diff --git a/agents/ToplevelAgent.inc b/agents/ToplevelAgent.inc index eee33450..9d6d6f8a 100644 --- a/agents/ToplevelAgent.inc +++ b/agents/ToplevelAgent.inc @@ -153,6 +153,17 @@ } + /** + * Return the IntermediateAgent. + * + * @return IntermediateAgent IntermediateAgent + */ + public function getIntermediateAgent() + { + return $this->intermediateAgent; + } + + /** diff --git a/app/Controller.inc b/app/Controller.inc index 5594ac31..42881662 100644 --- a/app/Controller.inc +++ b/app/Controller.inc @@ -25,24 +25,12 @@ * @var array */ public $components = array('auth'); - /** - * Required models - * - * @var array - */ - public $models = array('users'); /** * Linker instance * * @var Linker */ protected $linker = null; - /** - * Data of currently logged in user if any - * - * @var array - */ - protected static $user = null; @@ -76,9 +64,6 @@ { parent::preFilter($request, $response); - // Check rights - $this->checkPermission(); - // Create linker $this->linker = new \nre\core\Linker($this->request); @@ -95,9 +80,6 @@ \IntlDateFormatter::SHORT, NULL )); - - // Set userdata - $this->set('loggedUser', static::$user); } @@ -112,44 +94,6 @@ parent::postFilter($request, $response); } - - - - /** - * Check user permissions. - * - * @throws AccessDeniedException - */ - private function checkPermission() - { - // Determine user - try { - $userId = $this->Auth->getUserId(); - if(!is_null($userId)) { - static::$user = $this->Users->getUserById($this->Auth->getUserId()); - } - } - catch(\nre\exceptions\IdNotFoundException $e) { - } - - - // Determine permissions - $action = $this->request->getParam(2, 'action'); - if(!property_exists($this, 'permissions')) { - return; // Allow if nothing is specified - } - if(!array_key_exists($action, $this->permissions)) { - return; // Allow if Action is not specified - } - $permissions = $this->permissions[$action]; - - - // Check permissions - if(is_null(static::$user)) { - throw new \nre\exceptions\AccessDeniedException(); - } - } - } ?> diff --git a/app/controllers/SeminaryRoleController.inc b/app/controllers/SeminaryRoleController.inc new file mode 100644 index 00000000..fadf1249 --- /dev/null +++ b/app/controllers/SeminaryRoleController.inc @@ -0,0 +1,129 @@ + + * @copyright 2014 Heinrich-Heine-Universität Düsseldorf + * @license http://www.gnu.org/licenses/gpl.html + * @link https://bitbucket.org/coderkun/the-legend-of-z + */ + + namespace hhu\z\controllers; + + + /** + * Abstract class for implementing a Controller of a ToplevelAgent. + * + * @author Oliver Hanraths + */ + abstract class SeminaryroleController extends \hhu\z\Controller + { + /** + * Required models + * + * @var array + */ + public $models = array('userseminaryroles'); + /** + * Data of currently logged in user if any + * + * @var array + */ + public static $user = null; + + + + + /** + * Construct a new SeminaryRole Controller. + * + * @throws DriverNotFoundException + * @throws DriverNotValidException + * @throws ModelNotValidException + * @throws ModelNotFoundException + * @throws ViewNotFoundException + * @param string $layoutName Name of the current Layout + * @param string $action Current Action + * @param Agent $agent Corresponding Agent + */ + public function __construct($layoutName, $action, $agent) + { + parent::__construct($layoutName, $action, $agent); + } + + + + /** + * Prefilter that is executed before running the Controller. + * + * @param Request $request Current request + * @param Response $response Current response + */ + public function preFilter(\nre\core\Request $request, \nre\core\Response $response) + { + parent::preFilter($request, $response); + + // Check permissions + $this->checkPermission($request, $response); + } + + + /** + * Postfilter that is executed after running the Controller. + * + * @param Request $request Current request + * @param Response $response Current response + */ + public function postFilter(\nre\core\Request $request, \nre\core\Response $response) + { + parent::postFilter($request, $response); + } + + + + + /** + * Check user permissions. + * + * @throws AccessDeniedException + */ + private function checkPermission(\nre\core\Request $request, \nre\core\Response $response) + { + // Do not check index page + if(is_null($request->getParam(3))) { + return; + } + + // Determine user and seminary + $userId = $this->Auth->getUserId(); + $seminary = $this->Seminaries->getSeminaryByUrl($request->getParam(3)); + + // Determine user seminary roles + $userSeminaryRoles = array(); + $roles = $this->Userseminaryroles->getUserseminaryrolesForUserById($userId, $seminary['id']); + foreach($roles as &$role) { + $userSeminaryRoles[] = $role['name']; + } + + + // Determine permissions for current action + $action = $this->request->getParam(2, 'action'); + if(!property_exists($this, 'seminaryPermissions')) { + return; // Allow if nothing is specified + } + if(!array_key_exists($action, $this->seminaryPermissions)) { + return; // Allow if Action is not specified + } + $permissions = $this->seminaryPermissions[$action]; + + + // Check permissions + if(count(array_intersect($userSeminaryRoles, $permissions)) == 0) { + throw new \nre\exceptions\AccessDeniedException(); + } + } + + } + +?> diff --git a/app/controllers/ToplevelController.inc b/app/controllers/ToplevelController.inc new file mode 100644 index 00000000..74f63667 --- /dev/null +++ b/app/controllers/ToplevelController.inc @@ -0,0 +1,149 @@ + + * @copyright 2014 Heinrich-Heine-Universität Düsseldorf + * @license http://www.gnu.org/licenses/gpl.html + * @link https://bitbucket.org/coderkun/the-legend-of-z + */ + + namespace hhu\z\controllers; + + + /** + * Abstract class for implementing a Controller of a ToplevelAgent. + * + * @author Oliver Hanraths + */ + abstract class ToplevelController extends \hhu\z\Controller + { + /** + * Required models + * + * @var array + */ + public $models = array('users', 'userroles'); + /** + * Current user + * + * @var array + */ + public static $user = null; + + + + + /** + * Construct a new application Controller. + * + * @throws DriverNotFoundException + * @throws DriverNotValidException + * @throws ModelNotValidException + * @throws ModelNotFoundException + * @throws ViewNotFoundException + * @param string $layoutName Name of the current Layout + * @param string $action Current Action + * @param Agent $agent Corresponding Agent + */ + public function __construct($layoutName, $action, $agent) + { + parent::__construct($layoutName, $action, $agent); + } + + + + /** + * Prefilter that is executed before running the Controller. + * + * @param Request $request Current request + * @param Response $response Current response + */ + public function preFilter(\nre\core\Request $request, \nre\core\Response $response) + { + parent::preFilter($request, $response); + + // Get userdata + try { + static::$user = $this->Users->getUserById($this->Auth->getUserId()); + } + catch(\nre\exceptions\IdNotFoundException $e) { + } + + // Check permissions + $this->checkPermission($request, $response); + + // Set userdata + $this->set('loggedUser', static::$user); + } + + + /** + * Postfilter that is executed after running the Controller. + * + * @param Request $request Current request + * @param Response $response Current response + */ + public function postFilter(\nre\core\Request $request, \nre\core\Response $response) + { + parent::postFilter($request, $response); + } + + + + + /** + * Check user permissions. + * + * @throws AccessDeniedException + */ + private function checkPermission(\nre\core\Request $request, \nre\core\Response $response) + { + // Determine user + $userId = $this->Auth->getUserId(); + + + // Do not check error pages + if($response->getParam(0, 'toplevel') == \nre\core\Config::getDefault('toplevel-error')) { + return; + } + if($response->getParam(1, 'intermediate') == \nre\core\Config::getDefault('intermediate-error')) { + return; + } + + + // Determine user roles + if($userId > 0) + { + $userRoles = array(); + $roles = $this->Userroles->getUserrolesForUserById($userId); + foreach($roles as &$role) { + $userRoles[] = $role['name']; + } + } + else { + $userRoles = array('guest'); + } + + // Determine permissions of Intermediate Controller for current action + $controller = $this->agent->getIntermediateAgent()->controller; + $action = $this->request->getParam(2, 'action'); + if(!property_exists($controller, 'permissions')) { + return; // Allow if nothing is specified + } + if(!array_key_exists($action, $controller->permissions)) { + return; // Allow if Action is not specified + } + $permissions = $controller->permissions[$action]; + + + // Check permissions + if(count(array_intersect($userRoles, $permissions)) == 0) { + throw new \nre\exceptions\AccessDeniedException(); + } + } + + } + +?> diff --git a/controllers/HtmlController.inc b/controllers/HtmlController.inc index a2659898..d7660f5a 100644 --- a/controllers/HtmlController.inc +++ b/controllers/HtmlController.inc @@ -17,7 +17,7 @@ * * @author Oliver Hanraths */ - class HtmlController extends \hhu\z\Controller + class HtmlController extends \hhu\z\controllers\ToplevelController { @@ -33,7 +33,6 @@ { parent::preFilter($request, $response); - // Set content-type $this->response->addHeader("Content-type: text/html; charset=utf-8"); } diff --git a/controllers/MenuController.inc b/controllers/MenuController.inc index 51aedd25..3d9d5551 100644 --- a/controllers/MenuController.inc +++ b/controllers/MenuController.inc @@ -23,6 +23,21 @@ + /** + * Prefilter. + * + * @param Request $request Current request + * @param Response $response Current response + */ + public function preFilter(\nre\core\Request $request, \nre\core\Response $response) + { + parent::preFilter($request, $response); + + // Set userdata + $this->set('loggedUser', HtmlController::$user); + } + + /** * Action: index. */ diff --git a/controllers/SeminariesController.inc b/controllers/SeminariesController.inc index 632a3378..1df4d5a4 100644 --- a/controllers/SeminariesController.inc +++ b/controllers/SeminariesController.inc @@ -17,7 +17,7 @@ * * @author Oliver Hanraths */ - class SeminariesController extends \hhu\z\Controller + class SeminariesController extends \hhu\z\controllers\SeminaryRoleController { /** * Required models @@ -31,8 +31,21 @@ * @var array */ public $permissions = array( - 'index' => array(), - 'seminary' => array() + 'index' => array('admin', 'moderator', 'user'), + 'seminary' => array('admin', 'moderator', 'user'), + 'create' => array('admin', 'moderator'), + 'edit' => array('admin', 'moderator', 'user'), + 'delete' => array('admin', 'moderator', 'user') + ); + /** + * User seminary permissions + * + * @var array + */ + public $seminaryPermissions = array( + 'seminary' => array('admin', 'moderator', 'user', 'guest'), + 'edit' => array('admin', 'moderator'), + 'delete' => array('admin', 'moderator') ); diff --git a/controllers/UsersController.inc b/controllers/UsersController.inc index 7fc8dcf5..fb6c8d16 100644 --- a/controllers/UsersController.inc +++ b/controllers/UsersController.inc @@ -25,17 +25,16 @@ * @var array */ public $permissions = array( - 'index' => array(), - 'user' => array(), - 'create' => array(), - 'edit' => array(), - 'delete' => array() + 'index' => array('admin', 'moderator'), + 'user' => array('admin', 'moderator', 'user'), + 'create' => array('admin', 'moderator'), + 'edit' => array('admin', 'moderator'), + 'delete' => array('admin') ); - /** * Action: index. */ diff --git a/models/UserrolesModel.inc b/models/UserrolesModel.inc new file mode 100644 index 00000000..33121a21 --- /dev/null +++ b/models/UserrolesModel.inc @@ -0,0 +1,77 @@ + + * @copyright 2014 Heinrich-Heine-Universität Düsseldorf + * @license http://www.gnu.org/licenses/gpl.html + * @link https://bitbucket.org/coderkun/the-legend-of-z + */ + + namespace hhu\z\models; + + + /** + * Model to interact with userroles-table. + * + * @author Oliver Hanraths + */ + class UserrolesModel extends \hhu\z\Model + { + + + + + /** + * Construct a new UserrolesModel. + */ + public function __construct() + { + parent::__construct(); + } + + + + + /** + * Get all userroles for an user referenced by its ID. + * + * @param int $userId ID of an user + * @return array Userroles for an user + */ + public function getUserrolesForUserById($userId) + { + return $this->db->query( + 'SELECT userroles.id, userroles.created, userroles.name '. + 'FROM users_userroles '. + 'LEFT JOIN userroles ON userroles.id = users_userroles.userrole_id '. + 'WHERE users_userroles.user_id = ?', + 'i', + $userId + ); + } + + + /** + * Get all userroles for an user referenced by its URL-username. + * + * @param string $userUrl URL-Username of an user + * @return array Userroles for an user + */ + public function getUserrolesForUserByUrl($userUrl) + { + return $this->db->query( + 'SELECT userroles.id, userroles.created, userroles.name '. + 'FROM users '. + 'LEFT JOIN users_userroles ON users_userroles.user_id = users.id '. + 'LEFT JOIN userroles ON userroles.id = users_userroles.userrole_id '. + 'WHERE users.url = ?', + 's', + $userUrl + ); + } + + } + +?> diff --git a/models/UserseminaryrolesModel.inc b/models/UserseminaryrolesModel.inc new file mode 100644 index 00000000..c07d4c7a --- /dev/null +++ b/models/UserseminaryrolesModel.inc @@ -0,0 +1,78 @@ + + * @copyright 2014 Heinrich-Heine-Universität Düsseldorf + * @license http://www.gnu.org/licenses/gpl.html + * @link https://bitbucket.org/coderkun/the-legend-of-z + */ + + namespace hhu\z\models; + + + /** + * Model to interact with userseminaryroles-table. + * + * @author Oliver Hanraths + */ + class UserseminaryrolesModel extends \hhu\z\Model + { + + + + + /** + * Construct a new UserseminaryrolesModel. + */ + public function __construct() + { + parent::__construct(); + } + + + + + /** + * Get all userseminaryroles for an user referenced by its ID. + * + * @param int $userId ID of an user + * @return array Userseminaryroles for an user + */ + public function getUserseminaryrolesForUserById($userId, $seminaryId) + { + return $this->db->query( + 'SELECT userseminaryroles.id, userseminaryroles.created, userseminaryroles.name '. + 'FROM users_userseminaryroles '. + 'LEFT JOIN userseminaryroles ON userseminaryroles.id = users_userseminaryroles.userseminaryrole_id '. + 'WHERE users_userseminaryroles.user_id = ? AND users_userseminaryroles.seminary_id = ?', + 'ii', + $userId, $seminaryId + ); + } + + + /** + * Get all userseminaryroles for an user referenced by its + * URL-username. + * + * @param string $userUrl URL-Username of an user + * @return array Userseminaryroles for an user + */ + public function getUserrolesForUserByUrl($userUrl) + { + return $this->db->query( + 'SELECT userroles.id, userroles.created, userroles.name '. + 'FROM users '. + 'LEFT JOIN users_userseminaryroles ON users_userseminaryroles.user_id = users.id '. + 'LEFT JOIN userseminaryroles ON userseminaryroles.id = users_userseminaryroles.userseminaryrole_id '. + 'WHERE users.url = ?', + 's', + $userUrl + ); + } + + } + +?>