mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-18 15:33:15 +00:00
a8da584666
Conflicts: composer.json composer.lock config/configuration.sample.yml lib/Alchemy/Phrasea/Application.php lib/Alchemy/Phrasea/Application/Api.php lib/Alchemy/Phrasea/Controller/Admin/Collection.php lib/Alchemy/Phrasea/Controller/Admin/Users.php lib/Alchemy/Phrasea/Controller/Prod/DoDownload.php lib/Alchemy/Phrasea/Controller/Prod/Export.php lib/Alchemy/Phrasea/Controller/Prod/Language.php lib/Alchemy/Phrasea/Controller/Prod/Push.php lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php lib/Alchemy/Phrasea/Controller/Report/Informations.php lib/Alchemy/Phrasea/Controller/Report/Root.php lib/Alchemy/Phrasea/Controller/Root/Developers.php lib/Alchemy/Phrasea/Controller/Root/Login.php lib/Alchemy/Phrasea/Controller/Root/Session.php lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php lib/Alchemy/Phrasea/Controller/Utils/ConnectionTest.php lib/Alchemy/Phrasea/Controller/Utils/PathFileTest.php lib/Alchemy/Phrasea/Core/Version.php lib/Alchemy/Phrasea/Form/Login/PhraseaAuthenticationForm.php lib/Alchemy/Phrasea/SearchEngine/Phrasea/PhraseaEngine.php lib/Alchemy/Phrasea/SearchEngine/SphinxSearch/SphinxSearchEngine.php lib/classes/API/OAuth2/Application.php lib/classes/API/V1/adapter.php lib/classes/Feed/Adapter.php lib/classes/Feed/Aggregate.php lib/classes/Feed/Collection.php lib/classes/Feed/Entry/Adapter.php lib/classes/ZipArchiveImproved.php lib/classes/caption/Field/Value.php lib/classes/caption/record.php lib/classes/eventsmanager/notify/feed.php lib/classes/media/subdef.php lib/classes/module/report/connexion.php lib/classes/module/report/download.php lib/classes/record/adapter.php lib/classes/registry.php lib/classes/set/export.php lib/classes/setup.php lib/classes/task/abstract.php lib/classes/task/period/emptyColl.php lib/classes/uuid.php lib/conf.d/_GV_template.inc lib/conf.d/bases_structure.xml lib/conf.d/configuration.yml lib/conf.d/minifyGroupsConfig.php locale/de_DE/LC_MESSAGES/phraseanet.mo locale/de_DE/LC_MESSAGES/phraseanet.po locale/en_GB/LC_MESSAGES/phraseanet.mo locale/en_GB/LC_MESSAGES/phraseanet.po locale/fr_FR/LC_MESSAGES/phraseanet.mo locale/fr_FR/LC_MESSAGES/phraseanet.po locale/nl_NL/LC_MESSAGES/phraseanet.mo locale/nl_NL/LC_MESSAGES/phraseanet.po locale/phraseanet.pot templates/web/account/account.html.twig templates/web/account/base.html.twig templates/web/admin/databox/databox.html.twig templates/web/admin/index.html.twig templates/web/admin/setup.html.twig templates/web/admin/tree.html.twig templates/web/client/index.html.twig templates/web/common/caption.html.twig templates/web/common/caption_templates/answer.html.twig templates/web/common/caption_templates/basket_element.html.twig templates/web/common/caption_templates/internal_publi.html.twig templates/web/common/caption_templates/lazaret.html.twig templates/web/common/caption_templates/overview.html.twig templates/web/common/caption_templates/preview.html.twig templates/web/common/index_bootstrap.html.twig templates/web/common/indexfloat.html.twig templates/web/common/thumbnail.html.twig templates/web/developers/application_form.html.twig templates/web/lightbox/IE6/feed.html.twig templates/web/lightbox/IE6/validate.html.twig templates/web/lightbox/feed.html.twig templates/web/lightbox/validate.html.twig templates/web/prod/actions/Download/prepare.html.twig templates/web/prod/actions/publish/publish.html.twig templates/web/prod/index.html.twig templates/web/prod/preview/caption.html.twig templates/web/prod/results/answerlist.html.twig templates/web/thesaurus/accept.html.twig templates/web/thesaurus/export-text-dialog.html.twig templates/web/thesaurus/export-text.html.twig templates/web/thesaurus/export-topics-dialog.html.twig templates/web/thesaurus/export-topics.html.twig templates/web/thesaurus/index.html.twig templates/web/thesaurus/link-field-step1.html.twig templates/web/thesaurus/link-field-step2.html.twig templates/web/thesaurus/link-field-step3.html.twig templates/web/thesaurus/new-term.html.twig templates/web/thesaurus/properties.html.twig templates/web/thesaurus/search.html.twig templates/web/thesaurus/thesaurus.html.twig tests/Alchemy/Tests/Phrasea/Application/ApiJsonTest.php tests/Alchemy/Tests/Phrasea/Application/ApiYamlTest.php tests/Alchemy/Tests/Phrasea/Application/LightboxTest.php tests/Alchemy/Tests/Phrasea/Application/OAuth2Test.php tests/Alchemy/Tests/Phrasea/Application/OverviewTest.php tests/Alchemy/Tests/Phrasea/Authentication/PersistentCookie/ManagerTest.php tests/Alchemy/Tests/Phrasea/Cache/RedisCacheTest.php tests/Alchemy/Tests/Phrasea/Command/Compile/ConfigurationTest.php tests/Alchemy/Tests/Phrasea/Controller/Admin/FieldsTest.php tests/Alchemy/Tests/Phrasea/Controller/Admin/PublicationTest.php tests/Alchemy/Tests/Phrasea/Controller/Admin/SubdefsTest.php tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJSONPTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/BasketTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/BridgeTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/EditTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/FeedTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/LanguageTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/MoveCollectionTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/PrinterTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/PushTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/RootTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/ToolsTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/TooltipTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/UploadTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/UsrListsTest.php tests/Alchemy/Tests/Phrasea/Controller/Prod/WorkZoneTest.php tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php tests/Alchemy/Tests/Phrasea/Controller/Root/RSSFeedTest.php tests/Alchemy/Tests/Phrasea/Controller/Utils/ConnectionTestTest.php tests/Alchemy/Tests/Phrasea/Controller/Utils/PathFileTestTest.php tests/Alchemy/Tests/Phrasea/Core/Provider/FTPServiceProviderTest.php tests/Alchemy/Tests/Phrasea/Core/Provider/LocaleServiceProviderTest.php tests/Alchemy/Tests/Phrasea/Core/Provider/PhraseanetServiceProviderTest.php tests/Alchemy/Tests/Phrasea/Core/Provider/RegistrationServiceProviderTest.php tests/Alchemy/Tests/Phrasea/Core/Provider/TaskManagerServiceProviderTest.php tests/Alchemy/Tests/Phrasea/Http/XSendFile/NginxModeTest.php tests/Alchemy/Tests/Phrasea/Metadata/Tag/TfEditDateTest.php tests/Alchemy/Tests/Phrasea/Metadata/Tag/TfMimeTypeTest.php tests/Alchemy/Tests/Phrasea/SearchEngine/SearchEngineAbstractTest.php tests/classes/Feed/Feed_AggregateTest.php tests/classes/PhraseanetPHPUnitAbstract.php tests/db-ref.sqlite
156 lines
4.3 KiB
PHP
156 lines
4.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Phraseanet
|
|
*
|
|
* (c) 2005-2014 Alchemy
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Alchemy\Phrasea\Security;
|
|
|
|
use Silex\Application;
|
|
use Silex\Controller;
|
|
use Silex\ControllerCollection;
|
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
|
|
class Firewall
|
|
{
|
|
private $app;
|
|
|
|
public function __construct(Application $app)
|
|
{
|
|
$this->app = $app;
|
|
}
|
|
|
|
public function requireSetUp()
|
|
{
|
|
if (!$this->app['phraseanet.configuration-tester']->isInstalled()) {
|
|
$this->app->abort(302, 'Phraseanet is not installed', [
|
|
'X-Phraseanet-Redirect' => $this->app->path('setup')
|
|
]);
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
public function requireAdmin()
|
|
{
|
|
$this->requireNotGuest();
|
|
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->is_admin()) {
|
|
$this->app->abort(403, 'Admin role is required');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToModule($module)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToSbas($sbas_id)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToBase($base_id)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireRight($right)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireRightOnBase($base_id, $right)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireRightOnSbas($sbas_id, $right)
|
|
{
|
|
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireNotGuest()
|
|
{
|
|
if ($this->app['authentication']->getUser()->isGuest()) {
|
|
$this->app->abort(403, 'Guests do not have admin role');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAuthentication(Request $request = null)
|
|
{
|
|
$params = array();
|
|
if (null !== $request) {
|
|
$params['redirect'] = '..' . $request->getPathInfo();
|
|
}
|
|
if (!$this->app['authentication']->isAuthenticated()) {
|
|
return new RedirectResponse($this->app->path('homepage', $params));
|
|
}
|
|
}
|
|
|
|
public function addMandatoryAuthentication($controllers)
|
|
{
|
|
if (!$controllers instanceof ControllerCollection && !$controllers instanceof Controller) {
|
|
throw new \InvalidArgumentException('Controllers must be either a Controller or a ControllerCollection.');
|
|
}
|
|
|
|
$app = $this->app;
|
|
|
|
$controllers->before(function (Request $request) use ($app) {
|
|
if (null !== $response = $app['firewall']->requireAuthentication($request)) {
|
|
return $response;
|
|
}
|
|
});
|
|
}
|
|
|
|
public function requireNotAuthenticated()
|
|
{
|
|
if ($this->app['authentication']->isAuthenticated()) {
|
|
return new RedirectResponse($this->app->path('prod'));
|
|
}
|
|
}
|
|
|
|
public function requireOrdersAdmin()
|
|
{
|
|
if (false === !!count($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(['order_master']))) {
|
|
$this->app->abort(403, 'You are not an order admin');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
}
|