Skip to content
GitLab
Switch branch/tag
Find file Normal viewHistoryPermalink
PrivilegeController.php 4.52 KB
Newer Older
Damien's avatar
FEAT #10730 TIME 2:00 Administration privileges  
Damien committed
1
2
3 
<?php

/**
Florian Azizian's avatar
FEAT #16704 TIME 0:05 Change license header    
Florian Azizian committed
4
5 
* Copyright Maarch since 2008 under license.
* See LICENSE.txt file at the root folder for more details.
Damien's avatar
FEAT #10730 TIME 2:00 Administration privileges  
Damien committed
6
7
8
9
10
11
12
13
14
15
16
17
18 
* This file is part of Maarch software.
*
*/

/**
* @brief Privilege Controller
* @author dev@maarch.org
*/

namespace Group\controllers;

use SrcCore\models\ValidatorModel;
use User\models\UserGroupModel;
Florian Azizian's avatar
FEAT #10733 TIME 1:45 wip get, getbyid, create, delete groups    
Florian Azizian committed
19 
use Group\models\GroupPrivilegeModel;
Damien's avatar
FEAT #10730 TIME 2:00 Administration privileges  
Damien committed
20
21
22 

class PrivilegeController
{
Quentin Ribac's avatar
FEAT #17150 TIME 3:30 WIP back CRUD for NotificationsSchedule (Controller and Model)    
Quentin Ribac committed
23 
    public const PRIVILEGES = [
Alex ORLUC's avatar
FEAT #15407 TIME 60 front refactoring    
Alex ORLUC committed
24
25
26
27 
        ['id' => 'manage_users',                'type' => 'admin', 'icon' => 'person-sharp',  'route' => '/administration/users'],
        ['id' => 'manage_groups',               'type' => 'admin', 'icon' => 'people-sharp',  'route' => '/administration/groups'],
        ['id' => 'manage_connections',          'type' => 'admin', 'icon' => 'server-sharp',  'route' => '/administration/connections'],
        ['id' => 'manage_email_configuration',  'type' => 'admin', 'icon' => 'paper-plane',   'route' => '/administration/emailConfiguration'],
Alex ORLUC's avatar
FEAT #10994 TIME 6 WIP history    
Alex ORLUC committed
28
29 
        ['id' => 'manage_password_rules',       'type' => 'admin', 'icon' => 'lock-closed',   'route' => '/administration/passwordRules'],
        ['id' => 'manage_history',              'type' => 'admin', 'icon' => 'timer-outline', 'route' => '/administration/history'],
Alex ORLUC's avatar
FEAT #16982 TIME 2 WIP otp connectors admin    
Alex ORLUC committed
30 
        ['id' => 'manage_otp_connectors',       'type' => 'admin', 'icon' => 'people-circle-outline', 'route' => '/administration/otps'],
Guillaume Heurtier's avatar
FEAT #17005 TIME 2:10 save loginMessage    
Guillaume Heurtier committed
31 
        ['id' => 'manage_customization',        'type' => 'admin', 'icon' => 'color-wand-outline',  'route' => '/administration/customization'],
Quentin Ribac's avatar
FEAT #17150 TIME 3:30 WIP back CRUD for NotificationsSchedule (Controller and Model)    
Quentin Ribac committed
32 
        ['id' => 'manage_notifications',        'type' => 'admin', 'icon' => 'notifications', 'route' => '/administration/notifications'],
Florian Azizian's avatar
FEAt #14561 TIME 1:30 Privilege to add document    
Florian Azizian committed
33
34 
        ['id' => 'manage_documents',            'type' => 'simple'],
        ['id' => 'indexation',                  'type' => 'simple']
Damien's avatar
FEAT #10730 TIME 0:30 Administrative privileges    
Damien committed
35 
    ];
Damien's avatar
FEAT #10730 TIME 2:00 Administration privileges  
Damien committed
36
Guillaume Heurtier's avatar
FEAT #14563 TIME 0:15 added app privileges in user    
Guillaume Heurtier committed
37 
    public static function getPrivilegesByUserId(array $args)
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
38 
    {
Guillaume Heurtier's avatar
FEAT #14563 TIME 0:15 added app privileges in user    
Guillaume Heurtier committed
39 
        ValidatorModel::notEmpty($args, ['userId', 'type']);
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
40 
        ValidatorModel::intVal($args, ['userId']);
Guillaume Heurtier's avatar
FEAT #14563 TIME 0:15 added app privileges in user    
Guillaume Heurtier committed
41 
        ValidatorModel::stringType($args, ['type']);
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
42
43
44
45
46 

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        $allGroups = array_column($groups, 'group_id');
Damien's avatar
FEAT Administrative privileges in token    
Damien committed
47 
        $administrativePrivileges = [];
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
48 
        if (!empty($allGroups)) {
Florian Azizian's avatar
FEAT #10733 TIME 1:45 wip get, getbyid, create, delete groups    
Florian Azizian committed
49 
            $privileges = GroupPrivilegeModel::getPrivileges(['select' => ['privilege'], 'where' => ['group_id in (?)'], 'data' => [$allGroups]]);
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
50
51
52
53 
            $privileges = array_column($privileges, 'privilege');

            if (!empty($privileges)) {
                foreach (PrivilegeController::PRIVILEGES as $value) {
Guillaume Heurtier's avatar
FEAT #14563 TIME 0:15 added app privileges in user    
Guillaume Heurtier committed
54 
                    if ($value['type'] == $args['type'] && in_array($value['id'], $privileges)) {
Damien's avatar
FEAT Administrative privileges in token    
Damien committed
55 
                        $administrativePrivileges[] = $value;
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
56
57
58
59
60 
                    }
                }
            }
        }
Damien's avatar
FEAT Administrative privileges in token    
Damien committed
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78 
        return $administrativePrivileges;
    }

    public static function hasPrivilege(array $args)
    {
        ValidatorModel::notEmpty($args, ['userId', 'privilege']);
        ValidatorModel::intVal($args, ['userId']);
        ValidatorModel::stringType($args, ['privilege']);

        $groups = UserGroupModel::get(['select' => ['group_id'], 'where' => ['user_id = ?'], 'data' => [$args['userId']]]);

        foreach ($groups as $group) {
            $privilege = GroupPrivilegeModel::getPrivileges(['select' => [1], 'where' => ['group_id = ?', 'privilege = ?'], 'data' => [$group['group_id'], $args['privilege']]]);
            if (!empty($privilege)) {
                return true;
            }
        }
Damien's avatar
FEAT #10730 TIME 0:15 hasAdmin    
Damien committed
79
80 
        return false;
    }
Quentin Ribac's avatar
FEAT #17436 TIME 2:00 storing privilege parameters for manage_users    
Quentin Ribac committed
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104 

    public static function canGivePrivilege(array $args)
    {
        ValidatorModel::notEmpty($args, ['userId', 'groupId', 'privilegeId', 'parameters']);
        ValidatorModel::intVal($args, ['userId', 'groupId']);
        ValidatorModel::stringType($args, ['privilegeId']);

        if ($args['privilegeId'] == 'manage_users') {
            if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
                return false;
            } elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
                return true;
            } else {
                $candidateGroups = $args['parameters']['authorized'] ?? [];
                foreach ($candidateGroups as $candidateGroup) {
                    if (!UserGroupModel::hasGroup(['userId' => $args['userId'], 'groupId' => $candidateGroup])) {
                        return false;
                    }
                }
            }
        }

        return true;
    }
Damien's avatar
FEAT #10730 TIME 2:00 Administration privileges  
Damien committed
105 
}