PrivilegeController.php 3.36 KB
Newer Older
1
2
3
<?php

/**
4
5
* Copyright Maarch since 2008 under license.
* See LICENSE.txt file at the root folder for more details.
6
7
8
9
10
11
12
13
14
15
16
17
18
* This file is part of Maarch software.
*
*/

/**
* @brief Privilege Controller
* @author dev@maarch.org
*/

namespace Group\controllers;

use SrcCore\models\ValidatorModel;
use User\models\UserGroupModel;
19
use Group\models\GroupPrivilegeModel;
20
21
22

class PrivilegeController
{
23
    const PRIVILEGES = [
24
25
26
27
        ['id' => 'manage_users',                'type' => 'admin', 'icon' => 'person-sharp',  'route' => '/administration/users'],
        ['id' => 'manage_groups',               'type' => 'admin', 'icon' => 'people-sharp',  'route' => '/administration/groups'],
        ['id' => 'manage_connections',          'type' => 'admin', 'icon' => 'server-sharp',  'route' => '/administration/connections'],
        ['id' => 'manage_email_configuration',  'type' => 'admin', 'icon' => 'paper-plane',   'route' => '/administration/emailConfiguration'],
Alex ORLUC's avatar
Alex ORLUC committed
28
29
        ['id' => 'manage_password_rules',       'type' => 'admin', 'icon' => 'lock-closed',   'route' => '/administration/passwordRules'],
        ['id' => 'manage_history',              'type' => 'admin', 'icon' => 'timer-outline', 'route' => '/administration/history'],
30
        ['id' => 'manage_otp_connectors',       'type' => 'admin', 'icon' => 'people-circle-outline', 'route' => '/administration/otps'],
31
        ['id' => 'manage_customization',        'type' => 'admin', 'icon' => 'color-wand-outline',  'route' => '/administration/customization'],
32
33
        ['id' => 'manage_documents',            'type' => 'simple'],
        ['id' => 'indexation',                  'type' => 'simple']
34
    ];
35

36
    public static function getPrivilegesByUserId(array $args)
Damien's avatar
Damien committed
37
    {
38
        ValidatorModel::notEmpty($args, ['userId', 'type']);
Damien's avatar
Damien committed
39
        ValidatorModel::intVal($args, ['userId']);
40
        ValidatorModel::stringType($args, ['type']);
Damien's avatar
Damien committed
41
42
43
44
45

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        $allGroups = array_column($groups, 'group_id');

46
        $administrativePrivileges = [];
Damien's avatar
Damien committed
47
        if (!empty($allGroups)) {
48
            $privileges = GroupPrivilegeModel::getPrivileges(['select' => ['privilege'], 'where' => ['group_id in (?)'], 'data' => [$allGroups]]);
Damien's avatar
Damien committed
49
50
51
52
            $privileges = array_column($privileges, 'privilege');

            if (!empty($privileges)) {
                foreach (PrivilegeController::PRIVILEGES as $value) {
53
                    if ($value['type'] == $args['type'] && in_array($value['id'], $privileges)) {
54
                        $administrativePrivileges[] = $value;
Damien's avatar
Damien committed
55
56
57
58
59
                    }
                }
            }
        }

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
        return $administrativePrivileges;
    }

    public static function hasPrivilege(array $args)
    {
        ValidatorModel::notEmpty($args, ['userId', 'privilege']);
        ValidatorModel::intVal($args, ['userId']);
        ValidatorModel::stringType($args, ['privilege']);

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        foreach ($groups as $group) {
            $privilege = GroupPrivilegeModel::getPrivileges(['select' => [1], 'where' => ['group_id = ?', 'privilege = ?'], 'data' => [$group['group_id'], $args['privilege']]]);
            if (!empty($privilege)) {
                return true;
            }
        }

Damien's avatar
Damien committed
78
79
        return false;
    }
80
}