95 lines
3.0 KiB
PHP
95 lines
3.0 KiB
PHP
<?php
|
|
|
|
/*
|
|
* AVSDev UF Organisations (https://avsdev.uk)
|
|
*
|
|
* @link https://git.avsdev.uk/avsdev/sprinkle-organisations
|
|
* @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
|
|
*/
|
|
|
|
namespace UserFrosting\Sprinkle\Organisations\Authorize;
|
|
|
|
use Illuminate\Support\Arr;
|
|
use Psr\Container\ContainerInterface;
|
|
use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface;
|
|
use UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager as UFAuthorizationManager;
|
|
|
|
/**
|
|
* AuthorizationManager class.
|
|
*
|
|
* Extends the authorization manager and allows for running an authorization callback without fetching it from the internal list.
|
|
*
|
|
* @author Craig Williams (https://avsdev.uk)
|
|
*/
|
|
class AuthorizationManager extends UFAuthorizationManager
|
|
{
|
|
/**
|
|
* Run a registered callback directly.
|
|
*
|
|
* @param string $name
|
|
* @param object $user
|
|
* @param ... $args
|
|
*/
|
|
public function runCallback($user, $name, ...$args)
|
|
{
|
|
$debug = $this->ci->config['debug.auth'];
|
|
$logger = $this->ci->authLogger;
|
|
|
|
if (is_null($user) || !($user instanceof UserInterface)) {
|
|
if ($debug) {
|
|
$this->ci->authLogger->debug('No user defined. Access denied.');
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
// The master (root) account has access to everything.
|
|
// Need to use loose comparison for now, because some DBs return `id` as a string.
|
|
if ($user->id == $this->ci->config['reserved_user_ids.master']) {
|
|
if ($debug) {
|
|
$this->ci->authLogger->debug('User is the master (root) user. Access granted.');
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
if ($debug) {
|
|
$trace = array_slice(debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 3), 1);
|
|
$this->ci->authLogger->debug('Authorization check requested at: ', $trace);
|
|
$this->ci->authLogger->debug("Checking authorization for user {$user->id} ('{$user->user_name}') against check '$name'...");
|
|
}
|
|
|
|
if (!array_key_exists($name, $this->callbacks) || !isset($this->callbacks[$name])) {
|
|
if ($debug) {
|
|
$this->ci->authLogger->debug('No matching callback found. Access denied.');
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
try {
|
|
if ($debug) {
|
|
$this->ci->authLogger->debug("Calling check '{$name}' with arguments:", $args);
|
|
}
|
|
|
|
$result = call_user_func_array($this->callbacks[$name], $args);
|
|
|
|
if ($result === true) {
|
|
if ($debug) {
|
|
$this->ci->authLogger->debug("User passed check '{$name}'. Access granted.");
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return $result;
|
|
} catch (Exception $e) {
|
|
if ($this->debug) {
|
|
$this->logger->debug("Error running check '$name':" . $e->getMessage() . ". Access denied.");
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
}
|