Permission architecture implemented
This commit is contained in:
parent
e1a62442d9
commit
39d14451b2
|
@ -7,6 +7,7 @@ abstract class AbstractController
|
||||||
protected string $route;
|
protected string $route;
|
||||||
protected ApiResponse $response;
|
protected ApiResponse $response;
|
||||||
|
|
||||||
|
protected Session $session;
|
||||||
protected string $requestUrl;
|
protected string $requestUrl;
|
||||||
protected ?string $requestBody = null;
|
protected ?string $requestBody = null;
|
||||||
protected ?string $contentType = null;
|
protected ?string $contentType = null;
|
||||||
|
@ -16,6 +17,7 @@ abstract class AbstractController
|
||||||
{
|
{
|
||||||
$this->requestUrl = $url;
|
$this->requestUrl = $url;
|
||||||
$this->response = new ApiResponse();
|
$this->response = new ApiResponse();
|
||||||
|
$this->session = new Session();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setRequestBody(string $contentType, string $content): void
|
public function setRequestBody(string $contentType, string $content): void
|
||||||
|
@ -56,6 +58,35 @@ abstract class AbstractController
|
||||||
return $param !== null ? (int)$param : null;
|
return $param !== null ? (int)$param : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isUserLoggedIn(): bool
|
||||||
|
{
|
||||||
|
if (!$this->session->IsLoggedIn()) {
|
||||||
|
$this->response = new ApiJsonResponse(ServerStatus::UNAUTHORIZED);
|
||||||
|
|
||||||
|
$this->response->setParameter('success', false);
|
||||||
|
$this->response->setMessage('You are not logged in!');
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasUserPermission(int $userId): bool
|
||||||
|
{
|
||||||
|
$this->response = new ApiJsonResponse();
|
||||||
|
|
||||||
|
$hasPermission = $this->session->isAdmin() || $this->session->getUserId() === $userId;
|
||||||
|
|
||||||
|
if (!$hasPermission) {
|
||||||
|
$this->response->setParameter('success', false);
|
||||||
|
$this->response->setMessage('You don\'t have the permission to do that!');
|
||||||
|
$this->response->setStatus(ServerStatus::UNAUTHORIZED);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $hasPermission;
|
||||||
|
}
|
||||||
|
|
||||||
protected function validateJsonBody(): bool
|
protected function validateJsonBody(): bool
|
||||||
{
|
{
|
||||||
if (count($this->mandatoryAttributes) === 0) {
|
if (count($this->mandatoryAttributes) === 0) {
|
||||||
|
|
|
@ -11,7 +11,7 @@ final class Session
|
||||||
private const IS_LOGGED_IN = 'is_logged_in';
|
private const IS_LOGGED_IN = 'is_logged_in';
|
||||||
private const USER_ID = 'account_id';
|
private const USER_ID = 'account_id';
|
||||||
private const USERNAME = 'username';
|
private const USERNAME = 'username';
|
||||||
private const PERMISSION = 'permission';
|
private const IS_ADMIN = 'admin';
|
||||||
private const EMAIL = 'email';
|
private const EMAIL = 'email';
|
||||||
private const JABBER_ADDRESS = 'jabber';
|
private const JABBER_ADDRESS = 'jabber';
|
||||||
|
|
||||||
|
@ -46,6 +46,7 @@ final class Session
|
||||||
$this->SetString(self::USERNAME, $user->getUsername());
|
$this->SetString(self::USERNAME, $user->getUsername());
|
||||||
$this->SetString(self::EMAIL, $user->getEmail());
|
$this->SetString(self::EMAIL, $user->getEmail());
|
||||||
$this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
|
$this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
|
||||||
|
$this->SetBool(self::IS_ADMIN, $user->isAdmin());
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -95,9 +96,9 @@ final class Session
|
||||||
return $this->GetInt(self::USER_ID);
|
return $this->GetInt(self::USER_ID);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function GetPermission(): ?int
|
public function isAdmin(): bool
|
||||||
{
|
{
|
||||||
return $this->GetInt(self::PERMISSION);
|
return $this->GetBool(self::IS_ADMIN);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function HasSession(): bool
|
public static function HasSession(): bool
|
||||||
|
|
|
@ -9,6 +9,7 @@ final class User extends MySqlTable implements JsonSerializable
|
||||||
public const FIELD_PASSWORD = 'Password';
|
public const FIELD_PASSWORD = 'Password';
|
||||||
public const FIELD_EMAIL = 'Email';
|
public const FIELD_EMAIL = 'Email';
|
||||||
public const FIELD_JABBER_ADDRESS = 'JabberAddress';
|
public const FIELD_JABBER_ADDRESS = 'JabberAddress';
|
||||||
|
public const FIELD_ADMIN = 'IsAdmin';
|
||||||
|
|
||||||
public function __construct($id = null, DatabaseInterface &$database = null)
|
public function __construct($id = null, DatabaseInterface &$database = null)
|
||||||
{
|
{
|
||||||
|
@ -44,6 +45,11 @@ final class User extends MySqlTable implements JsonSerializable
|
||||||
return $this->getField(self::FIELD_JABBER_ADDRESS);
|
return $this->getField(self::FIELD_JABBER_ADDRESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isAdmin(): bool
|
||||||
|
{
|
||||||
|
return $this->getField(self::FIELD_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
public function setUsername(string $username): void
|
public function setUsername(string $username): void
|
||||||
{
|
{
|
||||||
$this->setField(self::FIELD_USERNAME, $username);
|
$this->setField(self::FIELD_USERNAME, $username);
|
||||||
|
@ -64,6 +70,11 @@ final class User extends MySqlTable implements JsonSerializable
|
||||||
$this->setField(self::FIELD_JABBER_ADDRESS, $jabberAddress);
|
$this->setField(self::FIELD_JABBER_ADDRESS, $jabberAddress);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function setAdmin(bool $isAdmin): void
|
||||||
|
{
|
||||||
|
$this->setField(self::FIELD_ADMIN, $isAdmin);
|
||||||
|
}
|
||||||
|
|
||||||
public static function getFromUsername(string $username, DatabaseInterface &$database = null): self
|
public static function getFromUsername(string $username, DatabaseInterface &$database = null): self
|
||||||
{
|
{
|
||||||
$databaseGiven = true;
|
$databaseGiven = true;
|
||||||
|
|
Loading…
Reference in New Issue