Permission architecture implemented

This commit is contained in:
Mal 2020-08-22 23:08:05 +02:00
parent e1a62442d9
commit 39d14451b2
3 changed files with 47 additions and 4 deletions

View File

@ -7,6 +7,7 @@ abstract class AbstractController
protected string $route;
protected ApiResponse $response;
protected Session $session;
protected string $requestUrl;
protected ?string $requestBody = null;
protected ?string $contentType = null;
@ -16,6 +17,7 @@ abstract class AbstractController
{
$this->requestUrl = $url;
$this->response = new ApiResponse();
$this->session = new Session();
}
public function setRequestBody(string $contentType, string $content): void
@ -56,6 +58,35 @@ abstract class AbstractController
return $param !== null ? (int)$param : null;
}
public function isUserLoggedIn(): bool
{
if (!$this->session->IsLoggedIn()) {
$this->response = new ApiJsonResponse(ServerStatus::UNAUTHORIZED);
$this->response->setParameter('success', false);
$this->response->setMessage('You are not logged in!');
return false;
}
return true;
}
public function hasUserPermission(int $userId): bool
{
$this->response = new ApiJsonResponse();
$hasPermission = $this->session->isAdmin() || $this->session->getUserId() === $userId;
if (!$hasPermission) {
$this->response->setParameter('success', false);
$this->response->setMessage('You don\'t have the permission to do that!');
$this->response->setStatus(ServerStatus::UNAUTHORIZED);
}
return $hasPermission;
}
protected function validateJsonBody(): bool
{
if (count($this->mandatoryAttributes) === 0) {

View File

@ -11,7 +11,7 @@ final class Session
private const IS_LOGGED_IN = 'is_logged_in';
private const USER_ID = 'account_id';
private const USERNAME = 'username';
private const PERMISSION = 'permission';
private const IS_ADMIN = 'admin';
private const EMAIL = 'email';
private const JABBER_ADDRESS = 'jabber';
@ -46,6 +46,7 @@ final class Session
$this->SetString(self::USERNAME, $user->getUsername());
$this->SetString(self::EMAIL, $user->getEmail());
$this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
$this->SetBool(self::IS_ADMIN, $user->isAdmin());
return true;
}
@ -95,9 +96,9 @@ final class Session
return $this->GetInt(self::USER_ID);
}
public function GetPermission(): ?int
public function isAdmin(): bool
{
return $this->GetInt(self::PERMISSION);
return $this->GetBool(self::IS_ADMIN);
}
public static function HasSession(): bool

View File

@ -9,8 +9,9 @@ final class User extends MySqlTable implements JsonSerializable
public const FIELD_PASSWORD = 'Password';
public const FIELD_EMAIL = 'Email';
public const FIELD_JABBER_ADDRESS = 'JabberAddress';
public const FIELD_ADMIN = 'IsAdmin';
public function __construct($id = null, DatabaseInterface &$database = null)
public function __construct($id = null, DatabaseInterface &$database = null)
{
parent::__construct(self::class, $id, $database);
}
@ -44,6 +45,11 @@ final class User extends MySqlTable implements JsonSerializable
return $this->getField(self::FIELD_JABBER_ADDRESS);
}
public function isAdmin(): bool
{
return $this->getField(self::FIELD_ADMIN);
}
public function setUsername(string $username): void
{
$this->setField(self::FIELD_USERNAME, $username);
@ -64,6 +70,11 @@ final class User extends MySqlTable implements JsonSerializable
$this->setField(self::FIELD_JABBER_ADDRESS, $jabberAddress);
}
public function setAdmin(bool $isAdmin): void
{
$this->setField(self::FIELD_ADMIN, $isAdmin);
}
public static function getFromUsername(string $username, DatabaseInterface &$database = null): self
{
$databaseGiven = true;