AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add generic authorization class

Browse Source
This commit is contained in:
Frederic Guillot
2015-11-27 16:24:21 -05:00
parent 19706944dc
commit 91bdf6aaf3
6 changed files with 209 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app/Auth/Database.php
View File

@@ -1,49 +0,0 @@
<?php
namespace Kanboard\Auth;
use Kanboard\Core\Base;
use Kanboard\Model\User;
use Kanboard\Event\AuthEvent;
/**
* Database authentication
*
* @package auth
* @author Frederic Guillot
*/
class Database extends Base
{
/**
* Backend name
*
* @var string
*/
const AUTH_NAME = 'Database';
/**
* Authenticate a user
*
* @access public
* @param string $username Username
* @param string $password Password
* @return boolean
*/
public function authenticate($username, $password)
{
$user = $this->db
->table(User::TABLE)
->eq('username', $username)
->eq('disable_login_form', 0)
->eq('is_ldap_user', 0)
->findOne();
if (is_array($user) && password_verify($password, $user['password'])) {
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;
}
return false;
}
}

92
app/Core/Security/AccessMap.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
namespace Kanboard\Core\Security;
/**
* Access Map Definition
*
* @package security
* @author Frederic Guillot
*/
class AccessMap
{
/**
* Default role
*
* @access private
* @var string
*/
private $defaultRole = '';
/**
* Access map
*
* @access private
* @var array
*/
private $map = array();
/**
* Define the default role when nothing match
*
* @access public
* @param string $role
* @return Acl
*/
public function setDefaultRole($role)
{
$this->defaultRole = $role;
return $this;
}
/**
* Add new access rules
*
* @access public
* @param string $controller
* @param string $method
* @param array $roles
* @return Acl
*/
public function add($controller, $method, array $roles)
{
$controller = strtolower($controller);
$method = strtolower($method);
if (! isset($this->map[$controller])) {
$this->map[$controller] = array();
}
if (! isset($this->map[$controller][$method])) {
$this->map[$controller][$method] = array();
}
$this->map[$controller][$method] = $roles;
return $this;
}
/**
* Get roles that match the given controller/method
*
* @access public
* @param string $controller
* @param string $method
* @return boolean
*/
public function getRoles($controller, $method)
{
$controller = strtolower($controller);
$method = strtolower($method);
if (isset($this->map[$controller][$method])) {
return $this->map[$controller][$method];
}
if (isset($this->map[$controller]['*'])) {
return $this->map[$controller]['*'];
}
return array($this->defaultRole);
}
}

46
app/Core/Security/Authorization.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace Kanboard\Core\Security;
/**
* Authorization Handler
*
* @package security
* @author Frederic Guillot
*/
class Authorization
{
/**
* Access Map
*
* @access private
* @var AccessMap
*/
private $acl;
/**
* Constructor
*
* @access public
* @param AccessMap $acl
*/
public function __construct(AccessMap $acl)
{
$this->acl = $acl;
}
/**
* Check if the given role is allowed to access to the specified resource
*
* @access public
* @param string $controller
* @param string $method
* @param string $role
* @return boolean
*/
public function isAllowed($controller, $method, $role)
{
$roles = $this->acl->getRoles($controller, $method);
return in_array($role, $roles);
}
}

21
app/Core/Security/Role.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
namespace Kanboard\Core\Security;
/**
* Role Definitions
*
* @package security
* @author Frederic Guillot
*/
class Role
{
const APP_ADMIN = 'app-admin';
const APP_MANAGER = 'app-manager';
const APP_USER = 'app-user';
const APP_PUBLIC = 'app-public';
const PROJECT_MANAGER = 'project-manager';
const PROJECT_MEMBER = 'project-member';
const PROJECT_VIEWER = 'project-viewer';
}