SERVER["PHP_SELF"], strlen($rootUrl));
|
$_SERVER["PHP_SELF"],
|
||||||
|
strlen($this->app->config["root_url"])
|
||||||
|
);
|
||||||
|
|
||||||
// FUCK IT, WILL FIX LATER
|
foreach ($this->acl as $key => $value)
|
||||||
return;
|
|
||||||
|
|
||||||
foreach ($this->routes as $key => $value)
|
|
||||||
{
|
{
|
||||||
if ($key !== $this->currentPage)
|
$routes = $value["routes"];
|
||||||
|
$catcher = $value["catcher"];
|
||||||
|
|
||||||
|
foreach ($routes as $key => $value)
|
||||||
|
{
|
||||||
|
// check if string starts with
|
||||||
|
if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
#if ($value !== $this->currentPage)
|
||||||
|
#{
|
||||||
|
# continue;
|
||||||
|
#}
|
||||||
|
|
||||||
if ($value)
|
if (isset($catcher["args"]))
|
||||||
{
|
{
|
||||||
call_user_func([$this, $value[0]], $value[1]);
|
call_user_func([$this, $catcher["name"]], $catcher["args"]);
|
||||||
|
} else {
|
||||||
|
call_user_func([$this, $catcher["name"]]);
|
||||||
}
|
}
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Exception("Could not find current page in access control routes array, did you add it?");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function catcher($powerLevel): void
|
throw new Exception("Could not find current page in access control list, did you add it?");
|
||||||
|
}
|
||||||
|
|
||||||
|
private function page(int $powerLevel): void
|
||||||
|
{
|
||||||
|
if ($this->app->user->loggedIn && $this->app->user->powerLevel <= $powerLevel)
|
||||||
{
|
{
|
||||||
if (isset($this->user->powerLevel) && $this->user->powerLevel <= $powerLevel) {
|
|
||||||
# code...
|
|
||||||
echo "Authorized!";
|
echo "Authorized!";
|
||||||
} else {
|
} else {
|
||||||
echo "Unauthorized!";
|
http_response_code(401);
|
||||||
|
$this->app->view("template/header", ["title" => "Ingen tilgang!"]);
|
||||||
|
$this->app->view("Core/AccessControl/unauthorized");
|
||||||
|
$this->app->view("template/footer");
|
||||||
|
die();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Does... nothing! For when the page does not need any access control.
|
||||||
|
*/
|
||||||
|
private function nothing(): void
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function api($powerLevel): void
|
||||||
|
{
|
||||||
|
// ...
|
||||||
|
}
|
||||||
}
|
}
|
@ -5,7 +5,7 @@ namespace App\Teamtable;
|
|||||||
use \InvalidArgumentException;
|
use \InvalidArgumentException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Represents a team in the teamtable database
|
* Represents a record in the teamtable
|
||||||
*/
|
*/
|
||||||
class Team
|
class Team
|
||||||
{
|
{
|
||||||
|
15
app/lib/App/Timetable/Time.php
Normal file
15
app/lib/App/Timetable/Time.php
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Timetable;
|
||||||
|
|
||||||
|
use \DateTime;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a record in timetable
|
||||||
|
*/
|
||||||
|
class Time
|
||||||
|
{
|
||||||
|
public int $id;
|
||||||
|
public int $teamId;
|
||||||
|
public DateTime $date;
|
||||||
|
}
|
28
app/lib/App/Timetable/TimeMapper.php
Normal file
28
app/lib/App/Timetable/TimeMapper.php
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Timetable;
|
||||||
|
|
||||||
|
use \PDO;
|
||||||
|
|
||||||
|
class TimeMapper
|
||||||
|
{
|
||||||
|
public PDO $dbh;
|
||||||
|
|
||||||
|
public function __construct(PDO $dbh)
|
||||||
|
{
|
||||||
|
$this->dbh = $dbh;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function mapRowToTeam(array $row): Time
|
||||||
|
{
|
||||||
|
$team = new Time();
|
||||||
|
return $team;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function create(Time $time): Time
|
||||||
|
{
|
||||||
|
$sth = $this->dbh->prepare('INSERT INTO tidtabell (LagID) VALUES (?)');
|
||||||
|
$sth->execute([$time->teamId]);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
}
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use App\Core\Database as Database;
|
use App\Core\Database;
|
||||||
use App\Teamtable\TeamMapper as TeamMapper;
|
use App\Teamtable\Team;
|
||||||
use App\Teamtable\Team as Team;
|
use App\Teamtable\TeamMapper;
|
||||||
|
use App\Timetable\Time;
|
||||||
|
use App\Timetable\TimeMapper;
|
||||||
|
|
||||||
class Cardreader
|
class Cardreader
|
||||||
{
|
{
|
||||||
@ -10,16 +12,19 @@ class Cardreader
|
|||||||
|
|
||||||
public TeamMapper $teamMapper;
|
public TeamMapper $teamMapper;
|
||||||
|
|
||||||
|
public TimeMapper $timeMapper;
|
||||||
|
|
||||||
public function __construct(Database $database)
|
public function __construct(Database $database)
|
||||||
{
|
{
|
||||||
$this->dbh = $database->conn;
|
$this->dbh = $database->conn;
|
||||||
$this->teamMapper = new TeamMapper($this->dbh);
|
$this->teamMapper = new TeamMapper($this->dbh);
|
||||||
|
$this->timeMapper = new TimeMapper($this->dbh);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns TRUE if team exists, FALSE if not
|
* Returns TRUE if team exists, FALSE if not
|
||||||
*/
|
*/
|
||||||
public function recieve(string $cardnumber): bool
|
public function receive(string $cardnumber, int $timeout): bool
|
||||||
{
|
{
|
||||||
$team = $this->teamMapper->getByCardnumber($cardnumber);
|
$team = $this->teamMapper->getByCardnumber($cardnumber);
|
||||||
if ($team)
|
if ($team)
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use App\Core\Database as Database;
|
use App\Core\Database;
|
||||||
|
|
||||||
class Example
|
class Example
|
||||||
{
|
{
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use App\Core\Database as Database;
|
use App\Core\Database;
|
||||||
use App\Teamtable\Team as Team;
|
use App\Teamtable\Team;
|
||||||
use App\Teamtable\TeamMapper as TeamMapper;
|
use App\Teamtable\TeamMapper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Does stuffs with the teamtable
|
* Does stuffs with the teamtable
|
||||||
@ -11,9 +11,6 @@ class Teamtable
|
|||||||
{
|
{
|
||||||
public PDO $dbh;
|
public PDO $dbh;
|
||||||
|
|
||||||
/**
|
|
||||||
* We use a data mapper pattern
|
|
||||||
*/
|
|
||||||
public TeamMapper $teamMapper;
|
public TeamMapper $teamMapper;
|
||||||
|
|
||||||
public function __construct(Database $database)
|
public function __construct(Database $database)
|
||||||
@ -22,25 +19,16 @@ class Teamtable
|
|||||||
$this->teamMapper = new TeamMapper($this->dbh);
|
$this->teamMapper = new TeamMapper($this->dbh);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Fetch entire team table
|
|
||||||
*/
|
|
||||||
public function getAll(): array
|
public function getAll(): array
|
||||||
{
|
{
|
||||||
return $this->teamMapper->getAll();
|
return $this->teamMapper->getAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Find team with supplied id
|
|
||||||
*/
|
|
||||||
public function get(int $id): ?Team
|
public function get(int $id): ?Team
|
||||||
{
|
{
|
||||||
return $this->teamMapper->get($id);
|
return $this->teamMapper->get($id);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Inserts team into database
|
|
||||||
*/
|
|
||||||
public function create(Team $team): Team
|
public function create(Team $team): Team
|
||||||
{
|
{
|
||||||
return $this->teamMapper->create($team);
|
return $this->teamMapper->create($team);
|
||||||
|
2
app/view/Core/AccessControl/unauthorized.php
Normal file
2
app/view/Core/AccessControl/unauthorized.php
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
<h1>Ingen tilgang!</h1>
|
||||||
|
<p>Du har ikke tilstrekkelig tillatelse til å se denne siden.</p>
|
@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
|||||||
$cardnumber = $_POST['cardnumber'];
|
$cardnumber = $_POST['cardnumber'];
|
||||||
|
|
||||||
if (!(strlen($cardnumber) > 32)) {
|
if (!(strlen($cardnumber) > 32)) {
|
||||||
if ($cardreader->recieve($cardnumber))
|
if ($cardreader->receive($cardnumber))
|
||||||
{
|
{
|
||||||
$app->session->flash("Lag funnet for \"{$cardnumber}\"", "success");
|
$app->session->flash("Lag funnet for \"{$cardnumber}\"", "success");
|
||||||
} else {
|
} else {
|
||||||
|
Reference in New Issue
Block a user