ptut-vhost/build/api/core/AuthSystemDefault.php

<?php
	/**************************
	*      API AuthSystem     *
	*        08-12-2016       *
	***************************
	* Designed & Developed by *
	*      xdrm-brackets      *
	***************************
	*    https://xdrm.io/     *
	**************************/

	namespace api\core;

	use \error\core\Err;
	use \error\core\Error;
	use \database\core\Repo;
	use \database\repo\professor;

	class AuthSystemDefault implements AuthSystem{


		public function __construct(){

			/* (1) Init session variables
			---------------------------------------------------------*/
			if( !isset($_SESSION['CAS'])  || !is_array($_SESSION['CAS'])  ) $_SESSION['CAS']  = [];
			if( !isset($_SESSION['AUTH']) || !is_array($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];


			/* (2) Check CAS
			---------------------------------------------------------*/
			if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){

				/* (1) If the user is not logged we try to retrive the list of the linked department*/
				/** @var professor $prof_repo */
				$prof_repo = Repo::getRepo('professor');

				/* (2) Get professor with this login */
				$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
				if(is_array($deps)){
					$_SESSION["AvailableDepartment"] = $deps;
					$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
					$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];

					Repo::switchDatabase($_SESSION['CurrentDatabase']);

					$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);

					/* (3) If found -> store useful information */
					if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){

						//security
						session_regenerate_id();

						$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
						$_SESSION['CAS']['id']    = (int)  $by_login['idProfesseur'];
						$_SESSION["isLogged"] 	  = true;

						/* (4) If no login found -> remove CAS auth */
					}else
						$_SESSION['CAS'] = [];
				}else{
					$_SESSION['CAS'] = [];
				}


			}


			/* (3) Process AUTH
			---------------------------------------------------------*/
			/* (1) cas_admin | cas_user */
			if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){

				// by default: cas_user
				$_SESSION['AUTH'] = ['cas_user'];

				// if admin: cas_admin
				if( $_SESSION['CAS']['admin'] === true )
					$_SESSION['AUTH'][] = 'cas_admin';

			/* (2) Remove cas in AUTH */
			}else{
				$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_user']);
				$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
			}

			/* (2) Other permissions */
			// TODO
		}


		/** VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
		 *
		 * @param array 	$expected 	Liste des permissions attendues
		 *
		 * @return Error 				Erreur associée à la permission (Success/PermissionError/TokenError/etc)
		 *
		 */
		public static function permission(array $expected) : Error{

			/* (1) Check format -> if not array of array(s) -> ERROR
			---------------------------------------------------------*/

			/* (1) If not array of array(s) -> ERROR */
			foreach($expected as $permission_group)
				if( !is_array($permission_group) )
					return new Error(Err::FormatError);


			/* (2) For each OR group
			---------------------------------------------------------*/
			foreach($expected as $OR_group){

				/* (1) By default suppose the group is valid */
				// -> an empty group will grant permission to all
				$valid_group = true;

				/* (2) Check for each AND permission in the group */
				foreach($OR_group as $AND_perm){

					/* (3) If not in session.auth -> invalidate the permission group */
					if( !in_array($AND_perm, $_SESSION['AUTH']) ){

						$valid_group = false;
						break;

					}

				}

				/* (4) If valid group -> Success */
				if( $valid_group )
					return new Error(Err::Success);


			}


			/* (5) If no valid group -> permission error */
			return new Error(Err::PermissionError);

		}
	}

?>
+add default api.core.authsystemdefault 2018-02-17 17:27:46 +00:00			`<?php`
			`/**************************`
			`* API AuthSystem *`
			`* 08-12-2016 *`
			`***************************`
			`* Designed & Developed by *`
			`* xdrm-brackets *`
			`***************************`
			`* https://xdrm.io/ *`
			`**************************/`

			`namespace api\core;`

			`use \error\core\Err;`
			`use \error\core\Error;`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00			`use \database\core\Repo;`
			`use \database\repo\professor;`
+add default api.core.authsystemdefault 2018-02-17 17:27:46 +00:00
			`class AuthSystemDefault implements AuthSystem{`

[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
			`public function __construct(){`

			`/* (1) Init session variables`
			`---------------------------------------------------------*/`
			`if( !isset($_SESSION['CAS']) \|\| !is_array($_SESSION['CAS']) ) $_SESSION['CAS'] = [];`
			`if( !isset($_SESSION['AUTH']) \|\| !is_array($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];`


			`/* (2) Check CAS`
			`---------------------------------------------------------*/`
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`if( (!isset($_SESSION["isLogged"]) \|\| !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`/* (1) If the user is not logged we try to retrive the list of the linked department*/`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00			`/** @var professor $prof_repo */`
			`$prof_repo = Repo::getRepo('professor');`

			`/* (2) Get professor with this login */`
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);`
			`if(is_array($deps)){`
Implemented department database switch 2018-03-15 11:02:28 +00:00			`$_SESSION["AvailableDepartment"] = $deps;`
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];`
			`$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`Repo::switchDatabase($_SESSION['CurrentDatabase']);`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`/* (3) If found -> store useful information */`
			`if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){`

Implemented department database switch 2018-03-15 11:02:28 +00:00			`//security`
			`session_regenerate_id();`

implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];`
			`$_SESSION['CAS']['id'] = (int) $by_login['idProfesseur'];`
			`$_SESSION["isLogged"] = true;`

			`/* (4) If no login found -> remove CAS auth */`
			`}else`
			`$_SESSION['CAS'] = [];`
			`}else{`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00			`$_SESSION['CAS'] = [];`
implemented multi-bdd login 2018-03-13 23:12:18 +00:00			`}`

[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
			`}`


			`/* (3) Process AUTH`
			`---------------------------------------------------------*/`
			`/* (1) cas_admin \| cas_user */`
			`if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){`

			`// by default: cas_user`
			`$_SESSION['AUTH'] = ['cas_user'];`

			`// if admin: cas_admin`
			`if( $_SESSION['CAS']['admin'] === true )`
[api.core.auth-system-default] fix 'cas_admin' that was in the wrong format 2018-03-03 14:00:32 +00:00			`$_SESSION['AUTH'][] = 'cas_admin';`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
[webpack.logout] now logout works 2018-03-06 18:39:34 +00:00			`/* (2) Remove cas in AUTH */`
			`}else{`
			`$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_user']);`
			`$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00			`}`

			`/* (2) Other permissions */`
			`// TODO`
			`}`







Fix PhpDoc + fix PhpStan errors 2018-03-11 15:14:12 +00:00			`/** VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES`
			`*`
			`* @param array $expected Liste des permissions attendues`
			`*`
			`* @return Error Erreur associée à la permission (Success/PermissionError/TokenError/etc)`
			`*`
			`*/`
			`public static function permission(array $expected) : Error{`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00
			`/* (1) Check format -> if not array of array(s) -> ERROR`
			`---------------------------------------------------------*/`

Fix PhpDoc + fix PhpStan errors 2018-03-11 15:14:12 +00:00			`/* (1) If not array of array(s) -> ERROR */`
[module.cas] Now returns login if already validated by [api.core.auth-system-default] [api.core.auth-system-default] implemented permission management with : 'cas_user', 'cas_admin' (cas_user is always here, cas_admin is added only if admin) 2018-03-03 13:57:43 +00:00			`foreach($expected as $permission_group)`
			`if( !is_array($permission_group) )`
			`return new Error(Err::FormatError);`


			`/* (2) For each OR group`
			`---------------------------------------------------------*/`
			`foreach($expected as $OR_group){`

			`/* (1) By default suppose the group is valid */`
			`// -> an empty group will grant permission to all`
			`$valid_group = true;`

			`/* (2) Check for each AND permission in the group */`
			`foreach($OR_group as $AND_perm){`

			`/* (3) If not in session.auth -> invalidate the permission group */`
			`if( !in_array($AND_perm, $_SESSION['AUTH']) ){`

			`$valid_group = false;`
			`break;`

			`}`

			`}`

			`/* (4) If valid group -> Success */`
			`if( $valid_group )`
			`return new Error(Err::Success);`


			`}`


			`/* (5) If no valid group -> permission error */`
			`return new Error(Err::PermissionError);`

+add default api.core.authsystemdefault 2018-02-17 17:27:46 +00:00			`}`
			`}`

			`?>`