PrivilegeController.php 4.52 KB
Newer Older
1
2
3
<?php

/**
4
5
* Copyright Maarch since 2008 under license.
* See LICENSE.txt file at the root folder for more details.
6
7
8
9
10
11
12
13
14
15
16
17
18
* This file is part of Maarch software.
*
*/

/**
* @brief Privilege Controller
* @author dev@maarch.org
*/

namespace Group\controllers;

use SrcCore\models\ValidatorModel;
use User\models\UserGroupModel;
19
use Group\models\GroupPrivilegeModel;
20
21
22

class PrivilegeController
{
23
    public const PRIVILEGES = [
24
25
26
27
        ['id' => 'manage_users',                'type' => 'admin', 'icon' => 'person-sharp',  'route' => '/administration/users'],
        ['id' => 'manage_groups',               'type' => 'admin', 'icon' => 'people-sharp',  'route' => '/administration/groups'],
        ['id' => 'manage_connections',          'type' => 'admin', 'icon' => 'server-sharp',  'route' => '/administration/connections'],
        ['id' => 'manage_email_configuration',  'type' => 'admin', 'icon' => 'paper-plane',   'route' => '/administration/emailConfiguration'],
Alex ORLUC's avatar
Alex ORLUC committed
28
29
        ['id' => 'manage_password_rules',       'type' => 'admin', 'icon' => 'lock-closed',   'route' => '/administration/passwordRules'],
        ['id' => 'manage_history',              'type' => 'admin', 'icon' => 'timer-outline', 'route' => '/administration/history'],
30
        ['id' => 'manage_otp_connectors',       'type' => 'admin', 'icon' => 'people-circle-outline', 'route' => '/administration/otps'],
31
        ['id' => 'manage_customization',        'type' => 'admin', 'icon' => 'color-wand-outline',  'route' => '/administration/customization'],
32
        ['id' => 'manage_notifications',        'type' => 'admin', 'icon' => 'notifications', 'route' => '/administration/notifications'],
33
34
        ['id' => 'manage_documents',            'type' => 'simple'],
        ['id' => 'indexation',                  'type' => 'simple']
35
    ];
36

37
    public static function getPrivilegesByUserId(array $args)
Damien's avatar
Damien committed
38
    {
39
        ValidatorModel::notEmpty($args, ['userId', 'type']);
Damien's avatar
Damien committed
40
        ValidatorModel::intVal($args, ['userId']);
41
        ValidatorModel::stringType($args, ['type']);
Damien's avatar
Damien committed
42
43
44
45
46

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        $allGroups = array_column($groups, 'group_id');

47
        $administrativePrivileges = [];
Damien's avatar
Damien committed
48
        if (!empty($allGroups)) {
49
            $privileges = GroupPrivilegeModel::getPrivileges(['select' => ['privilege'], 'where' => ['group_id in (?)'], 'data' => [$allGroups]]);
Damien's avatar
Damien committed
50
51
52
53
            $privileges = array_column($privileges, 'privilege');

            if (!empty($privileges)) {
                foreach (PrivilegeController::PRIVILEGES as $value) {
54
                    if ($value['type'] == $args['type'] && in_array($value['id'], $privileges)) {
55
                        $administrativePrivileges[] = $value;
Damien's avatar
Damien committed
56
57
58
59
60
                    }
                }
            }
        }

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
        return $administrativePrivileges;
    }

    public static function hasPrivilege(array $args)
    {
        ValidatorModel::notEmpty($args, ['userId', 'privilege']);
        ValidatorModel::intVal($args, ['userId']);
        ValidatorModel::stringType($args, ['privilege']);

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        foreach ($groups as $group) {
            $privilege = GroupPrivilegeModel::getPrivileges(['select' => [1], 'where' => ['group_id = ?', 'privilege = ?'], 'data' => [$group['group_id'], $args['privilege']]]);
            if (!empty($privilege)) {
                return true;
            }
        }

Damien's avatar
Damien committed
79
80
        return false;
    }
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

    public static function canGivePrivilege(array $args)
    {
        ValidatorModel::notEmpty($args, ['userId', 'groupId', 'privilegeId', 'parameters']);
        ValidatorModel::intVal($args, ['userId', 'groupId']);
        ValidatorModel::stringType($args, ['privilegeId']);

        if ($args['privilegeId'] == 'manage_users') {
            if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
                return false;
            } elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
                return true;
            } else {
                $candidateGroups = $args['parameters']['authorized'] ?? [];
                foreach ($candidateGroups as $candidateGroup) {
                    if (!UserGroupModel::hasGroup(['userId' => $args['userId'], 'groupId' => $candidateGroup])) {
                        return false;
                    }
                }
            }
        }

        return true;
    }
105
}