Auth - Code Metrics - fisharebest/webtrees - Measure and Improve Code Quality continuously with Scrutinizer

Auth F
last analyzed 2025-11-11 11:08 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	575
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	160
dl	0
loc	575
rs	2
c	0
b	0
f	0
wmc	86

27 Methods

Rating	Name	Size	Complexity
A	login()	4	1
A	isEditor()	7	2
A	logout()	3	1
A	isAdmin()	5	1
A	accessLevel()	13	3
A	check()	3	1
A	id()	5	2
A	isModerator()	7	2
A	isManager()	5	2
A	user()	6	1
A	isMember()	7	2
A	checkSourceAccess()	19	5
A	checkComponentAccess()	4	2
B	checkIndividualAccess()	23	7
A	checkRepositoryAccess()	19	5
A	checkRecordAccess()	19	5
A	checkMediaAccess()	19	5
A	checkLocationAccess()	19	5
A	canUploadMedia()	5	2
A	checkHeaderAccess()	19	5
A	checkSubmitterAccess()	19	5
A	checkNoteAccess()	19	5
A	checkSharedNoteAccess()	19	5
A	checkFamilyAccess()	19	5
A	checkSubmissionAccess()	19	5
A	privacyRuleNames()	7	1
A	accessLevelNames()	7	1

How to fix Complexity

<?php

/**
 * webtrees: online genealogy
 * Copyright (C) 2025 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace Fisharebest\Webtrees;

use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
use Fisharebest\Webtrees\Module\ModuleInterface;
use Fisharebest\Webtrees\Services\UserService;

use function assert;
use function is_int;

/**
 * Authentication.
 */
class Auth
{
    // Privacy constants
    public const PRIV_PRIVATE = 2; // Allows visitors to view the item
    public const PRIV_USER    = 1; // Allows members to access the item
    public const PRIV_NONE    = 0; // Allows managers to access the item
    public const PRIV_HIDE    = -1; // Hide the item to all users

    /**
     * Are we currently logged in?
     *
     * @return bool
     */
    public static function check(): bool
    {
        return self::id() !== null;
    }

    /**
     * Is the specified/current user an administrator?
     *
     * @param UserInterface|null $user
     *
     * @return bool
     */
    public static function isAdmin(?UserInterface $user = null): bool
    {
        $user ??= self::user();

        return $user->getPreference(UserInterface::PREF_IS_ADMINISTRATOR) === '1';
    }

    /**
     * Is the specified/current user a manager of a tree?
     *
     * @param Tree               $tree
     * @param UserInterface|null $user
     *
     * @return bool
     */
    public static function isManager(Tree $tree, ?UserInterface $user = null): bool
    {
        $user ??= self::user();

        return self::isAdmin($user) || $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MANAGER;
    }

    /**
     * Is the specified/current user a moderator of a tree?
     *
     * @param Tree               $tree
     * @param UserInterface|null $user
     *
     * @return bool
     */
    public static function isModerator(Tree $tree, ?UserInterface $user = null): bool
    {
        $user ??= self::user();

        return
            self::isManager($tree, $user) ||
            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MODERATOR;
    }

    /**
     * Is the specified/current user an editor of a tree?
     *
     * @param Tree               $tree
     * @param UserInterface|null $user
     *
     * @return bool
     */
    public static function isEditor(Tree $tree, ?UserInterface $user = null): bool
    {
        $user ??= self::user();

        return
            self::isModerator($tree, $user) ||
            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_EDITOR;
    }

    /**
     * Is the specified/current user a member of a tree?
     *
     * @param Tree               $tree
     * @param UserInterface|null $user
     *
     * @return bool
     */
    public static function isMember(Tree $tree, ?UserInterface $user = null): bool
    {
        $user ??= self::user();

        return
            self::isEditor($tree, $user) ||
            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MEMBER;
    }

    /**
     * What is the specified/current user's access level within a tree?
     *
     * @param Tree               $tree
     * @param UserInterface|null $user
     *
     * @return int
     */
    public static function accessLevel(Tree $tree, ?UserInterface $user = null): int
    {
        $user ??= self::user();

        if (self::isManager($tree, $user)) {
            return self::PRIV_NONE;
        }

        if (self::isMember($tree, $user)) {
            return self::PRIV_USER;
        }

        return self::PRIV_PRIVATE;
    }

    /**
     * The ID of the authenticated user, from the current session.
     *
     * @return int|null
     */
    public static function id(): ?int
    {
        $wt_user = Session::get('wt_user');

        return is_int($wt_user) ? $wt_user : null;
    }

    /**
     * The authenticated user, from the current session.
     *
     * @return UserInterface
     */
    public static function user(): UserInterface
    {
        $user_service = app(UserService::class);
        assert($user_service instanceof UserService);

        return $user_service->find(self::id()) ?? new GuestUser();
    }

    /**
     * Login directly as an explicit user - for masquerading.
     *
     * @param UserInterface $user
     *
     * @return void
     */
    public static function login(UserInterface $user): void
    {
        Session::regenerate();
        Session::put('wt_user', $user->id());
    }

    /**
     * End the session for the current user.
     *
     * @return void
     */
    public static function logout(): void
    {
        Session::regenerate(true);
    }

    /**
     * @template T of ModuleInterface
     *
     * @param ModuleInterface $module
     * @param class-string<T> $interface
     * @param Tree            $tree
     * @param UserInterface   $user
     *
     * @return void
     */
    public static function checkComponentAccess(ModuleInterface $module, string $interface, Tree $tree, UserInterface $user): void
    {
        if ($module->accessLevel($tree, $interface) < self::accessLevel($tree, $user)) {
            throw new HttpAccessDeniedException();
        }
    }

    /**
     * @param Family|null $family
     * @param bool        $edit
     *
     * @return Family
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkFamilyAccess(?Family $family, bool $edit = false): Family
    {
        $message = I18N::translate('This family does not exist or you do not have permission to view it.');

        if ($family === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $family->canEdit()) {
            $family->lock();

            return $family;
        }

        if ($family->canShow()) {
            return $family;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Header|null $header
     * @param bool        $edit
     *
     * @return Header
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkHeaderAccess(?Header $header, bool $edit = false): Header
    {
        $message = I18N::translate('This record does not exist or you do not have permission to view it.');

        if ($header === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $header->canEdit()) {
            $header->lock();

            return $header;
        }

        if ($header->canShow()) {
            return $header;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Individual|null $individual
     * @param bool            $edit
     * @param bool            $chart For some charts, we can show private records
     *
     * @return Individual
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkIndividualAccess(?Individual $individual, bool $edit = false, bool $chart = false): Individual
    {
        $message = I18N::translate('This individual does not exist or you do not have permission to view it.');

        if ($individual === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $individual->canEdit()) {
            $individual->lock();

            return $individual;
        }

        if ($chart && $individual->tree()->getPreference('SHOW_PRIVATE_RELATIONSHIPS') === '1') {
            return $individual;
        }

        if ($individual->canShow()) {
            return $individual;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Location|null $location
     * @param bool          $edit
     *
     * @return Location
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkLocationAccess(?Location $location, bool $edit = false): Location
    {
        $message = I18N::translate('This record does not exist or you do not have permission to view it.');

        if ($location === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $location->canEdit()) {
            $location->lock();

            return $location;
        }

        if ($location->canShow()) {
            return $location;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Media|null $media
     * @param bool       $edit
     *
     * @return Media
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkMediaAccess(?Media $media, bool $edit = false): Media
    {
        $message = I18N::translate('This media object does not exist or you do not have permission to view it.');

        if ($media === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $media->canEdit()) {
            $media->lock();

            return $media;
        }

        if ($media->canShow()) {
            return $media;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Note|null $note
     * @param bool      $edit
     *
     * @return Note
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkNoteAccess(?Note $note, bool $edit = false): Note
    {
        $message = I18N::translate('This note does not exist or you do not have permission to view it.');

        if ($note === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $note->canEdit()) {
            $note->lock();

            return $note;
        }

        if ($note->canShow()) {
            return $note;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param SharedNote|null $shared_note
     * @param bool            $edit
     *
     * @return SharedNote
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkSharedNoteAccess(?SharedNote $shared_note, bool $edit = false): SharedNote
    {
        $message = I18N::translate('This note does not exist or you do not have permission to view it.');

        if ($shared_note === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $shared_note->canEdit()) {
            $shared_note->lock();

            return $shared_note;
        }

        if ($shared_note->canShow()) {
            return $shared_note;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param GedcomRecord|null $record
     * @param bool              $edit
     *
     * @return GedcomRecord
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkRecordAccess(?GedcomRecord $record, bool $edit = false): GedcomRecord
    {
        $message = I18N::translate('This record does not exist or you do not have permission to view it.');

        if ($record === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $record->canEdit()) {
            $record->lock();

            return $record;
        }

        if ($record->canShow()) {
            return $record;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Repository|null $repository
     * @param bool            $edit
     *
     * @return Repository
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkRepositoryAccess(?Repository $repository, bool $edit = false): Repository
    {
        $message = I18N::translate('This repository does not exist or you do not have permission to view it.');

        if ($repository === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $repository->canEdit()) {
            $repository->lock();

            return $repository;
        }

        if ($repository->canShow()) {
            return $repository;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Source|null $source
     * @param bool        $edit
     *
     * @return Source
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkSourceAccess(?Source $source, bool $edit = false): Source
    {
        $message = I18N::translate('This source does not exist or you do not have permission to view it.');

        if ($source === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $source->canEdit()) {
            $source->lock();

            return $source;
        }

        if ($source->canShow()) {
            return $source;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Submitter|null $submitter
     * @param bool           $edit
     *
     * @return Submitter
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkSubmitterAccess(?Submitter $submitter, bool $edit = false): Submitter
    {
        $message = I18N::translate('This record does not exist or you do not have permission to view it.');

        if ($submitter === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $submitter->canEdit()) {
            $submitter->lock();

            return $submitter;
        }

        if ($submitter->canShow()) {
            return $submitter;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Submission|null $submission
     * @param bool            $edit
     *
     * @return Submission
     * @throws HttpNotFoundException
     * @throws HttpAccessDeniedException
     */
    public static function checkSubmissionAccess(?Submission $submission, bool $edit = false): Submission
    {
        $message = I18N::translate('This record does not exist or you do not have permission to view it.');

        if ($submission === null) {
            throw new HttpNotFoundException($message);
        }

        if ($edit && $submission->canEdit()) {
            $submission->lock();

            return $submission;
        }

        if ($submission->canShow()) {
            return $submission;
        }

        throw new HttpAccessDeniedException($message);
    }

    /**
     * @param Tree          $tree
     * @param UserInterface $user
     *
     * @return bool
     */
    public static function canUploadMedia(Tree $tree, UserInterface $user): bool
    {
        return
            self::isEditor($tree, $user) &&
            self::accessLevel($tree, $user) <= (int) $tree->getPreference('MEDIA_UPLOAD');
    }

    /**
     * @return array<int,string>
     */
    public static function accessLevelNames(): array
    {
        return [
            self::PRIV_PRIVATE => I18N::translate('Show to visitors'),
            self::PRIV_USER    => I18N::translate('Show to members'),
            self::PRIV_NONE    => I18N::translate('Show to managers'),
            self::PRIV_HIDE    => I18N::translate('Hide from everyone'),
        ];
    }

    /**
     * @return array<string,string>
     */
    public static function privacyRuleNames(): array
    {
        return [
            'none'         => I18N::translate('Show to visitors'),
            'privacy'      => I18N::translate('Show to members'),
            'confidential' => I18N::translate('Show to managers'),
            'hidden'       => I18N::translate('Hide from everyone'),
        ];
    }
}


1			<?php
2
3			/**
4			* webtrees: online genealogy
5			* Copyright (C) 2025 webtrees development team
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			* You should have received a copy of the GNU General Public License
15			* along with this program. If not, see <https://www.gnu.org/licenses/>.
16			*/
17
18			declare(strict_types=1);
19
20			namespace Fisharebest\Webtrees;
21
22			use Fisharebest\Webtrees\Contracts\UserInterface;
23			use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
24			use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
25			use Fisharebest\Webtrees\Module\ModuleInterface;
26			use Fisharebest\Webtrees\Services\UserService;
27
28			use function assert;
29			use function is_int;
30
31			/**
32			* Authentication.
33			*/
34			class Auth
35			{
36			// Privacy constants
37			public const PRIV_PRIVATE = 2; // Allows visitors to view the item
38			public const PRIV_USER = 1; // Allows members to access the item
39			public const PRIV_NONE = 0; // Allows managers to access the item
40			public const PRIV_HIDE = -1; // Hide the item to all users
41
42			/**
43			* Are we currently logged in?
44			*
45			* @return bool
46			*/
47			public static function check(): bool
48			{
49			return self::id() !== null;
50			}
51
52			/**
53			* Is the specified/current user an administrator?
54			*
55			* @param UserInterface\|null $user
56			*
57			* @return bool
58			*/
59			public static function isAdmin(?UserInterface $user = null): bool
60			{
61			$user ??= self::user();
62
63			return $user->getPreference(UserInterface::PREF_IS_ADMINISTRATOR) === '1';
64			}
65
66			/**
67			* Is the specified/current user a manager of a tree?
68			*
69			* @param Tree $tree
70			* @param UserInterface\|null $user
71			*
72			* @return bool
73			*/
74			public static function isManager(Tree $tree, ?UserInterface $user = null): bool
75			{
76			$user ??= self::user();
77
78			return self::isAdmin($user) \|\| $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MANAGER;
79			}
80
81			/**
82			* Is the specified/current user a moderator of a tree?
83			*
84			* @param Tree $tree
85			* @param UserInterface\|null $user
86			*
87			* @return bool
88			*/
89			public static function isModerator(Tree $tree, ?UserInterface $user = null): bool
90			{
91			$user ??= self::user();
92
93			return
94			self::isManager($tree, $user) \|\|
95			$tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MODERATOR;
96			}
97
98			/**
99			* Is the specified/current user an editor of a tree?
100			*
101			* @param Tree $tree
102			* @param UserInterface\|null $user
103			*
104			* @return bool
105			*/
106			public static function isEditor(Tree $tree, ?UserInterface $user = null): bool
107			{
108			$user ??= self::user();
109
110			return
111			self::isModerator($tree, $user) \|\|
112			$tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_EDITOR;
113			}
114
115			/**
116			* Is the specified/current user a member of a tree?
117			*
118			* @param Tree $tree
119			* @param UserInterface\|null $user
120			*
121			* @return bool
122			*/
123			public static function isMember(Tree $tree, ?UserInterface $user = null): bool
124			{
125			$user ??= self::user();
126
127			return
128			self::isEditor($tree, $user) \|\|
129			$tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MEMBER;
130			}
131
132			/**
133			* What is the specified/current user's access level within a tree?
134			*
135			* @param Tree $tree
136			* @param UserInterface\|null $user
137			*
138			* @return int
139			*/
140			public static function accessLevel(Tree $tree, ?UserInterface $user = null): int
141			{
142			$user ??= self::user();
143
144			if (self::isManager($tree, $user)) {
145			return self::PRIV_NONE;
146			}
147
148			if (self::isMember($tree, $user)) {
149			return self::PRIV_USER;
150			}
151
152			return self::PRIV_PRIVATE;
153			}
154
155			/**
156			* The ID of the authenticated user, from the current session.
157			*
158			* @return int\|null
159			*/
160			public static function id(): ?int
161			{
162			$wt_user = Session::get('wt_user');
163
164			return is_int($wt_user) ? $wt_user : null;
165			}
166
167			/**
168			* The authenticated user, from the current session.
169			*
170			* @return UserInterface
171			*/
172			public static function user(): UserInterface
173			{
174			$user_service = app(UserService::class);
175			assert($user_service instanceof UserService);
176
177			return $user_service->find(self::id()) ?? new GuestUser();
178			}
179
180			/**
181			* Login directly as an explicit user - for masquerading.
182			*
183			* @param UserInterface $user
184			*
185			* @return void
186			*/
187			public static function login(UserInterface $user): void
188			{
189			Session::regenerate();
190			Session::put('wt_user', $user->id());
191			}
192
193			/**
194			* End the session for the current user.
195			*
196			* @return void
197			*/
198			public static function logout(): void
199			{
200			Session::regenerate(true);
201			}
202
203			/**
204			* @template T of ModuleInterface
205			*
206			* @param ModuleInterface $module
207			* @param class-string<T> $interface
208			* @param Tree $tree
209			* @param UserInterface $user
210			*
211			* @return void
212			*/
213			public static function checkComponentAccess(ModuleInterface $module, string $interface, Tree $tree, UserInterface $user): void
214			{
215			if ($module->accessLevel($tree, $interface) < self::accessLevel($tree, $user)) {
216			throw new HttpAccessDeniedException();
217			}
218			}
219
220			/**
221			* @param Family\|null $family
222			* @param bool $edit
223			*
224			* @return Family
225			* @throws HttpNotFoundException
226			* @throws HttpAccessDeniedException
227			*/
228			public static function checkFamilyAccess(?Family $family, bool $edit = false): Family
229			{
230			$message = I18N::translate('This family does not exist or you do not have permission to view it.');
231
232			if ($family === null) {
233			throw new HttpNotFoundException($message);
234			}
235
236			if ($edit && $family->canEdit()) {
237			$family->lock();
238
239			return $family;
240			}
241
242			if ($family->canShow()) {
243			return $family;
244			}
245
246			throw new HttpAccessDeniedException($message);
247			}
248
249			/**
250			* @param Header\|null $header
251			* @param bool $edit
252			*
253			* @return Header
254			* @throws HttpNotFoundException
255			* @throws HttpAccessDeniedException
256			*/
257			public static function checkHeaderAccess(?Header $header, bool $edit = false): Header
258			{
259			$message = I18N::translate('This record does not exist or you do not have permission to view it.');
260
261			if ($header === null) {
262			throw new HttpNotFoundException($message);
263			}
264
265			if ($edit && $header->canEdit()) {
266			$header->lock();
267
268			return $header;
269			}
270
271			if ($header->canShow()) {
272			return $header;
273			}
274
275			throw new HttpAccessDeniedException($message);
276			}
277
278			/**
279			* @param Individual\|null $individual
280			* @param bool $edit
281			* @param bool $chart For some charts, we can show private records
282			*
283			* @return Individual
284			* @throws HttpNotFoundException
285			* @throws HttpAccessDeniedException
286			*/
287			public static function checkIndividualAccess(?Individual $individual, bool $edit = false, bool $chart = false): Individual
288			{
289			$message = I18N::translate('This individual does not exist or you do not have permission to view it.');
290
291			if ($individual === null) {
292			throw new HttpNotFoundException($message);
293			}
294
295			if ($edit && $individual->canEdit()) {
296			$individual->lock();
297
298			return $individual;
299			}
300
301			if ($chart && $individual->tree()->getPreference('SHOW_PRIVATE_RELATIONSHIPS') === '1') {
302			return $individual;
303			}
304
305			if ($individual->canShow()) {
306			return $individual;
307			}
308
309			throw new HttpAccessDeniedException($message);
310			}
311
312			/**
313			* @param Location\|null $location
314			* @param bool $edit
315			*
316			* @return Location
317			* @throws HttpNotFoundException
318			* @throws HttpAccessDeniedException
319			*/
320			public static function checkLocationAccess(?Location $location, bool $edit = false): Location
321			{
322			$message = I18N::translate('This record does not exist or you do not have permission to view it.');
323
324			if ($location === null) {
325			throw new HttpNotFoundException($message);
326			}
327
328			if ($edit && $location->canEdit()) {
329			$location->lock();
330
331			return $location;
332			}
333
334			if ($location->canShow()) {
335			return $location;
336			}
337
338			throw new HttpAccessDeniedException($message);
339			}
340
341			/**
342			* @param Media\|null $media
343			* @param bool $edit
344			*
345			* @return Media
346			* @throws HttpNotFoundException
347			* @throws HttpAccessDeniedException
348			*/
349			public static function checkMediaAccess(?Media $media, bool $edit = false): Media
350			{
351			$message = I18N::translate('This media object does not exist or you do not have permission to view it.');
352
353			if ($media === null) {
354			throw new HttpNotFoundException($message);
355			}
356
357			if ($edit && $media->canEdit()) {
358			$media->lock();
359
360			return $media;
361			}
362
363			if ($media->canShow()) {
364			return $media;
365			}
366
367			throw new HttpAccessDeniedException($message);
368			}
369
370			/**
371			* @param Note\|null $note
372			* @param bool $edit
373			*
374			* @return Note
375			* @throws HttpNotFoundException
376			* @throws HttpAccessDeniedException
377			*/
378			public static function checkNoteAccess(?Note $note, bool $edit = false): Note
379			{
380			$message = I18N::translate('This note does not exist or you do not have permission to view it.');
381
382			if ($note === null) {
383			throw new HttpNotFoundException($message);
384			}
385
386			if ($edit && $note->canEdit()) {
387			$note->lock();
388
389			return $note;
390			}
391
392			if ($note->canShow()) {
393			return $note;
394			}
395
396			throw new HttpAccessDeniedException($message);
397			}
398
399			/**
400			* @param SharedNote\|null $shared_note
401			* @param bool $edit
402			*
403			* @return SharedNote
404			* @throws HttpNotFoundException
405			* @throws HttpAccessDeniedException
406			*/
407			public static function checkSharedNoteAccess(?SharedNote $shared_note, bool $edit = false): SharedNote
408			{
409			$message = I18N::translate('This note does not exist or you do not have permission to view it.');
410
411			if ($shared_note === null) {
412			throw new HttpNotFoundException($message);
413			}
414
415			if ($edit && $shared_note->canEdit()) {
416			$shared_note->lock();
417
418			return $shared_note;
419			}
420
421			if ($shared_note->canShow()) {
422			return $shared_note;
423			}
424
425			throw new HttpAccessDeniedException($message);
426			}
427
428			/**
429			* @param GedcomRecord\|null $record
430			* @param bool $edit
431			*
432			* @return GedcomRecord
433			* @throws HttpNotFoundException
434			* @throws HttpAccessDeniedException
435			*/
436			public static function checkRecordAccess(?GedcomRecord $record, bool $edit = false): GedcomRecord
437			{
438			$message = I18N::translate('This record does not exist or you do not have permission to view it.');
439
440			if ($record === null) {
441			throw new HttpNotFoundException($message);
442			}
443
444			if ($edit && $record->canEdit()) {
445			$record->lock();
446
447			return $record;
448			}
449
450			if ($record->canShow()) {
451			return $record;
452			}
453
454			throw new HttpAccessDeniedException($message);
455			}
456
457			/**
458			* @param Repository\|null $repository
459			* @param bool $edit
460			*
461			* @return Repository
462			* @throws HttpNotFoundException
463			* @throws HttpAccessDeniedException
464			*/
465			public static function checkRepositoryAccess(?Repository $repository, bool $edit = false): Repository
466			{
467			$message = I18N::translate('This repository does not exist or you do not have permission to view it.');
468
469			if ($repository === null) {
470			throw new HttpNotFoundException($message);
471			}
472
473			if ($edit && $repository->canEdit()) {
474			$repository->lock();
475
476			return $repository;
477			}
478
479			if ($repository->canShow()) {
480			return $repository;
481			}
482
483			throw new HttpAccessDeniedException($message);
484			}
485
486			/**
487			* @param Source\|null $source
488			* @param bool $edit
489			*
490			* @return Source
491			* @throws HttpNotFoundException
492			* @throws HttpAccessDeniedException
493			*/
494			public static function checkSourceAccess(?Source $source, bool $edit = false): Source
495			{
496			$message = I18N::translate('This source does not exist or you do not have permission to view it.');
497
498			if ($source === null) {
499			throw new HttpNotFoundException($message);
500			}
501
502			if ($edit && $source->canEdit()) {
503			$source->lock();
504
505			return $source;
506			}
507
508			if ($source->canShow()) {
509			return $source;
510			}
511
512			throw new HttpAccessDeniedException($message);
513			}
514
515			/**
516			* @param Submitter\|null $submitter
517			* @param bool $edit
518			*
519			* @return Submitter
520			* @throws HttpNotFoundException
521			* @throws HttpAccessDeniedException
522			*/
523			public static function checkSubmitterAccess(?Submitter $submitter, bool $edit = false): Submitter
524			{
525			$message = I18N::translate('This record does not exist or you do not have permission to view it.');
526
527			if ($submitter === null) {
528			throw new HttpNotFoundException($message);
529			}
530
531			if ($edit && $submitter->canEdit()) {
532			$submitter->lock();
533
534			return $submitter;
535			}
536
537			if ($submitter->canShow()) {
538			return $submitter;
539			}
540
541			throw new HttpAccessDeniedException($message);
542			}
543
544			/**
545			* @param Submission\|null $submission
546			* @param bool $edit
547			*
548			* @return Submission
549			* @throws HttpNotFoundException
550			* @throws HttpAccessDeniedException
551			*/
552			public static function checkSubmissionAccess(?Submission $submission, bool $edit = false): Submission
553			{
554			$message = I18N::translate('This record does not exist or you do not have permission to view it.');
555
556			if ($submission === null) {
557			throw new HttpNotFoundException($message);
558			}
559
560			if ($edit && $submission->canEdit()) {
561			$submission->lock();
562
563			return $submission;
564			}
565
566			if ($submission->canShow()) {
567			return $submission;
568			}
569
570			throw new HttpAccessDeniedException($message);
571			}
572
573			/**
574			* @param Tree $tree
575			* @param UserInterface $user
576			*
577			* @return bool
578			*/
579			public static function canUploadMedia(Tree $tree, UserInterface $user): bool
580			{
581			return
582			self::isEditor($tree, $user) &&
583			self::accessLevel($tree, $user) <= (int) $tree->getPreference('MEDIA_UPLOAD');
584			}
585
586			/**
587			* @return array<int,string>
588			*/
589			public static function accessLevelNames(): array
590			{
591			return [
592			self::PRIV_PRIVATE => I18N::translate('Show to visitors'),
593			self::PRIV_USER => I18N::translate('Show to members'),
594			self::PRIV_NONE => I18N::translate('Show to managers'),
595			self::PRIV_HIDE => I18N::translate('Hide from everyone'),
596			];
597			}
598
599			/**
600			* @return array<string,string>
601			*/
602			public static function privacyRuleNames(): array
603			{
604			return [
605			'none' => I18N::translate('Show to visitors'),
606			'privacy' => I18N::translate('Show to members'),
607			'confidential' => I18N::translate('Show to managers'),
608			'hidden' => I18N::translate('Hide from everyone'),
609			];
610			}
611			}
612

fisharebest / webtrees

Auth F last analyzed 2025-11-11 11:08 UTC

Complexity

Size/Duplication

Importance

27 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like

Auth F
last analyzed 2025-11-11 11:08 UTC