. */ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\Middleware; use Fisharebest\Webtrees\Auth; use Fisharebest\Webtrees\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Exceptions\HttpNotFoundException; use Fisharebest\Webtrees\Http\RequestHandlers\LoginPage; use Fisharebest\Webtrees\Tree; use Fisharebest\Webtrees\User; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use function redirect; use function route; /** * Middleware to restrict access to managers. */ class AuthManager implements MiddlewareInterface { /** * @param ServerRequestInterface $request * @param RequestHandlerInterface $handler * * @return ResponseInterface */ public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $tree = $request->getAttribute('tree'); // We've matched a tree parameter in the route, but it is private or deleted. if (!$tree instanceof Tree) { throw new HttpNotFoundException(); } $user = $request->getAttribute('user'); // Logged in with the correct role? if (Auth::isManager($tree, $user)) { return $handler->handle($request); } // Logged in, but without the correct role? if ($user instanceof User) { throw new HttpAccessDeniedException(); } // Not logged in. return redirect(route(LoginPage::class, ['tree' => $tree->name(), 'url' => $request->getUri()])); } }