. */ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\Middleware; use Fig\Http\Message\RequestMethodInterface; use Fisharebest\Webtrees\Auth; use Fisharebest\Webtrees\Contracts\UserInterface; use Fisharebest\Webtrees\FlashMessages; use Fisharebest\Webtrees\Http\RequestHandlers\LoginPage; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Session; use Fisharebest\Webtrees\Tree; use Fisharebest\Webtrees\User; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use function in_array; use function redirect; /** * Middleware to restrict access to managers. */ class AuthManager implements MiddlewareInterface { /** * @param ServerRequestInterface $request * @param RequestHandlerInterface $handler * * @return ResponseInterface */ public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $tree = $request->getAttribute('tree'); $user = $request->getAttribute('user'); // Logged in with the correct role? if ($tree instanceof Tree && Auth::isManager($tree, $user)) { return $handler->handle($request); } // Logged in, but without the correct role? if ($user instanceof User) { throw new AccessDeniedHttpException(); } // Not logged in. return redirect(route(LoginPage::class, ['url' => $request->getAttribute('request_uri')])); } }