ptut-vhost/build/api/core/AuthSystemDefault.php

115 lines
3.2 KiB
PHP

<?php
/**************************
* API AuthSystem *
* 08-12-2016 *
***************************
* Designed & Developed by *
* xdrm-brackets *
***************************
* https://xdrm.io/ *
**************************/
namespace api\core;
use \error\core\Err;
use \error\core\Error;
use \database\core\Repo;
use \database\repo\professor;
class AuthSystemDefault implements AuthSystem{
public function __construct(){
/* (1) Init session variables
---------------------------------------------------------*/
if( !isset($_SESSION['CAS']) || !is_array($_SESSION['CAS']) ) $_SESSION['CAS'] = [];
if( !isset($_SESSION['AUTH']) || !is_array($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
if( !isset($_SESSION['AvailableDepartments']) || !is_array($_SESSION['AvailableDepartments']) ) $_SESSION['AvailableDepartments'] = [];
if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null;
if( !isset($_SESSION['CurrentDepartmentId']) || !is_array($_SESSION['CurrentDepartmentId']) ) $_SESSION['CurrentDepartmentId'] = null;
/* (2) Process AUTH
---------------------------------------------------------*/
/* (1) cas_admin | cas_user */
if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
// by default: cas_user
$_SESSION['AUTH'] = ['cas_user'];
// if admin: cas_admin
if( $_SESSION['CAS']['admin'] === true )
$_SESSION['AUTH'][] = 'cas_admin';
/* (2) Remove cas in AUTH */
}else{
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_user']);
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
}
/* (3) Other permissions */
// TODO
}
/** VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
*
* @param array $expected Liste des permissions attendues
*
* @return Error Erreur associée à la permission (Success/PermissionError/TokenError/etc)
*
*/
public static function permission(array $expected) : Error{
/* (1) Check format -> if not array of array(s) -> ERROR
---------------------------------------------------------*/
/* (1) If not array of array(s) -> ERROR */
foreach($expected as $permission_group)
if( !is_array($permission_group) )
return new Error(Err::FormatError);
/* (2) For each OR group
---------------------------------------------------------*/
foreach($expected as $OR_group){
/* (1) By default suppose the group is valid */
// -> an empty group will grant permission to all
$valid_group = true;
/* (2) Check for each AND permission in the group */
foreach($OR_group as $AND_perm){
/* (3) If not in session.auth -> invalidate the permission group */
if( !in_array($AND_perm, $_SESSION['AUTH']) ){
$valid_group = false;
break;
}
}
/* (4) If valid group -> Success */
if( $valid_group )
return new Error(Err::Success);
}
/* (5) If no valid group -> permission error */
return new Error(Err::PermissionError);
}
}
?>