Commit
This commit is contained in:
parent
24df7e272e
commit
ea2cca035a
@ -51,6 +51,6 @@ unset($config, $database, $session, $user);
|
||||
*
|
||||
* Decides if the user is allowed to view current page.
|
||||
*/
|
||||
new AccessControl($app->user, $app->config['root_url']);
|
||||
new AccessControl($app);
|
||||
|
||||
return $app;
|
@ -5,60 +5,102 @@ namespace App\Core;
|
||||
use \Exception;
|
||||
|
||||
/**
|
||||
* Decides what is allowed and what not
|
||||
* TODO: ...
|
||||
*/
|
||||
class AccessControl
|
||||
{
|
||||
public User $user;
|
||||
public string $currentPage;
|
||||
private array $routes;
|
||||
public App $app;
|
||||
|
||||
public function __construct(User $user, string $rootUrl)
|
||||
private array $acl;
|
||||
private string $currentPage;
|
||||
|
||||
public function __construct(App $app)
|
||||
{
|
||||
// FUCK IT, WILL FIX LATER
|
||||
return;
|
||||
$this->app = $app;
|
||||
|
||||
$this->routes = [
|
||||
"index.php" => ["catcher", 0],
|
||||
"example.php",
|
||||
"simulator.php" => ["catcher", 2],
|
||||
"login.php",
|
||||
"logout.php",
|
||||
"view-teams.php",
|
||||
"confirm-logout.php",
|
||||
$this->acl = [
|
||||
// routes that need power level 1 and up
|
||||
[
|
||||
"routes" => [
|
||||
"teamtable/edit/"
|
||||
],
|
||||
"catcher" => [
|
||||
"name" => "page",
|
||||
"args" => 1,
|
||||
],
|
||||
],
|
||||
// routes that dont need any auth
|
||||
[
|
||||
"routes" => [
|
||||
""
|
||||
],
|
||||
"catcher" => [
|
||||
"name" => "nothing",
|
||||
],
|
||||
]
|
||||
];
|
||||
|
||||
$this->user = $user;
|
||||
$this->currentPage = substr($_SERVER["PHP_SELF"], strlen($rootUrl));
|
||||
$this->currentPage = substr(
|
||||
$_SERVER["PHP_SELF"],
|
||||
strlen($this->app->config["root_url"])
|
||||
);
|
||||
|
||||
// FUCK IT, WILL FIX LATER
|
||||
return;
|
||||
|
||||
foreach ($this->routes as $key => $value)
|
||||
foreach ($this->acl as $key => $value)
|
||||
{
|
||||
if ($key !== $this->currentPage)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$routes = $value["routes"];
|
||||
$catcher = $value["catcher"];
|
||||
|
||||
if ($value)
|
||||
foreach ($routes as $key => $value)
|
||||
{
|
||||
call_user_func([$this, $value[0]], $value[1]);
|
||||
}
|
||||
// check if string starts with
|
||||
if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
#if ($value !== $this->currentPage)
|
||||
#{
|
||||
# continue;
|
||||
#}
|
||||
|
||||
return;
|
||||
if (isset($catcher["args"]))
|
||||
{
|
||||
call_user_func([$this, $catcher["name"]], $catcher["args"]);
|
||||
} else {
|
||||
call_user_func([$this, $catcher["name"]]);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
throw new Exception("Could not find current page in access control routes array, did you add it?");
|
||||
throw new Exception("Could not find current page in access control list, did you add it?");
|
||||
}
|
||||
|
||||
private function catcher($powerLevel): void
|
||||
private function page(int $powerLevel): void
|
||||
{
|
||||
if (isset($this->user->powerLevel) && $this->user->powerLevel <= $powerLevel) {
|
||||
# code...
|
||||
if ($this->app->user->loggedIn && $this->app->user->powerLevel <= $powerLevel)
|
||||
{
|
||||
echo "Authorized!";
|
||||
} else {
|
||||
echo "Unauthorized!";
|
||||
http_response_code(401);
|
||||
$this->app->view("template/header", ["title" => "Ingen tilgang!"]);
|
||||
$this->app->view("Core/AccessControl/unauthorized");
|
||||
$this->app->view("template/footer");
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Does... nothing! For when the page does not need any access control.
|
||||
*/
|
||||
private function nothing(): void
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
private function api($powerLevel): void
|
||||
{
|
||||
// ...
|
||||
}
|
||||
}
|
@ -5,7 +5,7 @@ namespace App\Teamtable;
|
||||
use \InvalidArgumentException;
|
||||
|
||||
/**
|
||||
* Represents a team in the teamtable database
|
||||
* Represents a record in the teamtable
|
||||
*/
|
||||
class Team
|
||||
{
|
||||
|
15
app/lib/App/Timetable/Time.php
Normal file
15
app/lib/App/Timetable/Time.php
Normal file
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace App\Timetable;
|
||||
|
||||
use \DateTime;
|
||||
|
||||
/**
|
||||
* Represents a record in timetable
|
||||
*/
|
||||
class Time
|
||||
{
|
||||
public int $id;
|
||||
public int $teamId;
|
||||
public DateTime $date;
|
||||
}
|
28
app/lib/App/Timetable/TimeMapper.php
Normal file
28
app/lib/App/Timetable/TimeMapper.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Timetable;
|
||||
|
||||
use \PDO;
|
||||
|
||||
class TimeMapper
|
||||
{
|
||||
public PDO $dbh;
|
||||
|
||||
public function __construct(PDO $dbh)
|
||||
{
|
||||
$this->dbh = $dbh;
|
||||
}
|
||||
|
||||
private function mapRowToTeam(array $row): Time
|
||||
{
|
||||
$team = new Time();
|
||||
return $team;
|
||||
}
|
||||
|
||||
public function create(Time $time): Time
|
||||
{
|
||||
$sth = $this->dbh->prepare('INSERT INTO tidtabell (LagID) VALUES (?)');
|
||||
$sth->execute([$time->teamId]);
|
||||
return TRUE;
|
||||
}
|
||||
}
|
@ -1,8 +1,10 @@
|
||||
<?php
|
||||
|
||||
use App\Core\Database as Database;
|
||||
use App\Teamtable\TeamMapper as TeamMapper;
|
||||
use App\Teamtable\Team as Team;
|
||||
use App\Core\Database;
|
||||
use App\Teamtable\Team;
|
||||
use App\Teamtable\TeamMapper;
|
||||
use App\Timetable\Time;
|
||||
use App\Timetable\TimeMapper;
|
||||
|
||||
class Cardreader
|
||||
{
|
||||
@ -10,16 +12,19 @@ class Cardreader
|
||||
|
||||
public TeamMapper $teamMapper;
|
||||
|
||||
public TimeMapper $timeMapper;
|
||||
|
||||
public function __construct(Database $database)
|
||||
{
|
||||
$this->dbh = $database->conn;
|
||||
$this->teamMapper = new TeamMapper($this->dbh);
|
||||
$this->timeMapper = new TimeMapper($this->dbh);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns TRUE if team exists, FALSE if not
|
||||
*/
|
||||
public function recieve(string $cardnumber): bool
|
||||
public function receive(string $cardnumber, int $timeout): bool
|
||||
{
|
||||
$team = $this->teamMapper->getByCardnumber($cardnumber);
|
||||
if ($team)
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
use App\Core\Database as Database;
|
||||
use App\Core\Database;
|
||||
|
||||
class Example
|
||||
{
|
||||
|
@ -1,8 +1,8 @@
|
||||
<?php
|
||||
|
||||
use App\Core\Database as Database;
|
||||
use App\Teamtable\Team as Team;
|
||||
use App\Teamtable\TeamMapper as TeamMapper;
|
||||
use App\Core\Database;
|
||||
use App\Teamtable\Team;
|
||||
use App\Teamtable\TeamMapper;
|
||||
|
||||
/**
|
||||
* Does stuffs with the teamtable
|
||||
@ -11,9 +11,6 @@ class Teamtable
|
||||
{
|
||||
public PDO $dbh;
|
||||
|
||||
/**
|
||||
* We use a data mapper pattern
|
||||
*/
|
||||
public TeamMapper $teamMapper;
|
||||
|
||||
public function __construct(Database $database)
|
||||
@ -22,25 +19,16 @@ class Teamtable
|
||||
$this->teamMapper = new TeamMapper($this->dbh);
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch entire team table
|
||||
*/
|
||||
public function getAll(): array
|
||||
{
|
||||
return $this->teamMapper->getAll();
|
||||
}
|
||||
|
||||
/**
|
||||
* Find team with supplied id
|
||||
*/
|
||||
public function get(int $id): ?Team
|
||||
{
|
||||
return $this->teamMapper->get($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Inserts team into database
|
||||
*/
|
||||
public function create(Team $team): Team
|
||||
{
|
||||
return $this->teamMapper->create($team);
|
||||
|
2
app/view/Core/AccessControl/unauthorized.php
Normal file
2
app/view/Core/AccessControl/unauthorized.php
Normal file
@ -0,0 +1,2 @@
|
||||
<h1>Ingen tilgang!</h1>
|
||||
<p>Du har ikke tilstrekkelig tillatelse til å se denne siden.</p>
|
@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
||||
$cardnumber = $_POST['cardnumber'];
|
||||
|
||||
if (!(strlen($cardnumber) > 32)) {
|
||||
if ($cardreader->recieve($cardnumber))
|
||||
if ($cardreader->receive($cardnumber))
|
||||
{
|
||||
$app->session->flash("Lag funnet for \"{$cardnumber}\"", "success");
|
||||
} else {
|
||||
|
Reference in New Issue
Block a user