152 lines
4.0 KiB
PHP
152 lines
4.0 KiB
PHP
<?php
|
|
/**************************
|
|
* API AuthSystem *
|
|
* 08-12-2016 *
|
|
***************************
|
|
* Designed & Developed by *
|
|
* xdrm-brackets *
|
|
***************************
|
|
* https://xdrm.io/ *
|
|
**************************/
|
|
|
|
namespace api\core;
|
|
|
|
use \error\core\Err;
|
|
use \error\core\Error;
|
|
use \database\core\Repo;
|
|
use \database\repo\professor;
|
|
|
|
class AuthSystemDefault implements AuthSystem{
|
|
|
|
|
|
public function __construct(){
|
|
|
|
/* (1) Init session variables
|
|
---------------------------------------------------------*/
|
|
if( !isset($_SESSION['CAS']) || !is_array($_SESSION['CAS']) ) $_SESSION['CAS'] = [];
|
|
if( !isset($_SESSION['AUTH']) || !is_array($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
|
|
|
|
|
|
/* (2) Check CAS
|
|
---------------------------------------------------------*/
|
|
if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
|
|
|
|
/* (1) If the user is not logged we try to retrive the list of the linked department*/
|
|
/** @var professor $prof_repo */
|
|
$prof_repo = Repo::getRepo('professor');
|
|
|
|
/* (2) Get professor with this login */
|
|
$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
|
|
if(is_array($deps)){
|
|
$_SESSION["AvailableDepartment"] = $deps;
|
|
$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
|
|
$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
|
|
|
|
Repo::switchDatabase($_SESSION['CurrentDatabase']);
|
|
|
|
$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
|
|
|
|
/* (3) If found -> store useful information */
|
|
if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
|
|
|
|
//security
|
|
session_regenerate_id();
|
|
|
|
$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
|
|
$_SESSION['CAS']['id'] = (int) $by_login['idProfesseur'];
|
|
$_SESSION["isLogged"] = true;
|
|
|
|
/* (4) If no login found -> remove CAS auth */
|
|
}else
|
|
$_SESSION['CAS'] = [];
|
|
}else{
|
|
$_SESSION['CAS'] = [];
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
/* (3) Process AUTH
|
|
---------------------------------------------------------*/
|
|
/* (1) cas_admin | cas_user */
|
|
if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
|
|
|
|
// by default: cas_user
|
|
$_SESSION['AUTH'] = ['cas_user'];
|
|
|
|
// if admin: cas_admin
|
|
if( $_SESSION['CAS']['admin'] === true )
|
|
$_SESSION['AUTH'][] = 'cas_admin';
|
|
|
|
/* (2) Remove cas in AUTH */
|
|
}else{
|
|
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_user']);
|
|
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
|
|
}
|
|
|
|
/* (2) Other permissions */
|
|
// TODO
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
|
*
|
|
* @param array $expected Liste des permissions attendues
|
|
*
|
|
* @return Error Erreur associée à la permission (Success/PermissionError/TokenError/etc)
|
|
*
|
|
*/
|
|
public static function permission(array $expected) : Error{
|
|
|
|
/* (1) Check format -> if not array of array(s) -> ERROR
|
|
---------------------------------------------------------*/
|
|
|
|
/* (1) If not array of array(s) -> ERROR */
|
|
foreach($expected as $permission_group)
|
|
if( !is_array($permission_group) )
|
|
return new Error(Err::FormatError);
|
|
|
|
|
|
/* (2) For each OR group
|
|
---------------------------------------------------------*/
|
|
foreach($expected as $OR_group){
|
|
|
|
/* (1) By default suppose the group is valid */
|
|
// -> an empty group will grant permission to all
|
|
$valid_group = true;
|
|
|
|
/* (2) Check for each AND permission in the group */
|
|
foreach($OR_group as $AND_perm){
|
|
|
|
/* (3) If not in session.auth -> invalidate the permission group */
|
|
if( !in_array($AND_perm, $_SESSION['AUTH']) ){
|
|
|
|
$valid_group = false;
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* (4) If valid group -> Success */
|
|
if( $valid_group )
|
|
return new Error(Err::Success);
|
|
|
|
|
|
}
|
|
|
|
|
|
/* (5) If no valid group -> permission error */
|
|
return new Error(Err::PermissionError);
|
|
|
|
}
|
|
}
|
|
|
|
?>
|