1a25f0a04SGreg Roach<?php 23976b470SGreg Roach 3a25f0a04SGreg Roach/** 4a25f0a04SGreg Roach * webtrees: online genealogy 51fe542e9SGreg Roach * Copyright (C) 2021 webtrees development team 6a25f0a04SGreg Roach * This program is free software: you can redistribute it and/or modify 7a25f0a04SGreg Roach * it under the terms of the GNU General Public License as published by 8a25f0a04SGreg Roach * the Free Software Foundation, either version 3 of the License, or 9a25f0a04SGreg Roach * (at your option) any later version. 10a25f0a04SGreg Roach * This program is distributed in the hope that it will be useful, 11a25f0a04SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12a25f0a04SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13a25f0a04SGreg Roach * GNU General Public License for more details. 14a25f0a04SGreg Roach * You should have received a copy of the GNU General Public License 1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>. 16a25f0a04SGreg Roach */ 17fcfa147eSGreg Roach 18e7f56f2aSGreg Roachdeclare(strict_types=1); 19e7f56f2aSGreg Roach 2076692c8bSGreg Roachnamespace Fisharebest\Webtrees; 21a25f0a04SGreg Roach 22e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Contracts\UserInterface; 23*81b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; 24*81b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; 259867b2f0SGreg Roachuse Fisharebest\Webtrees\Module\ModuleInterface; 26e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Services\UserService; 2779529c87SGreg Roach 28a25f0a04SGreg Roach/** 2976692c8bSGreg Roach * Authentication. 30a25f0a04SGreg Roach */ 31c1010edaSGreg Roachclass Auth 32c1010edaSGreg Roach{ 334b9ff166SGreg Roach // Privacy constants 3416d6367aSGreg Roach public const PRIV_PRIVATE = 2; // Allows visitors to view the item 3516d6367aSGreg Roach public const PRIV_USER = 1; // Allows members to access the item 3616d6367aSGreg Roach public const PRIV_NONE = 0; // Allows managers to access the item 3716d6367aSGreg Roach public const PRIV_HIDE = -1; // Hide the item to all users 384b9ff166SGreg Roach 39a25f0a04SGreg Roach /** 40a25f0a04SGreg Roach * Are we currently logged in? 41a25f0a04SGreg Roach * 42cbc1590aSGreg Roach * @return bool 43a25f0a04SGreg Roach */ 448f53f488SRico Sonntag public static function check(): bool 45c1010edaSGreg Roach { 464b9ff166SGreg Roach return self::id() !== null; 47a25f0a04SGreg Roach } 48a25f0a04SGreg Roach 49a25f0a04SGreg Roach /** 50a25f0a04SGreg Roach * Is the specified/current user an administrator? 51a25f0a04SGreg Roach * 52e5a6b4d4SGreg Roach * @param UserInterface|null $user 53a25f0a04SGreg Roach * 54cbc1590aSGreg Roach * @return bool 55a25f0a04SGreg Roach */ 56e5a6b4d4SGreg Roach public static function isAdmin(UserInterface $user = null): bool 57c1010edaSGreg Roach { 58cb923727SGreg Roach $user = $user ?? self::user(); 59a25f0a04SGreg Roach 601fe542e9SGreg Roach return $user->getPreference(UserInterface::PREF_IS_ADMINISTRATOR) === '1'; 61a25f0a04SGreg Roach } 62a25f0a04SGreg Roach 63a25f0a04SGreg Roach /** 644b9ff166SGreg Roach * Is the specified/current user a manager of a tree? 65a25f0a04SGreg Roach * 6684caa210SGreg Roach * @param Tree $tree 67e5a6b4d4SGreg Roach * @param UserInterface|null $user 68a25f0a04SGreg Roach * 69cbc1590aSGreg Roach * @return bool 70a25f0a04SGreg Roach */ 71e5a6b4d4SGreg Roach public static function isManager(Tree $tree, UserInterface $user = null): bool 72c1010edaSGreg Roach { 73cb923727SGreg Roach $user = $user ?? self::user(); 74a25f0a04SGreg Roach 751fe542e9SGreg Roach return self::isAdmin($user) || $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MANAGER; 76a25f0a04SGreg Roach } 77a25f0a04SGreg Roach 78a25f0a04SGreg Roach /** 794b9ff166SGreg Roach * Is the specified/current user a moderator of a tree? 80a25f0a04SGreg Roach * 8184caa210SGreg Roach * @param Tree $tree 82e5a6b4d4SGreg Roach * @param UserInterface|null $user 83a25f0a04SGreg Roach * 84cbc1590aSGreg Roach * @return bool 85a25f0a04SGreg Roach */ 86e5a6b4d4SGreg Roach public static function isModerator(Tree $tree, UserInterface $user = null): bool 87c1010edaSGreg Roach { 88cb923727SGreg Roach $user = $user ?? self::user(); 89a25f0a04SGreg Roach 901fe542e9SGreg Roach return 911fe542e9SGreg Roach self::isManager($tree, $user) || 921fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MODERATOR; 93a25f0a04SGreg Roach } 94a25f0a04SGreg Roach 95a25f0a04SGreg Roach /** 964b9ff166SGreg Roach * Is the specified/current user an editor of a tree? 97a25f0a04SGreg Roach * 9884caa210SGreg Roach * @param Tree $tree 99e5a6b4d4SGreg Roach * @param UserInterface|null $user 100a25f0a04SGreg Roach * 101cbc1590aSGreg Roach * @return bool 102a25f0a04SGreg Roach */ 103e5a6b4d4SGreg Roach public static function isEditor(Tree $tree, UserInterface $user = null): bool 104c1010edaSGreg Roach { 105cb923727SGreg Roach $user = $user ?? self::user(); 106a25f0a04SGreg Roach 1071fe542e9SGreg Roach return 1081fe542e9SGreg Roach self::isModerator($tree, $user) || 1091fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_EDITOR; 110a25f0a04SGreg Roach } 111a25f0a04SGreg Roach 112a25f0a04SGreg Roach /** 1134b9ff166SGreg Roach * Is the specified/current user a member of a tree? 114a25f0a04SGreg Roach * 11584caa210SGreg Roach * @param Tree $tree 116e5a6b4d4SGreg Roach * @param UserInterface|null $user 117a25f0a04SGreg Roach * 118cbc1590aSGreg Roach * @return bool 119a25f0a04SGreg Roach */ 120e5a6b4d4SGreg Roach public static function isMember(Tree $tree, UserInterface $user = null): bool 121c1010edaSGreg Roach { 122cb923727SGreg Roach $user = $user ?? self::user(); 123a25f0a04SGreg Roach 1241fe542e9SGreg Roach return 1251fe542e9SGreg Roach self::isEditor($tree, $user) || 1261fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MEMBER; 127a25f0a04SGreg Roach } 128a25f0a04SGreg Roach 129a25f0a04SGreg Roach /** 1304b9ff166SGreg Roach * What is the specified/current user's access level within a tree? 1314b9ff166SGreg Roach * 1324b9ff166SGreg Roach * @param Tree $tree 133e5a6b4d4SGreg Roach * @param UserInterface|null $user 1344b9ff166SGreg Roach * 135cbc1590aSGreg Roach * @return int 1364b9ff166SGreg Roach */ 137e364afe4SGreg Roach public static function accessLevel(Tree $tree, UserInterface $user = null): int 138c1010edaSGreg Roach { 139cb923727SGreg Roach $user = $user ?? self::user(); 1404b9ff166SGreg Roach 1414b9ff166SGreg Roach if (self::isManager($tree, $user)) { 1424b9ff166SGreg Roach return self::PRIV_NONE; 1434b9ff166SGreg Roach } 144b2ce94c6SRico Sonntag 145b2ce94c6SRico Sonntag if (self::isMember($tree, $user)) { 146b2ce94c6SRico Sonntag return self::PRIV_USER; 147b2ce94c6SRico Sonntag } 148b2ce94c6SRico Sonntag 149b2ce94c6SRico Sonntag return self::PRIV_PRIVATE; 1504b9ff166SGreg Roach } 1514b9ff166SGreg Roach 1524b9ff166SGreg Roach /** 153a25f0a04SGreg Roach * The ID of the authenticated user, from the current session. 154a25f0a04SGreg Roach * 155c3ffc4cbSGreg Roach * @return int|null 156a25f0a04SGreg Roach */ 157e364afe4SGreg Roach public static function id(): ?int 158c1010edaSGreg Roach { 1599683b471SGreg Roach return Session::get('wt_user'); 160a25f0a04SGreg Roach } 161a25f0a04SGreg Roach 162a25f0a04SGreg Roach /** 163a25f0a04SGreg Roach * The authenticated user, from the current session. 164a25f0a04SGreg Roach * 165e5a6b4d4SGreg Roach * @return UserInterface 166a25f0a04SGreg Roach */ 167e5a6b4d4SGreg Roach public static function user(): UserInterface 168c1010edaSGreg Roach { 16915674e31SGreg Roach return app(UserService::class)->find(self::id()) ?? new GuestUser(); 170a25f0a04SGreg Roach } 171a25f0a04SGreg Roach 172a25f0a04SGreg Roach /** 173a25f0a04SGreg Roach * Login directly as an explicit user - for masquerading. 174a25f0a04SGreg Roach * 175e5a6b4d4SGreg Roach * @param UserInterface $user 176cb923727SGreg Roach * 177cb923727SGreg Roach * @return void 178a25f0a04SGreg Roach */ 179e364afe4SGreg Roach public static function login(UserInterface $user): void 180c1010edaSGreg Roach { 181*81b729d3SGreg Roach Session::regenerate(); 182895230eeSGreg Roach Session::put('wt_user', $user->id()); 183a25f0a04SGreg Roach } 184a25f0a04SGreg Roach 185a25f0a04SGreg Roach /** 186a25f0a04SGreg Roach * End the session for the current user. 187cb923727SGreg Roach * 188cb923727SGreg Roach * @return void 189a25f0a04SGreg Roach */ 190e364afe4SGreg Roach public static function logout(): void 191c1010edaSGreg Roach { 19231bc7874SGreg Roach Session::regenerate(true); 193a25f0a04SGreg Roach } 194e539f5c6SGreg Roach 195e539f5c6SGreg Roach /** 1969867b2f0SGreg Roach * @param ModuleInterface $module 197ef483801SGreg Roach * @param string $interface 1989867b2f0SGreg Roach * @param Tree $tree 199e5a6b4d4SGreg Roach * @param UserInterface $user 2009867b2f0SGreg Roach * 2019867b2f0SGreg Roach * @return void 2029867b2f0SGreg Roach */ 203ef483801SGreg Roach public static function checkComponentAccess(ModuleInterface $module, string $interface, Tree $tree, UserInterface $user): void 2049867b2f0SGreg Roach { 205ef483801SGreg Roach if ($module->accessLevel($tree, $interface) < self::accessLevel($tree, $user)) { 206d501c45dSGreg Roach throw new HttpAccessDeniedException(); 2079867b2f0SGreg Roach } 2089867b2f0SGreg Roach } 2099867b2f0SGreg Roach 2109867b2f0SGreg Roach /** 211e539f5c6SGreg Roach * @param Family|null $family 212ffc0a61fSGreg Roach * @param bool $edit 213e539f5c6SGreg Roach * 214ddeb3354SGreg Roach * @return Family 215*81b729d3SGreg Roach * @throws HttpNotFoundException 216*81b729d3SGreg Roach * @throws HttpAccessDeniedException 217e539f5c6SGreg Roach */ 2183c3fd0a5SGreg Roach public static function checkFamilyAccess(?Family $family, bool $edit = false): Family 219e539f5c6SGreg Roach { 220*81b729d3SGreg Roach $message = I18N::translate('This family does not exist or you do not have permission to view it.'); 221*81b729d3SGreg Roach 222e539f5c6SGreg Roach if ($family === null) { 223*81b729d3SGreg Roach throw new HttpNotFoundException($message); 224e539f5c6SGreg Roach } 225e539f5c6SGreg Roach 2263c3fd0a5SGreg Roach if ($edit && $family->canEdit()) { 2278091bfd1SGreg Roach $family->lock(); 2288091bfd1SGreg Roach 229ddeb3354SGreg Roach return $family; 230e539f5c6SGreg Roach } 231e539f5c6SGreg Roach 2323c3fd0a5SGreg Roach if ($family->canShow()) { 2333c3fd0a5SGreg Roach return $family; 2343c3fd0a5SGreg Roach } 2353c3fd0a5SGreg Roach 236*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 2373c3fd0a5SGreg Roach } 2383c3fd0a5SGreg Roach 239e539f5c6SGreg Roach /** 2401635452cSGreg Roach * @param Header|null $header 2411635452cSGreg Roach * @param bool $edit 2421635452cSGreg Roach * 2431635452cSGreg Roach * @return Header 244*81b729d3SGreg Roach * @throws HttpNotFoundException 245*81b729d3SGreg Roach * @throws HttpAccessDeniedException 2461635452cSGreg Roach */ 2471635452cSGreg Roach public static function checkHeaderAccess(?Header $header, bool $edit = false): Header 2481635452cSGreg Roach { 249*81b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 250*81b729d3SGreg Roach 2511635452cSGreg Roach if ($header === null) { 252*81b729d3SGreg Roach throw new HttpNotFoundException($message); 2531635452cSGreg Roach } 2541635452cSGreg Roach 2551635452cSGreg Roach if ($edit && $header->canEdit()) { 2568091bfd1SGreg Roach $header->lock(); 2578091bfd1SGreg Roach 2581635452cSGreg Roach return $header; 2591635452cSGreg Roach } 2601635452cSGreg Roach 2611635452cSGreg Roach if ($header->canShow()) { 2621635452cSGreg Roach return $header; 2631635452cSGreg Roach } 2641635452cSGreg Roach 265*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 2661635452cSGreg Roach } 2671635452cSGreg Roach 2681635452cSGreg Roach /** 269e539f5c6SGreg Roach * @param Individual|null $individual 270ffc0a61fSGreg Roach * @param bool $edit 2713c3fd0a5SGreg Roach * @param bool $chart For some charts, we can show private records 272e539f5c6SGreg Roach * 273ddeb3354SGreg Roach * @return Individual 274*81b729d3SGreg Roach * @throws HttpNotFoundException 275*81b729d3SGreg Roach * @throws HttpAccessDeniedException 276e539f5c6SGreg Roach */ 277*81b729d3SGreg Roach public static function checkIndividualAccess(?Individual $individual, bool $edit = false, bool $chart = false): Individual 278e539f5c6SGreg Roach { 279*81b729d3SGreg Roach $message = I18N::translate('This individual does not exist or you do not have permission to view it.'); 280*81b729d3SGreg Roach 281e539f5c6SGreg Roach if ($individual === null) { 282*81b729d3SGreg Roach throw new HttpNotFoundException($message); 283e539f5c6SGreg Roach } 284e539f5c6SGreg Roach 2853c3fd0a5SGreg Roach if ($edit && $individual->canEdit()) { 2868091bfd1SGreg Roach $individual->lock(); 2878091bfd1SGreg Roach 288ddeb3354SGreg Roach return $individual; 289e539f5c6SGreg Roach } 290e539f5c6SGreg Roach 2913c3fd0a5SGreg Roach if ($chart && $individual->tree()->getPreference('SHOW_PRIVATE_RELATIONSHIPS') === '1') { 2923c3fd0a5SGreg Roach return $individual; 2933c3fd0a5SGreg Roach } 2943c3fd0a5SGreg Roach 2953c3fd0a5SGreg Roach if ($individual->canShow()) { 2963c3fd0a5SGreg Roach return $individual; 2973c3fd0a5SGreg Roach } 2983c3fd0a5SGreg Roach 299*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3003c3fd0a5SGreg Roach } 3013c3fd0a5SGreg Roach 302e539f5c6SGreg Roach /** 303e8ded2caSGreg Roach * @param Location|null $location 304e8ded2caSGreg Roach * @param bool $edit 305e8ded2caSGreg Roach * 306e8ded2caSGreg Roach * @return Location 307*81b729d3SGreg Roach * @throws HttpNotFoundException 308*81b729d3SGreg Roach * @throws HttpAccessDeniedException 309e8ded2caSGreg Roach */ 310e8ded2caSGreg Roach public static function checkLocationAccess(?Location $location, bool $edit = false): Location 311e8ded2caSGreg Roach { 312*81b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 313*81b729d3SGreg Roach 314e8ded2caSGreg Roach if ($location === null) { 315*81b729d3SGreg Roach throw new HttpNotFoundException($message); 316e8ded2caSGreg Roach } 317e8ded2caSGreg Roach 318e8ded2caSGreg Roach if ($edit && $location->canEdit()) { 319e8ded2caSGreg Roach $location->lock(); 320e8ded2caSGreg Roach 321e8ded2caSGreg Roach return $location; 322e8ded2caSGreg Roach } 323e8ded2caSGreg Roach 324e8ded2caSGreg Roach if ($location->canShow()) { 325e8ded2caSGreg Roach return $location; 326e8ded2caSGreg Roach } 327e8ded2caSGreg Roach 328*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 329e8ded2caSGreg Roach } 330e8ded2caSGreg Roach 331e8ded2caSGreg Roach /** 332e539f5c6SGreg Roach * @param Media|null $media 333ffc0a61fSGreg Roach * @param bool $edit 334e539f5c6SGreg Roach * 335ddeb3354SGreg Roach * @return Media 336*81b729d3SGreg Roach * @throws HttpNotFoundException 337*81b729d3SGreg Roach * @throws HttpAccessDeniedException 338e539f5c6SGreg Roach */ 3393c3fd0a5SGreg Roach public static function checkMediaAccess(?Media $media, bool $edit = false): Media 340e539f5c6SGreg Roach { 341*81b729d3SGreg Roach $message = I18N::translate('This media object does not exist or you do not have permission to view it.'); 342*81b729d3SGreg Roach 343e539f5c6SGreg Roach if ($media === null) { 344*81b729d3SGreg Roach throw new HttpNotFoundException($message); 345e539f5c6SGreg Roach } 346e539f5c6SGreg Roach 3473c3fd0a5SGreg Roach if ($edit && $media->canEdit()) { 3488091bfd1SGreg Roach $media->lock(); 3498091bfd1SGreg Roach 350ddeb3354SGreg Roach return $media; 351e539f5c6SGreg Roach } 352e539f5c6SGreg Roach 3533c3fd0a5SGreg Roach if ($media->canShow()) { 3543c3fd0a5SGreg Roach return $media; 3553c3fd0a5SGreg Roach } 3563c3fd0a5SGreg Roach 357*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3583c3fd0a5SGreg Roach } 3593c3fd0a5SGreg Roach 360e539f5c6SGreg Roach /** 361e539f5c6SGreg Roach * @param Note|null $note 362ffc0a61fSGreg Roach * @param bool $edit 363e539f5c6SGreg Roach * 364ddeb3354SGreg Roach * @return Note 365*81b729d3SGreg Roach * @throws HttpNotFoundException 366*81b729d3SGreg Roach * @throws HttpAccessDeniedException 367e539f5c6SGreg Roach */ 3683c3fd0a5SGreg Roach public static function checkNoteAccess(?Note $note, bool $edit = false): Note 369e539f5c6SGreg Roach { 370*81b729d3SGreg Roach $message = I18N::translate('This note does not exist or you do not have permission to view it.'); 371*81b729d3SGreg Roach 372e539f5c6SGreg Roach if ($note === null) { 373*81b729d3SGreg Roach throw new HttpNotFoundException($message); 374e539f5c6SGreg Roach } 375e539f5c6SGreg Roach 3763c3fd0a5SGreg Roach if ($edit && $note->canEdit()) { 3778091bfd1SGreg Roach $note->lock(); 3788091bfd1SGreg Roach 379ddeb3354SGreg Roach return $note; 380e539f5c6SGreg Roach } 381e539f5c6SGreg Roach 3823c3fd0a5SGreg Roach if ($note->canShow()) { 3833c3fd0a5SGreg Roach return $note; 3843c3fd0a5SGreg Roach } 3853c3fd0a5SGreg Roach 386*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3873c3fd0a5SGreg Roach } 3883c3fd0a5SGreg Roach 389e539f5c6SGreg Roach /** 390e539f5c6SGreg Roach * @param GedcomRecord|null $record 391ffc0a61fSGreg Roach * @param bool $edit 392e539f5c6SGreg Roach * 393ddeb3354SGreg Roach * @return GedcomRecord 394*81b729d3SGreg Roach * @throws HttpNotFoundException 395*81b729d3SGreg Roach * @throws HttpAccessDeniedException 396e539f5c6SGreg Roach */ 3973c3fd0a5SGreg Roach public static function checkRecordAccess(?GedcomRecord $record, bool $edit = false): GedcomRecord 398e539f5c6SGreg Roach { 399*81b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 400*81b729d3SGreg Roach 401e539f5c6SGreg Roach if ($record === null) { 402*81b729d3SGreg Roach throw new HttpNotFoundException($message); 403e539f5c6SGreg Roach } 404e539f5c6SGreg Roach 4053c3fd0a5SGreg Roach if ($edit && $record->canEdit()) { 4068091bfd1SGreg Roach $record->lock(); 4078091bfd1SGreg Roach 408ddeb3354SGreg Roach return $record; 409e539f5c6SGreg Roach } 410e539f5c6SGreg Roach 4113c3fd0a5SGreg Roach if ($record->canShow()) { 4123c3fd0a5SGreg Roach return $record; 4133c3fd0a5SGreg Roach } 4143c3fd0a5SGreg Roach 415*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 4163c3fd0a5SGreg Roach } 4173c3fd0a5SGreg Roach 418e539f5c6SGreg Roach /** 419e539f5c6SGreg Roach * @param Repository|null $repository 420ffc0a61fSGreg Roach * @param bool $edit 421e539f5c6SGreg Roach * 422ddeb3354SGreg Roach * @return Repository 423*81b729d3SGreg Roach * @throws HttpNotFoundException 424*81b729d3SGreg Roach * @throws HttpAccessDeniedException 425e539f5c6SGreg Roach */ 4263c3fd0a5SGreg Roach public static function checkRepositoryAccess(?Repository $repository, bool $edit = false): Repository 427e539f5c6SGreg Roach { 428*81b729d3SGreg Roach $message = I18N::translate('This repository does not exist or you do not have permission to view it.'); 429*81b729d3SGreg Roach 430e539f5c6SGreg Roach if ($repository === null) { 431*81b729d3SGreg Roach throw new HttpNotFoundException($message); 432e539f5c6SGreg Roach } 433e539f5c6SGreg Roach 4343c3fd0a5SGreg Roach if ($edit && $repository->canEdit()) { 4358091bfd1SGreg Roach $repository->lock(); 4368091bfd1SGreg Roach 437ddeb3354SGreg Roach return $repository; 438e539f5c6SGreg Roach } 439e539f5c6SGreg Roach 4403c3fd0a5SGreg Roach if ($repository->canShow()) { 4413c3fd0a5SGreg Roach return $repository; 4423c3fd0a5SGreg Roach } 4433c3fd0a5SGreg Roach 444*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 4453c3fd0a5SGreg Roach } 4463c3fd0a5SGreg Roach 447e539f5c6SGreg Roach /** 448e539f5c6SGreg Roach * @param Source|null $source 449ffc0a61fSGreg Roach * @param bool $edit 450e539f5c6SGreg Roach * 451ddeb3354SGreg Roach * @return Source 452*81b729d3SGreg Roach * @throws HttpNotFoundException 453*81b729d3SGreg Roach * @throws HttpAccessDeniedException 454e539f5c6SGreg Roach */ 4553c3fd0a5SGreg Roach public static function checkSourceAccess(?Source $source, bool $edit = false): Source 456e539f5c6SGreg Roach { 457*81b729d3SGreg Roach $message = I18N::translate('This source does not exist or you do not have permission to view it.'); 458*81b729d3SGreg Roach 459e539f5c6SGreg Roach if ($source === null) { 460*81b729d3SGreg Roach throw new HttpNotFoundException($message); 461e539f5c6SGreg Roach } 462e539f5c6SGreg Roach 4633c3fd0a5SGreg Roach if ($edit && $source->canEdit()) { 4648091bfd1SGreg Roach $source->lock(); 4658091bfd1SGreg Roach 466ddeb3354SGreg Roach return $source; 467e539f5c6SGreg Roach } 468ffc0a61fSGreg Roach 4693c3fd0a5SGreg Roach if ($source->canShow()) { 4703c3fd0a5SGreg Roach return $source; 4713c3fd0a5SGreg Roach } 4723c3fd0a5SGreg Roach 473*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 4743c3fd0a5SGreg Roach } 4753c3fd0a5SGreg Roach 476ffc0a61fSGreg Roach /* 477ffc0a61fSGreg Roach * @param Submitter|null $submitter 478ffc0a61fSGreg Roach * @param bool $edit 479ffc0a61fSGreg Roach * 480ffc0a61fSGreg Roach * @return Submitter 481*81b729d3SGreg Roach * @throws HttpFoundException 482*81b729d3SGreg Roach * @throws HttpDeniedException 483ffc0a61fSGreg Roach */ 4843c3fd0a5SGreg Roach public static function checkSubmitterAccess(?Submitter $submitter, bool $edit = false): Submitter 485ffc0a61fSGreg Roach { 486*81b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 487*81b729d3SGreg Roach 488ffc0a61fSGreg Roach if ($submitter === null) { 489*81b729d3SGreg Roach throw new HttpNotFoundException($message); 490ffc0a61fSGreg Roach } 491ffc0a61fSGreg Roach 4923c3fd0a5SGreg Roach if ($edit && $submitter->canEdit()) { 4938091bfd1SGreg Roach $submitter->lock(); 4948091bfd1SGreg Roach 495ffc0a61fSGreg Roach return $submitter; 496ffc0a61fSGreg Roach } 4973c3fd0a5SGreg Roach 4983c3fd0a5SGreg Roach if ($submitter->canShow()) { 4993c3fd0a5SGreg Roach return $submitter; 5003c3fd0a5SGreg Roach } 5013c3fd0a5SGreg Roach 502*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 5033c3fd0a5SGreg Roach } 5041635452cSGreg Roach 5051635452cSGreg Roach /* 5061635452cSGreg Roach * @param Submission|null $submission 5071635452cSGreg Roach * @param bool $edit 5081635452cSGreg Roach * 5091635452cSGreg Roach * @return Submission 510*81b729d3SGreg Roach * @throws HttpNotFoundException 511*81b729d3SGreg Roach * @throws HttpAccessDeniedException 5121635452cSGreg Roach */ 5131635452cSGreg Roach public static function checkSubmissionAccess(?Submission $submission, bool $edit = false): Submission 5141635452cSGreg Roach { 515*81b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 516*81b729d3SGreg Roach 5171635452cSGreg Roach if ($submission === null) { 518*81b729d3SGreg Roach throw new HttpNotFoundException($message); 5191635452cSGreg Roach } 5201635452cSGreg Roach 5211635452cSGreg Roach if ($edit && $submission->canEdit()) { 5228091bfd1SGreg Roach $submission->lock(); 5238091bfd1SGreg Roach 5241635452cSGreg Roach return $submission; 5251635452cSGreg Roach } 5261635452cSGreg Roach 5271635452cSGreg Roach if ($submission->canShow()) { 5281635452cSGreg Roach return $submission; 5291635452cSGreg Roach } 5301635452cSGreg Roach 531*81b729d3SGreg Roach throw new HttpAccessDeniedException($message); 5321635452cSGreg Roach } 533870365fbSGreg Roach 534870365fbSGreg Roach /** 535870365fbSGreg Roach * @return array<int,string> 536870365fbSGreg Roach */ 537870365fbSGreg Roach public static function accessLevelNames(): array 538870365fbSGreg Roach { 539870365fbSGreg Roach return [ 540d823340dSGreg Roach self::PRIV_PRIVATE => I18N::translate('Show to visitors'), 541d823340dSGreg Roach self::PRIV_USER => I18N::translate('Show to members'), 542d823340dSGreg Roach self::PRIV_NONE => I18N::translate('Show to managers'), 543d823340dSGreg Roach self::PRIV_HIDE => I18N::translate('Hide from everyone'), 544870365fbSGreg Roach ]; 545870365fbSGreg Roach } 546138139c2SGreg Roach 547138139c2SGreg Roach /** 548138139c2SGreg Roach * @return array<string,string> 549138139c2SGreg Roach */ 550138139c2SGreg Roach public static function privacyRuleNames(): array 551138139c2SGreg Roach { 552138139c2SGreg Roach return [ 553138139c2SGreg Roach 'none' => I18N::translate('Show to visitors'), 554138139c2SGreg Roach 'privacy' => I18N::translate('Show to members'), 555138139c2SGreg Roach 'confidential' => I18N::translate('Show to managers'), 556138139c2SGreg Roach 'hidden' => I18N::translate('Hide from everyone'), 557138139c2SGreg Roach ]; 558138139c2SGreg Roach } 559a25f0a04SGreg Roach} 560