xref: /webtrees/app/Auth.php (revision 5bfc689774bb9a6401271c4ed15a6d50652c991b)
1a25f0a04SGreg Roach<?php
23976b470SGreg Roach
3a25f0a04SGreg Roach/**
4a25f0a04SGreg Roach * webtrees: online genealogy
5*5bfc6897SGreg Roach * Copyright (C) 2022 webtrees development team
6a25f0a04SGreg Roach * This program is free software: you can redistribute it and/or modify
7a25f0a04SGreg Roach * it under the terms of the GNU General Public License as published by
8a25f0a04SGreg Roach * the Free Software Foundation, either version 3 of the License, or
9a25f0a04SGreg Roach * (at your option) any later version.
10a25f0a04SGreg Roach * This program is distributed in the hope that it will be useful,
11a25f0a04SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12a25f0a04SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13a25f0a04SGreg Roach * GNU General Public License for more details.
14a25f0a04SGreg Roach * You should have received a copy of the GNU General Public License
1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
16a25f0a04SGreg Roach */
17fcfa147eSGreg Roach
18e7f56f2aSGreg Roachdeclare(strict_types=1);
19e7f56f2aSGreg Roach
2076692c8bSGreg Roachnamespace Fisharebest\Webtrees;
21a25f0a04SGreg Roach
22e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Contracts\UserInterface;
2381b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
2481b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
259867b2f0SGreg Roachuse Fisharebest\Webtrees\Module\ModuleInterface;
26e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Services\UserService;
2779529c87SGreg Roach
28d8809d62SGreg Roachuse function is_int;
29d8809d62SGreg Roach
30a25f0a04SGreg Roach/**
3176692c8bSGreg Roach * Authentication.
32a25f0a04SGreg Roach */
33c1010edaSGreg Roachclass Auth
34c1010edaSGreg Roach{
354b9ff166SGreg Roach    // Privacy constants
3616d6367aSGreg Roach    public const PRIV_PRIVATE = 2; // Allows visitors to view the item
3716d6367aSGreg Roach    public const PRIV_USER    = 1; // Allows members to access the item
3816d6367aSGreg Roach    public const PRIV_NONE    = 0; // Allows managers to access the item
3916d6367aSGreg Roach    public const PRIV_HIDE    = -1; // Hide the item to all users
404b9ff166SGreg Roach
41a25f0a04SGreg Roach    /**
42a25f0a04SGreg Roach     * Are we currently logged in?
43a25f0a04SGreg Roach     *
44cbc1590aSGreg Roach     * @return bool
45a25f0a04SGreg Roach     */
468f53f488SRico Sonntag    public static function check(): bool
47c1010edaSGreg Roach    {
484b9ff166SGreg Roach        return self::id() !== null;
49a25f0a04SGreg Roach    }
50a25f0a04SGreg Roach
51a25f0a04SGreg Roach    /**
52a25f0a04SGreg Roach     * Is the specified/current user an administrator?
53a25f0a04SGreg Roach     *
54e5a6b4d4SGreg Roach     * @param UserInterface|null $user
55a25f0a04SGreg Roach     *
56cbc1590aSGreg Roach     * @return bool
57a25f0a04SGreg Roach     */
58e5a6b4d4SGreg Roach    public static function isAdmin(UserInterface $user = null): bool
59c1010edaSGreg Roach    {
60cb923727SGreg Roach        $user = $user ?? self::user();
61a25f0a04SGreg Roach
621fe542e9SGreg Roach        return $user->getPreference(UserInterface::PREF_IS_ADMINISTRATOR) === '1';
63a25f0a04SGreg Roach    }
64a25f0a04SGreg Roach
65a25f0a04SGreg Roach    /**
664b9ff166SGreg Roach     * Is the specified/current user a manager of a tree?
67a25f0a04SGreg Roach     *
6884caa210SGreg Roach     * @param Tree               $tree
69e5a6b4d4SGreg Roach     * @param UserInterface|null $user
70a25f0a04SGreg Roach     *
71cbc1590aSGreg Roach     * @return bool
72a25f0a04SGreg Roach     */
73e5a6b4d4SGreg Roach    public static function isManager(Tree $tree, UserInterface $user = null): bool
74c1010edaSGreg Roach    {
75cb923727SGreg Roach        $user = $user ?? self::user();
76a25f0a04SGreg Roach
771fe542e9SGreg Roach        return self::isAdmin($user) || $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MANAGER;
78a25f0a04SGreg Roach    }
79a25f0a04SGreg Roach
80a25f0a04SGreg Roach    /**
814b9ff166SGreg Roach     * Is the specified/current user a moderator of a tree?
82a25f0a04SGreg Roach     *
8384caa210SGreg Roach     * @param Tree               $tree
84e5a6b4d4SGreg Roach     * @param UserInterface|null $user
85a25f0a04SGreg Roach     *
86cbc1590aSGreg Roach     * @return bool
87a25f0a04SGreg Roach     */
88e5a6b4d4SGreg Roach    public static function isModerator(Tree $tree, UserInterface $user = null): bool
89c1010edaSGreg Roach    {
90cb923727SGreg Roach        $user = $user ?? self::user();
91a25f0a04SGreg Roach
921fe542e9SGreg Roach        return
931fe542e9SGreg Roach            self::isManager($tree, $user) ||
941fe542e9SGreg Roach            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MODERATOR;
95a25f0a04SGreg Roach    }
96a25f0a04SGreg Roach
97a25f0a04SGreg Roach    /**
984b9ff166SGreg Roach     * Is the specified/current user an editor of a tree?
99a25f0a04SGreg Roach     *
10084caa210SGreg Roach     * @param Tree               $tree
101e5a6b4d4SGreg Roach     * @param UserInterface|null $user
102a25f0a04SGreg Roach     *
103cbc1590aSGreg Roach     * @return bool
104a25f0a04SGreg Roach     */
105e5a6b4d4SGreg Roach    public static function isEditor(Tree $tree, UserInterface $user = null): bool
106c1010edaSGreg Roach    {
107cb923727SGreg Roach        $user = $user ?? self::user();
108a25f0a04SGreg Roach
1091fe542e9SGreg Roach        return
1101fe542e9SGreg Roach            self::isModerator($tree, $user) ||
1111fe542e9SGreg Roach            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_EDITOR;
112a25f0a04SGreg Roach    }
113a25f0a04SGreg Roach
114a25f0a04SGreg Roach    /**
1154b9ff166SGreg Roach     * Is the specified/current user a member of a tree?
116a25f0a04SGreg Roach     *
11784caa210SGreg Roach     * @param Tree               $tree
118e5a6b4d4SGreg Roach     * @param UserInterface|null $user
119a25f0a04SGreg Roach     *
120cbc1590aSGreg Roach     * @return bool
121a25f0a04SGreg Roach     */
122e5a6b4d4SGreg Roach    public static function isMember(Tree $tree, UserInterface $user = null): bool
123c1010edaSGreg Roach    {
124cb923727SGreg Roach        $user = $user ?? self::user();
125a25f0a04SGreg Roach
1261fe542e9SGreg Roach        return
1271fe542e9SGreg Roach            self::isEditor($tree, $user) ||
1281fe542e9SGreg Roach            $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MEMBER;
129a25f0a04SGreg Roach    }
130a25f0a04SGreg Roach
131a25f0a04SGreg Roach    /**
1324b9ff166SGreg Roach     * What is the specified/current user's access level within a tree?
1334b9ff166SGreg Roach     *
1344b9ff166SGreg Roach     * @param Tree               $tree
135e5a6b4d4SGreg Roach     * @param UserInterface|null $user
1364b9ff166SGreg Roach     *
137cbc1590aSGreg Roach     * @return int
1384b9ff166SGreg Roach     */
139e364afe4SGreg Roach    public static function accessLevel(Tree $tree, UserInterface $user = null): int
140c1010edaSGreg Roach    {
141cb923727SGreg Roach        $user = $user ?? self::user();
1424b9ff166SGreg Roach
1434b9ff166SGreg Roach        if (self::isManager($tree, $user)) {
1444b9ff166SGreg Roach            return self::PRIV_NONE;
1454b9ff166SGreg Roach        }
146b2ce94c6SRico Sonntag
147b2ce94c6SRico Sonntag        if (self::isMember($tree, $user)) {
148b2ce94c6SRico Sonntag            return self::PRIV_USER;
149b2ce94c6SRico Sonntag        }
150b2ce94c6SRico Sonntag
151b2ce94c6SRico Sonntag        return self::PRIV_PRIVATE;
1524b9ff166SGreg Roach    }
1534b9ff166SGreg Roach
1544b9ff166SGreg Roach    /**
155a25f0a04SGreg Roach     * The ID of the authenticated user, from the current session.
156a25f0a04SGreg Roach     *
157c3ffc4cbSGreg Roach     * @return int|null
158a25f0a04SGreg Roach     */
159e364afe4SGreg Roach    public static function id(): ?int
160c1010edaSGreg Roach    {
161d8809d62SGreg Roach        $wt_user = Session::get('wt_user');
162d8809d62SGreg Roach
163d8809d62SGreg Roach        return is_int($wt_user) ? $wt_user : null;
164a25f0a04SGreg Roach    }
165a25f0a04SGreg Roach
166a25f0a04SGreg Roach    /**
167a25f0a04SGreg Roach     * The authenticated user, from the current session.
168a25f0a04SGreg Roach     *
169e5a6b4d4SGreg Roach     * @return UserInterface
170a25f0a04SGreg Roach     */
171e5a6b4d4SGreg Roach    public static function user(): UserInterface
172c1010edaSGreg Roach    {
173b55cbc6bSGreg Roach        $user_service = app(UserService::class);
174b55cbc6bSGreg Roach        assert($user_service instanceof UserService);
175b55cbc6bSGreg Roach
176b55cbc6bSGreg Roach        return $user_service->find(self::id()) ?? new GuestUser();
177a25f0a04SGreg Roach    }
178a25f0a04SGreg Roach
179a25f0a04SGreg Roach    /**
180a25f0a04SGreg Roach     * Login directly as an explicit user - for masquerading.
181a25f0a04SGreg Roach     *
182e5a6b4d4SGreg Roach     * @param UserInterface $user
183cb923727SGreg Roach     *
184cb923727SGreg Roach     * @return void
185a25f0a04SGreg Roach     */
186e364afe4SGreg Roach    public static function login(UserInterface $user): void
187c1010edaSGreg Roach    {
18881b729d3SGreg Roach        Session::regenerate();
189895230eeSGreg Roach        Session::put('wt_user', $user->id());
190a25f0a04SGreg Roach    }
191a25f0a04SGreg Roach
192a25f0a04SGreg Roach    /**
193a25f0a04SGreg Roach     * End the session for the current user.
194cb923727SGreg Roach     *
195cb923727SGreg Roach     * @return void
196a25f0a04SGreg Roach     */
197e364afe4SGreg Roach    public static function logout(): void
198c1010edaSGreg Roach    {
19931bc7874SGreg Roach        Session::regenerate(true);
200a25f0a04SGreg Roach    }
201e539f5c6SGreg Roach
202e539f5c6SGreg Roach    /**
2039867b2f0SGreg Roach     * @param ModuleInterface $module
204ef483801SGreg Roach     * @param string          $interface
2059867b2f0SGreg Roach     * @param Tree            $tree
206e5a6b4d4SGreg Roach     * @param UserInterface   $user
2079867b2f0SGreg Roach     *
2089867b2f0SGreg Roach     * @return void
2099867b2f0SGreg Roach     */
210ef483801SGreg Roach    public static function checkComponentAccess(ModuleInterface $module, string $interface, Tree $tree, UserInterface $user): void
2119867b2f0SGreg Roach    {
212ef483801SGreg Roach        if ($module->accessLevel($tree, $interface) < self::accessLevel($tree, $user)) {
213d501c45dSGreg Roach            throw new HttpAccessDeniedException();
2149867b2f0SGreg Roach        }
2159867b2f0SGreg Roach    }
2169867b2f0SGreg Roach
2179867b2f0SGreg Roach    /**
218e539f5c6SGreg Roach     * @param Family|null $family
219ffc0a61fSGreg Roach     * @param bool        $edit
220e539f5c6SGreg Roach     *
221ddeb3354SGreg Roach     * @return Family
22281b729d3SGreg Roach     * @throws HttpNotFoundException
22381b729d3SGreg Roach     * @throws HttpAccessDeniedException
224e539f5c6SGreg Roach     */
2253c3fd0a5SGreg Roach    public static function checkFamilyAccess(?Family $family, bool $edit = false): Family
226e539f5c6SGreg Roach    {
22781b729d3SGreg Roach        $message = I18N::translate('This family does not exist or you do not have permission to view it.');
22881b729d3SGreg Roach
229e539f5c6SGreg Roach        if ($family === null) {
23081b729d3SGreg Roach            throw new HttpNotFoundException($message);
231e539f5c6SGreg Roach        }
232e539f5c6SGreg Roach
2333c3fd0a5SGreg Roach        if ($edit && $family->canEdit()) {
2348091bfd1SGreg Roach            $family->lock();
2358091bfd1SGreg Roach
236ddeb3354SGreg Roach            return $family;
237e539f5c6SGreg Roach        }
238e539f5c6SGreg Roach
2393c3fd0a5SGreg Roach        if ($family->canShow()) {
2403c3fd0a5SGreg Roach            return $family;
2413c3fd0a5SGreg Roach        }
2423c3fd0a5SGreg Roach
24381b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
2443c3fd0a5SGreg Roach    }
2453c3fd0a5SGreg Roach
246e539f5c6SGreg Roach    /**
2471635452cSGreg Roach     * @param Header|null $header
2481635452cSGreg Roach     * @param bool        $edit
2491635452cSGreg Roach     *
2501635452cSGreg Roach     * @return Header
25181b729d3SGreg Roach     * @throws HttpNotFoundException
25281b729d3SGreg Roach     * @throws HttpAccessDeniedException
2531635452cSGreg Roach     */
2541635452cSGreg Roach    public static function checkHeaderAccess(?Header $header, bool $edit = false): Header
2551635452cSGreg Roach    {
25681b729d3SGreg Roach        $message = I18N::translate('This record does not exist or you do not have permission to view it.');
25781b729d3SGreg Roach
2581635452cSGreg Roach        if ($header === null) {
25981b729d3SGreg Roach            throw new HttpNotFoundException($message);
2601635452cSGreg Roach        }
2611635452cSGreg Roach
2621635452cSGreg Roach        if ($edit && $header->canEdit()) {
2638091bfd1SGreg Roach            $header->lock();
2648091bfd1SGreg Roach
2651635452cSGreg Roach            return $header;
2661635452cSGreg Roach        }
2671635452cSGreg Roach
2681635452cSGreg Roach        if ($header->canShow()) {
2691635452cSGreg Roach            return $header;
2701635452cSGreg Roach        }
2711635452cSGreg Roach
27281b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
2731635452cSGreg Roach    }
2741635452cSGreg Roach
2751635452cSGreg Roach    /**
276e539f5c6SGreg Roach     * @param Individual|null $individual
277ffc0a61fSGreg Roach     * @param bool            $edit
2783c3fd0a5SGreg Roach     * @param bool            $chart For some charts, we can show private records
279e539f5c6SGreg Roach     *
280ddeb3354SGreg Roach     * @return Individual
28181b729d3SGreg Roach     * @throws HttpNotFoundException
28281b729d3SGreg Roach     * @throws HttpAccessDeniedException
283e539f5c6SGreg Roach     */
28481b729d3SGreg Roach    public static function checkIndividualAccess(?Individual $individual, bool $edit = false, bool $chart = false): Individual
285e539f5c6SGreg Roach    {
28681b729d3SGreg Roach        $message = I18N::translate('This individual does not exist or you do not have permission to view it.');
28781b729d3SGreg Roach
288e539f5c6SGreg Roach        if ($individual === null) {
28981b729d3SGreg Roach            throw new HttpNotFoundException($message);
290e539f5c6SGreg Roach        }
291e539f5c6SGreg Roach
2923c3fd0a5SGreg Roach        if ($edit && $individual->canEdit()) {
2938091bfd1SGreg Roach            $individual->lock();
2948091bfd1SGreg Roach
295ddeb3354SGreg Roach            return $individual;
296e539f5c6SGreg Roach        }
297e539f5c6SGreg Roach
2983c3fd0a5SGreg Roach        if ($chart && $individual->tree()->getPreference('SHOW_PRIVATE_RELATIONSHIPS') === '1') {
2993c3fd0a5SGreg Roach            return $individual;
3003c3fd0a5SGreg Roach        }
3013c3fd0a5SGreg Roach
3023c3fd0a5SGreg Roach        if ($individual->canShow()) {
3033c3fd0a5SGreg Roach            return $individual;
3043c3fd0a5SGreg Roach        }
3053c3fd0a5SGreg Roach
30681b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
3073c3fd0a5SGreg Roach    }
3083c3fd0a5SGreg Roach
309e539f5c6SGreg Roach    /**
310e8ded2caSGreg Roach     * @param Location|null $location
311e8ded2caSGreg Roach     * @param bool          $edit
312e8ded2caSGreg Roach     *
313e8ded2caSGreg Roach     * @return Location
31481b729d3SGreg Roach     * @throws HttpNotFoundException
31581b729d3SGreg Roach     * @throws HttpAccessDeniedException
316e8ded2caSGreg Roach     */
317e8ded2caSGreg Roach    public static function checkLocationAccess(?Location $location, bool $edit = false): Location
318e8ded2caSGreg Roach    {
31981b729d3SGreg Roach        $message = I18N::translate('This record does not exist or you do not have permission to view it.');
32081b729d3SGreg Roach
321e8ded2caSGreg Roach        if ($location === null) {
32281b729d3SGreg Roach            throw new HttpNotFoundException($message);
323e8ded2caSGreg Roach        }
324e8ded2caSGreg Roach
325e8ded2caSGreg Roach        if ($edit && $location->canEdit()) {
326e8ded2caSGreg Roach            $location->lock();
327e8ded2caSGreg Roach
328e8ded2caSGreg Roach            return $location;
329e8ded2caSGreg Roach        }
330e8ded2caSGreg Roach
331e8ded2caSGreg Roach        if ($location->canShow()) {
332e8ded2caSGreg Roach            return $location;
333e8ded2caSGreg Roach        }
334e8ded2caSGreg Roach
33581b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
336e8ded2caSGreg Roach    }
337e8ded2caSGreg Roach
338e8ded2caSGreg Roach    /**
339e539f5c6SGreg Roach     * @param Media|null $media
340ffc0a61fSGreg Roach     * @param bool       $edit
341e539f5c6SGreg Roach     *
342ddeb3354SGreg Roach     * @return Media
34381b729d3SGreg Roach     * @throws HttpNotFoundException
34481b729d3SGreg Roach     * @throws HttpAccessDeniedException
345e539f5c6SGreg Roach     */
3463c3fd0a5SGreg Roach    public static function checkMediaAccess(?Media $media, bool $edit = false): Media
347e539f5c6SGreg Roach    {
34881b729d3SGreg Roach        $message = I18N::translate('This media object does not exist or you do not have permission to view it.');
34981b729d3SGreg Roach
350e539f5c6SGreg Roach        if ($media === null) {
35181b729d3SGreg Roach            throw new HttpNotFoundException($message);
352e539f5c6SGreg Roach        }
353e539f5c6SGreg Roach
3543c3fd0a5SGreg Roach        if ($edit && $media->canEdit()) {
3558091bfd1SGreg Roach            $media->lock();
3568091bfd1SGreg Roach
357ddeb3354SGreg Roach            return $media;
358e539f5c6SGreg Roach        }
359e539f5c6SGreg Roach
3603c3fd0a5SGreg Roach        if ($media->canShow()) {
3613c3fd0a5SGreg Roach            return $media;
3623c3fd0a5SGreg Roach        }
3633c3fd0a5SGreg Roach
36481b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
3653c3fd0a5SGreg Roach    }
3663c3fd0a5SGreg Roach
367e539f5c6SGreg Roach    /**
368e539f5c6SGreg Roach     * @param Note|null $note
369ffc0a61fSGreg Roach     * @param bool      $edit
370e539f5c6SGreg Roach     *
371ddeb3354SGreg Roach     * @return Note
37281b729d3SGreg Roach     * @throws HttpNotFoundException
37381b729d3SGreg Roach     * @throws HttpAccessDeniedException
374e539f5c6SGreg Roach     */
3753c3fd0a5SGreg Roach    public static function checkNoteAccess(?Note $note, bool $edit = false): Note
376e539f5c6SGreg Roach    {
37781b729d3SGreg Roach        $message = I18N::translate('This note does not exist or you do not have permission to view it.');
37881b729d3SGreg Roach
379e539f5c6SGreg Roach        if ($note === null) {
38081b729d3SGreg Roach            throw new HttpNotFoundException($message);
381e539f5c6SGreg Roach        }
382e539f5c6SGreg Roach
3833c3fd0a5SGreg Roach        if ($edit && $note->canEdit()) {
3848091bfd1SGreg Roach            $note->lock();
3858091bfd1SGreg Roach
386ddeb3354SGreg Roach            return $note;
387e539f5c6SGreg Roach        }
388e539f5c6SGreg Roach
3893c3fd0a5SGreg Roach        if ($note->canShow()) {
3903c3fd0a5SGreg Roach            return $note;
3913c3fd0a5SGreg Roach        }
3923c3fd0a5SGreg Roach
39381b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
3943c3fd0a5SGreg Roach    }
3953c3fd0a5SGreg Roach
396e539f5c6SGreg Roach    /**
397e539f5c6SGreg Roach     * @param GedcomRecord|null $record
398ffc0a61fSGreg Roach     * @param bool              $edit
399e539f5c6SGreg Roach     *
400ddeb3354SGreg Roach     * @return GedcomRecord
40181b729d3SGreg Roach     * @throws HttpNotFoundException
40281b729d3SGreg Roach     * @throws HttpAccessDeniedException
403e539f5c6SGreg Roach     */
4043c3fd0a5SGreg Roach    public static function checkRecordAccess(?GedcomRecord $record, bool $edit = false): GedcomRecord
405e539f5c6SGreg Roach    {
40681b729d3SGreg Roach        $message = I18N::translate('This record does not exist or you do not have permission to view it.');
40781b729d3SGreg Roach
408e539f5c6SGreg Roach        if ($record === null) {
40981b729d3SGreg Roach            throw new HttpNotFoundException($message);
410e539f5c6SGreg Roach        }
411e539f5c6SGreg Roach
4123c3fd0a5SGreg Roach        if ($edit && $record->canEdit()) {
4138091bfd1SGreg Roach            $record->lock();
4148091bfd1SGreg Roach
415ddeb3354SGreg Roach            return $record;
416e539f5c6SGreg Roach        }
417e539f5c6SGreg Roach
4183c3fd0a5SGreg Roach        if ($record->canShow()) {
4193c3fd0a5SGreg Roach            return $record;
4203c3fd0a5SGreg Roach        }
4213c3fd0a5SGreg Roach
42281b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
4233c3fd0a5SGreg Roach    }
4243c3fd0a5SGreg Roach
425e539f5c6SGreg Roach    /**
426e539f5c6SGreg Roach     * @param Repository|null $repository
427ffc0a61fSGreg Roach     * @param bool            $edit
428e539f5c6SGreg Roach     *
429ddeb3354SGreg Roach     * @return Repository
43081b729d3SGreg Roach     * @throws HttpNotFoundException
43181b729d3SGreg Roach     * @throws HttpAccessDeniedException
432e539f5c6SGreg Roach     */
4333c3fd0a5SGreg Roach    public static function checkRepositoryAccess(?Repository $repository, bool $edit = false): Repository
434e539f5c6SGreg Roach    {
43581b729d3SGreg Roach        $message = I18N::translate('This repository does not exist or you do not have permission to view it.');
43681b729d3SGreg Roach
437e539f5c6SGreg Roach        if ($repository === null) {
43881b729d3SGreg Roach            throw new HttpNotFoundException($message);
439e539f5c6SGreg Roach        }
440e539f5c6SGreg Roach
4413c3fd0a5SGreg Roach        if ($edit && $repository->canEdit()) {
4428091bfd1SGreg Roach            $repository->lock();
4438091bfd1SGreg Roach
444ddeb3354SGreg Roach            return $repository;
445e539f5c6SGreg Roach        }
446e539f5c6SGreg Roach
4473c3fd0a5SGreg Roach        if ($repository->canShow()) {
4483c3fd0a5SGreg Roach            return $repository;
4493c3fd0a5SGreg Roach        }
4503c3fd0a5SGreg Roach
45181b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
4523c3fd0a5SGreg Roach    }
4533c3fd0a5SGreg Roach
454e539f5c6SGreg Roach    /**
455e539f5c6SGreg Roach     * @param Source|null $source
456ffc0a61fSGreg Roach     * @param bool        $edit
457e539f5c6SGreg Roach     *
458ddeb3354SGreg Roach     * @return Source
45981b729d3SGreg Roach     * @throws HttpNotFoundException
46081b729d3SGreg Roach     * @throws HttpAccessDeniedException
461e539f5c6SGreg Roach     */
4623c3fd0a5SGreg Roach    public static function checkSourceAccess(?Source $source, bool $edit = false): Source
463e539f5c6SGreg Roach    {
46481b729d3SGreg Roach        $message = I18N::translate('This source does not exist or you do not have permission to view it.');
46581b729d3SGreg Roach
466e539f5c6SGreg Roach        if ($source === null) {
46781b729d3SGreg Roach            throw new HttpNotFoundException($message);
468e539f5c6SGreg Roach        }
469e539f5c6SGreg Roach
4703c3fd0a5SGreg Roach        if ($edit && $source->canEdit()) {
4718091bfd1SGreg Roach            $source->lock();
4728091bfd1SGreg Roach
473ddeb3354SGreg Roach            return $source;
474e539f5c6SGreg Roach        }
475ffc0a61fSGreg Roach
4763c3fd0a5SGreg Roach        if ($source->canShow()) {
4773c3fd0a5SGreg Roach            return $source;
4783c3fd0a5SGreg Roach        }
4793c3fd0a5SGreg Roach
48081b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
4813c3fd0a5SGreg Roach    }
4823c3fd0a5SGreg Roach
483ffc0a61fSGreg Roach    /*
484ffc0a61fSGreg Roach     * @param Submitter|null $submitter
485ffc0a61fSGreg Roach     * @param bool           $edit
486ffc0a61fSGreg Roach     *
487ffc0a61fSGreg Roach     * @return Submitter
48881b729d3SGreg Roach     * @throws HttpFoundException
48981b729d3SGreg Roach     * @throws HttpDeniedException
490ffc0a61fSGreg Roach     */
4913c3fd0a5SGreg Roach    public static function checkSubmitterAccess(?Submitter $submitter, bool $edit = false): Submitter
492ffc0a61fSGreg Roach    {
49381b729d3SGreg Roach        $message = I18N::translate('This record does not exist or you do not have permission to view it.');
49481b729d3SGreg Roach
495ffc0a61fSGreg Roach        if ($submitter === null) {
49681b729d3SGreg Roach            throw new HttpNotFoundException($message);
497ffc0a61fSGreg Roach        }
498ffc0a61fSGreg Roach
4993c3fd0a5SGreg Roach        if ($edit && $submitter->canEdit()) {
5008091bfd1SGreg Roach            $submitter->lock();
5018091bfd1SGreg Roach
502ffc0a61fSGreg Roach            return $submitter;
503ffc0a61fSGreg Roach        }
5043c3fd0a5SGreg Roach
5053c3fd0a5SGreg Roach        if ($submitter->canShow()) {
5063c3fd0a5SGreg Roach            return $submitter;
5073c3fd0a5SGreg Roach        }
5083c3fd0a5SGreg Roach
50981b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
5103c3fd0a5SGreg Roach    }
5111635452cSGreg Roach
5121635452cSGreg Roach    /*
5131635452cSGreg Roach     * @param Submission|null $submission
5141635452cSGreg Roach     * @param bool            $edit
5151635452cSGreg Roach     *
5161635452cSGreg Roach     * @return Submission
51781b729d3SGreg Roach     * @throws HttpNotFoundException
51881b729d3SGreg Roach     * @throws HttpAccessDeniedException
5191635452cSGreg Roach     */
5201635452cSGreg Roach    public static function checkSubmissionAccess(?Submission $submission, bool $edit = false): Submission
5211635452cSGreg Roach    {
52281b729d3SGreg Roach        $message = I18N::translate('This record does not exist or you do not have permission to view it.');
52381b729d3SGreg Roach
5241635452cSGreg Roach        if ($submission === null) {
52581b729d3SGreg Roach            throw new HttpNotFoundException($message);
5261635452cSGreg Roach        }
5271635452cSGreg Roach
5281635452cSGreg Roach        if ($edit && $submission->canEdit()) {
5298091bfd1SGreg Roach            $submission->lock();
5308091bfd1SGreg Roach
5311635452cSGreg Roach            return $submission;
5321635452cSGreg Roach        }
5331635452cSGreg Roach
5341635452cSGreg Roach        if ($submission->canShow()) {
5351635452cSGreg Roach            return $submission;
5361635452cSGreg Roach        }
5371635452cSGreg Roach
53881b729d3SGreg Roach        throw new HttpAccessDeniedException($message);
5391635452cSGreg Roach    }
540870365fbSGreg Roach
541870365fbSGreg Roach    /**
5425416d6ddSGreg Roach     * @param Tree          $tree
5435416d6ddSGreg Roach     * @param UserInterface $user
5445416d6ddSGreg Roach     *
5455416d6ddSGreg Roach     * @return bool
5465416d6ddSGreg Roach     */
5475416d6ddSGreg Roach    public static function canUploadMedia(Tree $tree, UserInterface $user): bool
5485416d6ddSGreg Roach    {
5495416d6ddSGreg Roach        return
550be410956SGreg Roach            self::isEditor($tree, $user) &&
551be410956SGreg Roach            self::accessLevel($tree, $user) <= (int) $tree->getPreference('MEDIA_UPLOAD');
5525416d6ddSGreg Roach    }
5535416d6ddSGreg Roach
5545416d6ddSGreg Roach
5555416d6ddSGreg Roach    /**
556870365fbSGreg Roach     * @return array<int,string>
557870365fbSGreg Roach     */
558870365fbSGreg Roach    public static function accessLevelNames(): array
559870365fbSGreg Roach    {
560870365fbSGreg Roach        return [
561d823340dSGreg Roach            self::PRIV_PRIVATE => I18N::translate('Show to visitors'),
562d823340dSGreg Roach            self::PRIV_USER    => I18N::translate('Show to members'),
563d823340dSGreg Roach            self::PRIV_NONE    => I18N::translate('Show to managers'),
564d823340dSGreg Roach            self::PRIV_HIDE    => I18N::translate('Hide from everyone'),
565870365fbSGreg Roach        ];
566870365fbSGreg Roach    }
567138139c2SGreg Roach
568138139c2SGreg Roach    /**
569138139c2SGreg Roach     * @return array<string,string>
570138139c2SGreg Roach     */
571138139c2SGreg Roach    public static function privacyRuleNames(): array
572138139c2SGreg Roach    {
573138139c2SGreg Roach        return [
574138139c2SGreg Roach            'none'         => I18N::translate('Show to visitors'),
575138139c2SGreg Roach            'privacy'      => I18N::translate('Show to members'),
576138139c2SGreg Roach            'confidential' => I18N::translate('Show to managers'),
577138139c2SGreg Roach            'hidden'       => I18N::translate('Hide from everyone'),
578138139c2SGreg Roach        ];
579138139c2SGreg Roach    }
580a25f0a04SGreg Roach}
581