Permission architecture implemented

This commit is contained in:
Mal 2020-08-22 23:08:05 +02:00
parent e1a62442d9
commit 39d14451b2
3 changed files with 47 additions and 4 deletions

View File

@ -7,6 +7,7 @@ abstract class AbstractController
protected string $route; protected string $route;
protected ApiResponse $response; protected ApiResponse $response;
protected Session $session;
protected string $requestUrl; protected string $requestUrl;
protected ?string $requestBody = null; protected ?string $requestBody = null;
protected ?string $contentType = null; protected ?string $contentType = null;
@ -16,6 +17,7 @@ abstract class AbstractController
{ {
$this->requestUrl = $url; $this->requestUrl = $url;
$this->response = new ApiResponse(); $this->response = new ApiResponse();
$this->session = new Session();
} }
public function setRequestBody(string $contentType, string $content): void public function setRequestBody(string $contentType, string $content): void
@ -56,6 +58,35 @@ abstract class AbstractController
return $param !== null ? (int)$param : null; return $param !== null ? (int)$param : null;
} }
public function isUserLoggedIn(): bool
{
if (!$this->session->IsLoggedIn()) {
$this->response = new ApiJsonResponse(ServerStatus::UNAUTHORIZED);
$this->response->setParameter('success', false);
$this->response->setMessage('You are not logged in!');
return false;
}
return true;
}
public function hasUserPermission(int $userId): bool
{
$this->response = new ApiJsonResponse();
$hasPermission = $this->session->isAdmin() || $this->session->getUserId() === $userId;
if (!$hasPermission) {
$this->response->setParameter('success', false);
$this->response->setMessage('You don\'t have the permission to do that!');
$this->response->setStatus(ServerStatus::UNAUTHORIZED);
}
return $hasPermission;
}
protected function validateJsonBody(): bool protected function validateJsonBody(): bool
{ {
if (count($this->mandatoryAttributes) === 0) { if (count($this->mandatoryAttributes) === 0) {

View File

@ -11,7 +11,7 @@ final class Session
private const IS_LOGGED_IN = 'is_logged_in'; private const IS_LOGGED_IN = 'is_logged_in';
private const USER_ID = 'account_id'; private const USER_ID = 'account_id';
private const USERNAME = 'username'; private const USERNAME = 'username';
private const PERMISSION = 'permission'; private const IS_ADMIN = 'admin';
private const EMAIL = 'email'; private const EMAIL = 'email';
private const JABBER_ADDRESS = 'jabber'; private const JABBER_ADDRESS = 'jabber';
@ -46,6 +46,7 @@ final class Session
$this->SetString(self::USERNAME, $user->getUsername()); $this->SetString(self::USERNAME, $user->getUsername());
$this->SetString(self::EMAIL, $user->getEmail()); $this->SetString(self::EMAIL, $user->getEmail());
$this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress()); $this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
$this->SetBool(self::IS_ADMIN, $user->isAdmin());
return true; return true;
} }
@ -95,9 +96,9 @@ final class Session
return $this->GetInt(self::USER_ID); return $this->GetInt(self::USER_ID);
} }
public function GetPermission(): ?int public function isAdmin(): bool
{ {
return $this->GetInt(self::PERMISSION); return $this->GetBool(self::IS_ADMIN);
} }
public static function HasSession(): bool public static function HasSession(): bool

View File

@ -9,6 +9,7 @@ final class User extends MySqlTable implements JsonSerializable
public const FIELD_PASSWORD = 'Password'; public const FIELD_PASSWORD = 'Password';
public const FIELD_EMAIL = 'Email'; public const FIELD_EMAIL = 'Email';
public const FIELD_JABBER_ADDRESS = 'JabberAddress'; public const FIELD_JABBER_ADDRESS = 'JabberAddress';
public const FIELD_ADMIN = 'IsAdmin';
public function __construct($id = null, DatabaseInterface &$database = null) public function __construct($id = null, DatabaseInterface &$database = null)
{ {
@ -44,6 +45,11 @@ final class User extends MySqlTable implements JsonSerializable
return $this->getField(self::FIELD_JABBER_ADDRESS); return $this->getField(self::FIELD_JABBER_ADDRESS);
} }
public function isAdmin(): bool
{
return $this->getField(self::FIELD_ADMIN);
}
public function setUsername(string $username): void public function setUsername(string $username): void
{ {
$this->setField(self::FIELD_USERNAME, $username); $this->setField(self::FIELD_USERNAME, $username);
@ -64,6 +70,11 @@ final class User extends MySqlTable implements JsonSerializable
$this->setField(self::FIELD_JABBER_ADDRESS, $jabberAddress); $this->setField(self::FIELD_JABBER_ADDRESS, $jabberAddress);
} }
public function setAdmin(bool $isAdmin): void
{
$this->setField(self::FIELD_ADMIN, $isAdmin);
}
public static function getFromUsername(string $username, DatabaseInterface &$database = null): self public static function getFromUsername(string $username, DatabaseInterface &$database = null): self
{ {
$databaseGiven = true; $databaseGiven = true;