Code refactoring (add autoloader and change files organization)

author: Frédéric Guillot <fred@kanboard.net> 2014-05-22 12:28:28 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-22 12:28:28 -0400
commit: 2230dd4e6b148346c0ec596b9e3e12996a762ed8 (patch)
tree: ef99ccde4f8b18592a3fb06a6ec45162c501fe38 /app/Model/Acl.php
parent: a750b8ab2a0cb715da6fd9025a7ec8375db68a4d (diff)
1 files changed, 159 insertions, 0 deletions
diff --git a/app/Model/Acl.php b/app/Model/Acl.php
new file mode 100644
index 00000000..ad2118f4
--- /dev/null
+++ b/app/Model/Acl.php
@@ -0,0 +1,159 @@
+<?php
+
+namespace Model;
+
+/**
+ * Acl model
+ *
+ * @package  model
+ * @author   Frederic Guillot
+ */
+class Acl extends Base
+{
+    /**
+     * Controllers and actions allowed from outside
+     *
+     * @access private
+     * @var array
+     */
+    private $public_actions = array(
+        'user' => array('login', 'check', 'google'),
+        'task' => array('add'),
+        'board' => array('readonly'),
+    );
+
+    /**
+     * Controllers and actions allowed for regular users
+     *
+     * @access private
+     * @var array
+     */
+    private $user_actions = array(
+        'app' => array('index'),
+        'board' => array('index', 'show', 'assign', 'assigntask', 'save', 'check'),
+        'project' => array('tasks', 'index', 'forbidden', 'search'),
+        'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen', 'description', 'duplicate', 'remove', 'confirmremove'),
+        'comment' => array('save', 'confirm', 'remove', 'update', 'edit'),
+        'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index', 'unlinkgoogle'),
+        'config' => array('index', 'removeremembermetoken'),
+    );
+
+    /**
+     * Return true if the specified controller/action is allowed according to the given acl
+     *
+     * @access public
+     * @param  array    $acl          Acl list
+     * @param  string   $controller   Controller name
+     * @param  string   $action       Action name
+     * @return bool
+     */
+    public function isAllowedAction(array $acl, $controller, $action)
+    {
+        if (isset($acl[$controller])) {
+            return in_array($action, $acl[$controller]);
+        }
+
+        return false;
+    }
+
+    /**
+     * Return true if the given action is public
+     *
+     * @access public
+     * @param  string   $controller   Controller name
+     * @param  string   $action       Action name
+     * @return bool
+     */
+    public function isPublicAction($controller, $action)
+    {
+        return $this->isAllowedAction($this->public_actions, $controller, $action);
+    }
+
+    /**
+     * Return true if the given action is allowed for a regular user
+     *
+     * @access public
+     * @param  string   $controller   Controller name
+     * @param  string   $action       Action name
+     * @return bool
+     */
+    public function isUserAction($controller, $action)
+    {
+        return $this->isAllowedAction($this->user_actions, $controller, $action);
+    }
+
+    /**
+     * Return true if the logged user is admin
+     *
+     * @access public
+     * @return bool
+     */
+    public function isAdminUser()
+    {
+        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === true;
+    }
+
+    /**
+     * Return true if the logged user is not admin
+     *
+     * @access public
+     * @return bool
+     */
+    public function isRegularUser()
+    {
+        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === false;
+    }
+
+    /**
+     * Get the connected user id
+     *
+     * @access public
+     * @return integer
+     */
+    public function getUserId()
+    {
+        return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
+    }
+
+    /**
+     * Check is the user is connected
+     *
+     * @access public
+     * @return bool
+     */
+    public function isLogged()
+    {
+        return ! empty($_SESSION['user']);
+    }
+
+    /**
+     * Check is the user was authenticated with the RememberMe or set the value
+     *
+     * @access public
+     * @param  bool   $value   Set true if the user use the RememberMe
+     * @return bool
+     */
+    public function isRememberMe($value = null)
+    {
+        if ($value !== null) {
+            $_SESSION['is_remember_me'] = $value;
+        }
+
+        return empty($_SESSION['is_remember_me']) ? false : $_SESSION['is_remember_me'];
+    }
+
+    /**
+     * Check if an action is allowed for the logged user
+     *
+     * @access public
+     * @param  string   $controller   Controller name
+     * @param  string   $action       Action name
+     * @return bool
+     */
+    public function isPageAccessAllowed($controller, $action)
+    {
+        return $this->isPublicAction($controller, $action) ||
+               $this->isAdminUser() ||
+               ($this->isRegularUser() && $this->isUserAction($controller, $action));
+    }
+}
author	Frédéric Guillot <fred@kanboard.net>	2014-05-22 12:28:28 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-22 12:28:28 -0400
commit	2230dd4e6b148346c0ec596b9e3e12996a762ed8 (patch)
tree	ef99ccde4f8b18592a3fb06a6ec45162c501fe38 /app/Model/Acl.php
parent	a750b8ab2a0cb715da6fd9025a7ec8375db68a4d (diff)