. */ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\Middleware; use Fisharebest\Webtrees\Auth; use Fisharebest\Webtrees\Http\RequestHandlers\HomePage; use Fisharebest\Webtrees\Http\RequestHandlers\LoginPage; use Fisharebest\Webtrees\Tree; use Fisharebest\Webtrees\User; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use function assert; use function redirect; use function route; /** * Middleware to restrict access to moderators. */ class AuthModerator implements MiddlewareInterface { /** * @param ServerRequestInterface $request * @param RequestHandlerInterface $handler * * @return ResponseInterface */ public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $tree = $request->getAttribute('tree'); assert($tree instanceof Tree); $user = $request->getAttribute('user'); // Logged in with the correct role? if (Auth::isModerator($tree, $user)) { return $handler->handle($request); } // Logged in, but without the correct role? if ($user instanceof User) { return redirect(route(HomePage::class)); } // Not logged in. return redirect(route(LoginPage::class, ['tree' => $tree->name(), 'url' => $request->getUri()])); } }