Completed
Push — master ( 0ea243...da58d4 )
by Henry
10:25 queued 33s
created

includes/Auth.php (2 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
namespace Redaxscript;
3
4
use function array_key_exists;
5
use function array_merge;
6
use function in_array;
7
use function is_array;
8
use function json_decode;
9
10
/**
11
 * parent class to authenticate the user
12
 *
13
 * @since 3.0.0
14
 *
15
 * @package Redaxscript
16
 * @category Auth
17
 * @author Henry Ruhs
18
 *
19
 * @method bool getPermissionNew(string $type)
20
 * @method bool getPermissionInstall(string $type)
21
 * @method bool getPermissionEdit(string $type)
22
 * @method bool getPermissionDelete(string $type)
23
 * @method bool getPermissionUninstall(string $type)
24
 * @method bool getFilter()
25
 */
26
27
class Auth
28
{
29
	/**
30
	 * instance of the request class
31
	 *
32
	 * @var Request
33
	 */
34
35
	protected $_request;
36
37
	/**
38
	 * array of the user
39
	 *
40
	 * @var array
41
	 */
42
43
	protected $_userArray = [];
44
45
	/**
46
	 * array of the permission
47
	 *
48
	 * @var array
49
	 */
50
51
	protected $_permissionArray = [];
52
53
	/**
54
	 * array of the type
55
	 *
56
	 * @var array
57
	 */
58
59
	protected $_typeArray =
60
	[
61
		'categories',
62
		'articles',
63
		'extras',
64
		'comments',
65
		'groups',
66
		'users',
67
		'modules',
68
		'settings',
69
		'filter'
70
	];
71
72
	/**
73
	 * array of the call
74
	 *
75
	 * @var array
76
	 */
77
78
	protected $_callArray =
79
	[
80
		'categories' =>
81
		[
82
			'getPermissionNew' => 1,
83
			'getPermissionEdit' => 2,
84
			'getPermissionDelete' => 3
85
		],
86
		'articles' =>
87
		[
88
			'getPermissionNew' => 1,
89
			'getPermissionEdit' => 2,
90
			'getPermissionDelete' => 3
91
		],
92
		'extras' =>
93
		[
94
			'getPermissionNew' => 1,
95
			'getPermissionEdit' => 2,
96
			'getPermissionDelete' => 3
97
		],
98
		'comments' =>
99
		[
100
			'getPermissionNew' => 1,
101
			'getPermissionEdit' => 2,
102
			'getPermissionDelete' => 3
103
		],
104
		'groups' =>
105
		[
106
			'getPermissionNew' => 1,
107
			'getPermissionEdit' => 2,
108
			'getPermissionDelete' => 3
109
		],
110
		'users' =>
111
		[
112
			'getPermissionNew' => 1,
113
			'getPermissionEdit' => 2,
114
			'getPermissionDelete' => 3
115
		],
116
		'modules' =>
117
		[
118
			'getPermissionInstall' => 1,
119
			'getPermissionEdit' => 2,
120
			'getPermissionUninstall' => 3
121
		],
122
		'settings' =>
123
		[
124
			'getPermissionEdit' => 1
125
		],
126
		'filter' =>
127
		[
128
			'getFilter' => 0
129
		]
130
	];
131
132
	/**
133
	 * constructor of the class
134
	 *
135
	 * @since 3.0.0
136
	 *
137
	 * @param Request $request instance of the request class
138
	 */
139
140 27
	public function __construct(Request $request)
141
	{
142 27
		$this->_request = $request;
143 27
	}
144
145
	/**
146
	 * call method as needed
147
	 *
148
	 * @since 3.0.0
149
	 *
150
	 * @param string $method name of the method
151
	 * @param array $argumentArray arguments of the method
152
	 *
153
	 * @return bool
154
	 */
155
156 24
	public function __call(string $method = null, array $argumentArray = []) : bool
157
	{
158 24
		$type = $argumentArray[0];
159 24
		if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type]))
160
		{
161 20
			$permissionArray = $this->getPermission($type);
162 20
			return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray);
163
		}
164 24
		if ($method === 'getFilter')
165
		{
166 4
			$permissionArray = $this->getPermission('filter');
167 4
			return !is_array($permissionArray) || !in_array($this->_callArray['filter'][$method], $permissionArray);
168
		}
169 20
		return false;
170
	}
171
172
	/**
173
	 * init the class
174
	 *
175
	 * @since 3.0.0
176
	 */
177
178 1
	public function init() : void
179
	{
180 1
		$authArray = $this->_getAuth();
181 1
		if (is_array($authArray) && array_key_exists('user', $authArray))
182
		{
183 1
			$this->_userArray = $authArray['user'];
184
		}
185 1
		if (is_array($authArray) && array_key_exists('permission', $authArray))
186
		{
187 1
			$this->_permissionArray = $authArray['permission'];
188
		}
189 1
	}
190
191
	/**
192
	 * login the user
193
	 *
194
	 * @since 3.0.0
195
	 *
196
	 * @param int $userId identifier of the user
197
	 *
198
	 * @return int
199
	 */
200
201 26
	public function login(int $userId = null) : int
202
	{
203 26
		$userModel = new Model\User();
204 26
		$user = $userModel->getById($userId);
205
206
		/* handle user */
207
208 26
		if ($user->user && $user->password && $user->status)
209
		{
210 26
			$groupArray = (array)json_decode($user->groups);
211 26
			if ($groupArray)
212
			{
213 20
				$groups = Db::forTablePrefix('groups')
214 20
					->whereIdIn($groupArray)
215 20
					->where('status', 1)
216 20
					->select($this->_typeArray)
217 20
					->findArray();
218
219
				/* set the filter */
220
221 20
				$this->setPermission('filter',
222
				[
223 20
					1
224
				]);
225
226
				/* process groups */
227
228 20
				foreach ($groups as $value)
229
				{
230 14
					foreach ($value as $keySub => $valueSub)
231
					{
232 14
						$valueArray = (array)json_decode($valueSub);
233 14
						$this->setPermission($keySub, $valueArray);
234
					}
235
				}
236
			}
237
238
			/* set the user */
239
240 26
			$this->setUser('id', $user->id);
241 26
			$this->setUser('name', $user->name);
242 26
			$this->setUser('user', $user->user);
243 26
			$this->setUser('email', $user->email);
244 26
			$this->setUser('language', $user->language);
245 26
			$this->setUser('groups', $user->groups);
246
247
			/* save user and permission */
248
249 26
			$this->save();
250
		}
251 26
		return $this->getStatus();
252
	}
253
254
	/**
255
	 * logout the user
256
	 *
257
	 * @since 3.0.0
258
	 *
259
	 * @return bool
260
	 */
261
262 1
	public function logout() : bool
263
	{
264 1
		if ($this->getStatus())
265
		{
266 1
			$this->_setAuth();
267 1
			$this->_request->setSession('language', null);
268 1
			return !$this->getStatus();
269
		}
270 1
		return false;
271
	}
272
273
	/**
274
	 * get the user
275
	 *
276
	 * @since 3.0.0
277
	 *
278
	 * @param string $key key of the user
279
	 *
280
	 * @return string|array|null
281
	 */
282
283 27
	public function getUser(string $key = null)
284
	{
285 27
		if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray))
286
		{
287 1
			return $this->_userArray[$key];
288
		}
289 26
		if (!$key)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $key of type null|string is loosely compared to false; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For string values, the empty string '' is a special case, in particular the following results might be unexpected:

''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
Loading history...
290
		{
291 26
			return $this->_userArray;
292
		}
293 1
		return null;
294
	}
295
296
	/**
297
	 * set the user
298
	 *
299
	 * @since 3.0.0
300
	 *
301
	 * @param string $key key of the user
302
	 * @param string|array|null $value value of the user
303
	 */
304
305 26
	public function setUser(string $key = null, $value = null) : void
306
	{
307 26
		$this->_userArray[$key] = $value;
308 26
	}
309
310
	/**
311
	 * get the permission
312
	 *
313
	 * @since 3.0.0
314
	 *
315
	 * @param string $key key of the permission
316
	 *
317
	 * @return string|array|null
318
	 */
319
320 27
	public function getPermission(string $key = null)
321
	{
322 27
		if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray))
323
		{
324 14
			return $this->_permissionArray[$key];
325
		}
326 26
		if (!$key)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $key of type null|string is loosely compared to false; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For string values, the empty string '' is a special case, in particular the following results might be unexpected:

''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
Loading history...
327
		{
328 26
			return $this->_permissionArray;
329
		}
330 11
		return null;
331
	}
332
333
	/**
334
	 * set the permission
335
	 *
336
	 * @since 3.0.0
337
	 *
338
	 * @param string $key key of the permission
339
	 * @param array $permissionArray array of the permission
340
	 */
341
342 20
	public function setPermission(string $key = null, array $permissionArray = []) : void
343
	{
344 20
		if (is_array($this->_permissionArray[$key]))
345
		{
346 14
			$permissionArray = array_merge($this->_permissionArray[$key], $permissionArray);
347
		}
348 20
		$this->_permissionArray[$key] = $permissionArray;
349 20
	}
350
351
	/**
352
	 * get the auth status
353
	 *
354
	 * @since 3.0.0
355
	 *
356
	 * @return int
357
	 */
358
359 26
	public function getStatus() : int
360
	{
361 26
		$authArray = $this->_getAuth();
362 26
		return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0;
363
	}
364
365
	/**
366
	 * save user and permission
367
	 *
368
	 * @since 3.0.0
369
	 */
370
371 26
	public function save() : void
372
	{
373 26
		$userArray = $this->getUser();
374 26
		$permissionArray = $this->getPermission();
375
376
		/* set the session */
377
378 26
		if ($userArray && $permissionArray)
379
		{
380 20
			$this->_setAuth(
381
			[
382 20
				'user' => $userArray,
383 20
				'permission' => $permissionArray
384
			]);
385 20
			$this->_request->setSession('language', $userArray['language']);
386
		}
387 26
	}
388
389
	/**
390
	 * get the auth from session
391
	 *
392
	 * @since 3.0.0
393
	 *
394
	 * @return array|null
395
	 */
396
397 27
	protected function _getAuth() : ?array
398
	{
399 27
		$root = new Server\Root($this->_request);
400 27
		return $this->_request->getSession($root->getOutput() . '/auth');
401
	}
402
403
	/**
404
	 * set the auth to session
405
	 *
406
	 * @since 3.0.0
407
	 *
408
	 * @param array $authArray
409
	 */
410
411 20
	protected function _setAuth(array $authArray = []) : void
412
	{
413 20
		$root = new Server\Root($this->_request);
414 20
		$this->_request->setSession($root->getOutput() . '/auth', $authArray);
415 20
	}
416
}
417