summaryrefslogtreecommitdiff
path: root/app/Model/Acl.php
blob: 8c57425d92927f19342281cc7f3065ffef94617d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php

namespace Model;

/**
 * Acl model
 *
 * @package  model
 * @author   Frederic Guillot
 */
class Acl extends Base
{
    /**
     * Controllers and actions allowed from outside
     *
     * @access private
     * @var array
     */
    private $public_actions = array(
        'user' => array('login', 'check', 'google', 'github'),
        'task' => array('readonly'),
        'board' => array('readonly'),
        'project' => array('feed'),
        'webhook' => array('task', 'github'),
    );

    /**
     * Controllers and actions allowed for regular users
     *
     * @access private
     * @var array
     */
    private $user_actions = array(
        'app' => array('index'),
        'board' => array('index', 'show', 'save', 'check', 'changeassignee', 'updateassignee', 'changecategory', 'updatecategory'),
        'project' => array('tasks', 'index', 'forbidden', 'search', 'export', 'show', 'activity'),
        'user' => array('edit', 'forbidden', 'logout', 'show', 'external', 'unlinkgoogle', 'unlinkgithub', 'sessions', 'removesession', 'last', 'notifications', 'password'),
        'comment' => array('create', 'save', 'confirm', 'remove', 'update', 'edit', 'forbidden'),
        'file' => array('create', 'save', 'download', 'confirm', 'remove', 'open', 'image'),
        'subtask' => array('create', 'save', 'edit', 'update', 'confirm', 'remove'),
        'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'open', 'duplicate', 'remove', 'description', 'move', 'copy'),
    );

    /**
     * Return true if the specified controller/action is allowed according to the given acl
     *
     * @access public
     * @param  array    $acl          Acl list
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isAllowedAction(array $acl, $controller, $action)
    {
        if (isset($acl[$controller])) {
            return in_array($action, $acl[$controller]);
        }

        return false;
    }

    /**
     * Return true if the given action is public
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isPublicAction($controller, $action)
    {
        return $this->isAllowedAction($this->public_actions, $controller, $action);
    }

    /**
     * Return true if the given action is allowed for a regular user
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isUserAction($controller, $action)
    {
        return $this->isAllowedAction($this->user_actions, $controller, $action);
    }

    /**
     * Return true if the logged user is admin
     *
     * @access public
     * @return bool
     */
    public function isAdminUser()
    {
        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === true;
    }

    /**
     * Return true if the logged user is not admin
     *
     * @access public
     * @return bool
     */
    public function isRegularUser()
    {
        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === false;
    }

    /**
     * Get the connected user id
     *
     * @access public
     * @return integer
     */
    public function getUserId()
    {
        return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
    }

    /**
     * Check is the user is connected
     *
     * @access public
     * @return bool
     */
    public function isLogged()
    {
        return ! empty($_SESSION['user']);
    }

    /**
     * Check is the user was authenticated with the RememberMe or set the value
     *
     * @access public
     * @param  bool   $value   Set true if the user use the RememberMe
     * @return bool
     */
    public function isRememberMe($value = null)
    {
        if ($value !== null) {
            $_SESSION['is_remember_me'] = $value;
        }

        return empty($_SESSION['is_remember_me']) ? false : $_SESSION['is_remember_me'];
    }

    /**
     * Check if an action is allowed for the logged user
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isPageAccessAllowed($controller, $action)
    {
        return $this->isPublicAction($controller, $action) ||
               $this->isAdminUser() ||
               ($this->isRegularUser() && $this->isUserAction($controller, $action));
    }
}