mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-14 21:43:18 +00:00
165 lines
3.9 KiB
PHP
165 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace Alchemy\Phrasea\Security;
|
|
|
|
use Silex\Application;
|
|
use \Symfony\Component\HttpFoundation\Response;
|
|
|
|
class Firewall
|
|
{
|
|
private $app;
|
|
|
|
public function __construct(Application $app)
|
|
{
|
|
$this->app = $app;
|
|
}
|
|
|
|
public function requireSetUp()
|
|
{
|
|
if (!\setup::is_installed()) {
|
|
return $this->app->redirect("/setup/");
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAdmin()
|
|
{
|
|
$response = $this->requireNotGuest();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->is_admin()) {
|
|
$this->app->abort(403, 'Admin role is required');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToModule($module)
|
|
{
|
|
$response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_access_to_module($module)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
unset($response);
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToSbas($sbas_id)
|
|
{
|
|
$response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_access_to_sbas($sbas_id)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
unset($response);
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAccessToBase($base_id)
|
|
{
|
|
$response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_access_to_base($base_id)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
unset($response);
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireRight($right)
|
|
{
|
|
$response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_right($right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
unset($response);
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireRightOnBase($base_id, $right)
|
|
{
|
|
$response = $response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_right_on_base($base_id, $right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
|
|
public function requireRightOnSbas($sbas_id, $right)
|
|
{
|
|
$response = $response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if (!$this->app['phraseanet.user']->ACL()->has_right_on_sbas($sbas_id, $right)) {
|
|
$this->app->abort(403, 'You do not have required rights');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireNotGuest()
|
|
{
|
|
$response = $response = $this->requireAuthentication();
|
|
if ($response instanceof Response) {
|
|
return $response;
|
|
}
|
|
|
|
if ($this->app['phraseanet.user']->is_guest()) {
|
|
$this->app->abort(403, 'Guests do not have admin role');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireAuthentication()
|
|
{
|
|
if (!$this->app->isAuthenticated()) {
|
|
return $this->app->redirect('/login/');
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function requireOrdersAdmin()
|
|
{
|
|
if (false === !!count($this->app['phraseanet.user']->ACL()->get_granted_base(array('order_master')))) {
|
|
$this->app->abort(403);
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
}
|