-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathXoopsAuthHandler.php
92 lines (82 loc) · 3.25 KB
/
XoopsAuthHandler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php
/*
* This file has its roots as part of the Mojavi package which was
* Copyright (c) 2003 Sean Kerr. It has been incorporated into this
* derivative work under the terms of the LGPL V2.1.
* (http://www.gnu.org/licenses/lgpl-2.1.html)
*/
namespace Xmf\Xadr;
use Xmf\Xadr\Exceptions\InvalidConfigurationException;
/**
* The XoopsAuthHandler implements an AuthorizationHandler that
* uses XOOPS for user authentication.
*
* If a user has not signed in and attempts access to a secure Action,
* the session will redirect to the system login with the xoops_redirect
* option set to return to reattempt the secure Action.
*
* @category Xmf\Xadr\XoopsAuthHandler
* @package Xmf
* @author Richard Griffith <[email protected]>
* @author Sean Kerr <[email protected]>
* @copyright 2013-2015 XOOPS Project (http://xoops.org)
* @copyright 2003 Sean Kerr
* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
* @link http://xoops.org
*/
class XoopsAuthHandler extends AuthorizationHandler
{
/**
* Determine the user authorization status for an action request by
* verifying against a required privilege.
*
* _This should never be called manually._
*
* @param Action $action An Action instance.
*
* @return bool|null true if authorized, false otherwise
*
* @throws InvalidConfigurationException
*/
public function execute(Action $action)
{
$xoops = \Xoops::getInstance();
if (!$this->user()->isAuthenticated() || !($this->user() instanceof XoopsUser)) {
// if we need to authenticate, do XOOPS login rather than
// using AUTH_UNIT AUTH_ACTION conventions
$url=$this->controller()->getControllerPath();
$query = \Xmf\Request::getString('QUERY_STRING', '', 'server');
if ($query != '') {
$url = $this->controller()->getControllerPath() . '?' . urlencode($query);
}
$parts=parse_url($url);
$url=$parts['path'].(empty($parts['query'])?'':'?'.$parts['query']);
$xoops->redirect(
$xoops->url('www/user.php') . '?xoops_redirect='.$url,
2,
\XoopsLocale::E_NO_ACTION_PERMISSION
);
}
$privilege = $action->getRequiredPrivilege();
if ($privilege !== null
&& !$this->user()->hasPrivilege($privilege)
) {
$secure_unit=$this->Config()->get('SECURE_UNIT', 'App');
$secure_action=$this->Config()->get('SECURE_ACTION', 'NoPermission');
// user doesn't have privilege to access
$action = $this->controller()->getAction($secure_unit, $secure_action);
if ($action !== null) {
$this->controller()->forward($secure_unit, $secure_action);
return false;
}
// cannot find secure action
$error = 'Invalid secure action: ' .
'SECURE_UNIT (' . $secure_unit . '), ' .
'SECURE_ACTION (' . $secure_action . ')';
throw new InvalidConfigurationException($error);
}
// user is authenticated, and has the required privilege
// or no privilege is required
return true;
}
}