1a25f0a04SGreg Roach<?php 23976b470SGreg Roach 3a25f0a04SGreg Roach/** 4a25f0a04SGreg Roach * webtrees: online genealogy 55bfc6897SGreg Roach * Copyright (C) 2022 webtrees development team 6a25f0a04SGreg Roach * This program is free software: you can redistribute it and/or modify 7a25f0a04SGreg Roach * it under the terms of the GNU General Public License as published by 8a25f0a04SGreg Roach * the Free Software Foundation, either version 3 of the License, or 9a25f0a04SGreg Roach * (at your option) any later version. 10a25f0a04SGreg Roach * This program is distributed in the hope that it will be useful, 11a25f0a04SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12a25f0a04SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13a25f0a04SGreg Roach * GNU General Public License for more details. 14a25f0a04SGreg Roach * You should have received a copy of the GNU General Public License 1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>. 16a25f0a04SGreg Roach */ 17fcfa147eSGreg Roach 18e7f56f2aSGreg Roachdeclare(strict_types=1); 19e7f56f2aSGreg Roach 2076692c8bSGreg Roachnamespace Fisharebest\Webtrees; 21a25f0a04SGreg Roach 22e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Contracts\UserInterface; 2381b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; 2481b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; 259867b2f0SGreg Roachuse Fisharebest\Webtrees\Module\ModuleInterface; 26e5a6b4d4SGreg Roachuse Fisharebest\Webtrees\Services\UserService; 2779529c87SGreg Roach 28d8809d62SGreg Roachuse function is_int; 29d8809d62SGreg Roach 30a25f0a04SGreg Roach/** 3176692c8bSGreg Roach * Authentication. 32a25f0a04SGreg Roach */ 33c1010edaSGreg Roachclass Auth 34c1010edaSGreg Roach{ 354b9ff166SGreg Roach // Privacy constants 3616d6367aSGreg Roach public const PRIV_PRIVATE = 2; // Allows visitors to view the item 3716d6367aSGreg Roach public const PRIV_USER = 1; // Allows members to access the item 3816d6367aSGreg Roach public const PRIV_NONE = 0; // Allows managers to access the item 3916d6367aSGreg Roach public const PRIV_HIDE = -1; // Hide the item to all users 404b9ff166SGreg Roach 41a25f0a04SGreg Roach /** 42a25f0a04SGreg Roach * Are we currently logged in? 43a25f0a04SGreg Roach * 44cbc1590aSGreg Roach * @return bool 45a25f0a04SGreg Roach */ 468f53f488SRico Sonntag public static function check(): bool 47c1010edaSGreg Roach { 484b9ff166SGreg Roach return self::id() !== null; 49a25f0a04SGreg Roach } 50a25f0a04SGreg Roach 51a25f0a04SGreg Roach /** 52a25f0a04SGreg Roach * Is the specified/current user an administrator? 53a25f0a04SGreg Roach * 54e5a6b4d4SGreg Roach * @param UserInterface|null $user 55a25f0a04SGreg Roach * 56cbc1590aSGreg Roach * @return bool 57a25f0a04SGreg Roach */ 58e5a6b4d4SGreg Roach public static function isAdmin(UserInterface $user = null): bool 59c1010edaSGreg Roach { 60cb923727SGreg Roach $user = $user ?? self::user(); 61a25f0a04SGreg Roach 621fe542e9SGreg Roach return $user->getPreference(UserInterface::PREF_IS_ADMINISTRATOR) === '1'; 63a25f0a04SGreg Roach } 64a25f0a04SGreg Roach 65a25f0a04SGreg Roach /** 664b9ff166SGreg Roach * Is the specified/current user a manager of a tree? 67a25f0a04SGreg Roach * 6884caa210SGreg Roach * @param Tree $tree 69e5a6b4d4SGreg Roach * @param UserInterface|null $user 70a25f0a04SGreg Roach * 71cbc1590aSGreg Roach * @return bool 72a25f0a04SGreg Roach */ 73e5a6b4d4SGreg Roach public static function isManager(Tree $tree, UserInterface $user = null): bool 74c1010edaSGreg Roach { 75cb923727SGreg Roach $user = $user ?? self::user(); 76a25f0a04SGreg Roach 771fe542e9SGreg Roach return self::isAdmin($user) || $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MANAGER; 78a25f0a04SGreg Roach } 79a25f0a04SGreg Roach 80a25f0a04SGreg Roach /** 814b9ff166SGreg Roach * Is the specified/current user a moderator of a tree? 82a25f0a04SGreg Roach * 8384caa210SGreg Roach * @param Tree $tree 84e5a6b4d4SGreg Roach * @param UserInterface|null $user 85a25f0a04SGreg Roach * 86cbc1590aSGreg Roach * @return bool 87a25f0a04SGreg Roach */ 88e5a6b4d4SGreg Roach public static function isModerator(Tree $tree, UserInterface $user = null): bool 89c1010edaSGreg Roach { 90cb923727SGreg Roach $user = $user ?? self::user(); 91a25f0a04SGreg Roach 921fe542e9SGreg Roach return 931fe542e9SGreg Roach self::isManager($tree, $user) || 941fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MODERATOR; 95a25f0a04SGreg Roach } 96a25f0a04SGreg Roach 97a25f0a04SGreg Roach /** 984b9ff166SGreg Roach * Is the specified/current user an editor of a tree? 99a25f0a04SGreg Roach * 10084caa210SGreg Roach * @param Tree $tree 101e5a6b4d4SGreg Roach * @param UserInterface|null $user 102a25f0a04SGreg Roach * 103cbc1590aSGreg Roach * @return bool 104a25f0a04SGreg Roach */ 105e5a6b4d4SGreg Roach public static function isEditor(Tree $tree, UserInterface $user = null): bool 106c1010edaSGreg Roach { 107cb923727SGreg Roach $user = $user ?? self::user(); 108a25f0a04SGreg Roach 1091fe542e9SGreg Roach return 1101fe542e9SGreg Roach self::isModerator($tree, $user) || 1111fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_EDITOR; 112a25f0a04SGreg Roach } 113a25f0a04SGreg Roach 114a25f0a04SGreg Roach /** 1154b9ff166SGreg Roach * Is the specified/current user a member of a tree? 116a25f0a04SGreg Roach * 11784caa210SGreg Roach * @param Tree $tree 118e5a6b4d4SGreg Roach * @param UserInterface|null $user 119a25f0a04SGreg Roach * 120cbc1590aSGreg Roach * @return bool 121a25f0a04SGreg Roach */ 122e5a6b4d4SGreg Roach public static function isMember(Tree $tree, UserInterface $user = null): bool 123c1010edaSGreg Roach { 124cb923727SGreg Roach $user = $user ?? self::user(); 125a25f0a04SGreg Roach 1261fe542e9SGreg Roach return 1271fe542e9SGreg Roach self::isEditor($tree, $user) || 1281fe542e9SGreg Roach $tree->getUserPreference($user, UserInterface::PREF_TREE_ROLE) === UserInterface::ROLE_MEMBER; 129a25f0a04SGreg Roach } 130a25f0a04SGreg Roach 131a25f0a04SGreg Roach /** 1324b9ff166SGreg Roach * What is the specified/current user's access level within a tree? 1334b9ff166SGreg Roach * 1344b9ff166SGreg Roach * @param Tree $tree 135e5a6b4d4SGreg Roach * @param UserInterface|null $user 1364b9ff166SGreg Roach * 137cbc1590aSGreg Roach * @return int 1384b9ff166SGreg Roach */ 139e364afe4SGreg Roach public static function accessLevel(Tree $tree, UserInterface $user = null): int 140c1010edaSGreg Roach { 141cb923727SGreg Roach $user = $user ?? self::user(); 1424b9ff166SGreg Roach 1434b9ff166SGreg Roach if (self::isManager($tree, $user)) { 1444b9ff166SGreg Roach return self::PRIV_NONE; 1454b9ff166SGreg Roach } 146b2ce94c6SRico Sonntag 147b2ce94c6SRico Sonntag if (self::isMember($tree, $user)) { 148b2ce94c6SRico Sonntag return self::PRIV_USER; 149b2ce94c6SRico Sonntag } 150b2ce94c6SRico Sonntag 151b2ce94c6SRico Sonntag return self::PRIV_PRIVATE; 1524b9ff166SGreg Roach } 1534b9ff166SGreg Roach 1544b9ff166SGreg Roach /** 155a25f0a04SGreg Roach * The ID of the authenticated user, from the current session. 156a25f0a04SGreg Roach * 157c3ffc4cbSGreg Roach * @return int|null 158a25f0a04SGreg Roach */ 159e364afe4SGreg Roach public static function id(): ?int 160c1010edaSGreg Roach { 161d8809d62SGreg Roach $wt_user = Session::get('wt_user'); 162d8809d62SGreg Roach 163d8809d62SGreg Roach return is_int($wt_user) ? $wt_user : null; 164a25f0a04SGreg Roach } 165a25f0a04SGreg Roach 166a25f0a04SGreg Roach /** 167a25f0a04SGreg Roach * The authenticated user, from the current session. 168a25f0a04SGreg Roach * 169e5a6b4d4SGreg Roach * @return UserInterface 170a25f0a04SGreg Roach */ 171e5a6b4d4SGreg Roach public static function user(): UserInterface 172c1010edaSGreg Roach { 173b55cbc6bSGreg Roach $user_service = app(UserService::class); 174b55cbc6bSGreg Roach assert($user_service instanceof UserService); 175b55cbc6bSGreg Roach 176b55cbc6bSGreg Roach return $user_service->find(self::id()) ?? new GuestUser(); 177a25f0a04SGreg Roach } 178a25f0a04SGreg Roach 179a25f0a04SGreg Roach /** 180a25f0a04SGreg Roach * Login directly as an explicit user - for masquerading. 181a25f0a04SGreg Roach * 182e5a6b4d4SGreg Roach * @param UserInterface $user 183cb923727SGreg Roach * 184cb923727SGreg Roach * @return void 185a25f0a04SGreg Roach */ 186e364afe4SGreg Roach public static function login(UserInterface $user): void 187c1010edaSGreg Roach { 18881b729d3SGreg Roach Session::regenerate(); 189895230eeSGreg Roach Session::put('wt_user', $user->id()); 190a25f0a04SGreg Roach } 191a25f0a04SGreg Roach 192a25f0a04SGreg Roach /** 193a25f0a04SGreg Roach * End the session for the current user. 194cb923727SGreg Roach * 195cb923727SGreg Roach * @return void 196a25f0a04SGreg Roach */ 197e364afe4SGreg Roach public static function logout(): void 198c1010edaSGreg Roach { 19931bc7874SGreg Roach Session::regenerate(true); 200a25f0a04SGreg Roach } 201e539f5c6SGreg Roach 202e539f5c6SGreg Roach /** 2039867b2f0SGreg Roach * @param ModuleInterface $module 204ef483801SGreg Roach * @param string $interface 2059867b2f0SGreg Roach * @param Tree $tree 206e5a6b4d4SGreg Roach * @param UserInterface $user 2079867b2f0SGreg Roach * 2089867b2f0SGreg Roach * @return void 2099867b2f0SGreg Roach */ 210ef483801SGreg Roach public static function checkComponentAccess(ModuleInterface $module, string $interface, Tree $tree, UserInterface $user): void 2119867b2f0SGreg Roach { 212ef483801SGreg Roach if ($module->accessLevel($tree, $interface) < self::accessLevel($tree, $user)) { 213d501c45dSGreg Roach throw new HttpAccessDeniedException(); 2149867b2f0SGreg Roach } 2159867b2f0SGreg Roach } 2169867b2f0SGreg Roach 2179867b2f0SGreg Roach /** 218e539f5c6SGreg Roach * @param Family|null $family 219ffc0a61fSGreg Roach * @param bool $edit 220e539f5c6SGreg Roach * 221ddeb3354SGreg Roach * @return Family 22281b729d3SGreg Roach * @throws HttpNotFoundException 22381b729d3SGreg Roach * @throws HttpAccessDeniedException 224e539f5c6SGreg Roach */ 2253c3fd0a5SGreg Roach public static function checkFamilyAccess(?Family $family, bool $edit = false): Family 226e539f5c6SGreg Roach { 22781b729d3SGreg Roach $message = I18N::translate('This family does not exist or you do not have permission to view it.'); 22881b729d3SGreg Roach 229e539f5c6SGreg Roach if ($family === null) { 23081b729d3SGreg Roach throw new HttpNotFoundException($message); 231e539f5c6SGreg Roach } 232e539f5c6SGreg Roach 2333c3fd0a5SGreg Roach if ($edit && $family->canEdit()) { 2348091bfd1SGreg Roach $family->lock(); 2358091bfd1SGreg Roach 236ddeb3354SGreg Roach return $family; 237e539f5c6SGreg Roach } 238e539f5c6SGreg Roach 2393c3fd0a5SGreg Roach if ($family->canShow()) { 2403c3fd0a5SGreg Roach return $family; 2413c3fd0a5SGreg Roach } 2423c3fd0a5SGreg Roach 24381b729d3SGreg Roach throw new HttpAccessDeniedException($message); 2443c3fd0a5SGreg Roach } 2453c3fd0a5SGreg Roach 246e539f5c6SGreg Roach /** 2471635452cSGreg Roach * @param Header|null $header 2481635452cSGreg Roach * @param bool $edit 2491635452cSGreg Roach * 2501635452cSGreg Roach * @return Header 25181b729d3SGreg Roach * @throws HttpNotFoundException 25281b729d3SGreg Roach * @throws HttpAccessDeniedException 2531635452cSGreg Roach */ 2541635452cSGreg Roach public static function checkHeaderAccess(?Header $header, bool $edit = false): Header 2551635452cSGreg Roach { 25681b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 25781b729d3SGreg Roach 2581635452cSGreg Roach if ($header === null) { 25981b729d3SGreg Roach throw new HttpNotFoundException($message); 2601635452cSGreg Roach } 2611635452cSGreg Roach 2621635452cSGreg Roach if ($edit && $header->canEdit()) { 2638091bfd1SGreg Roach $header->lock(); 2648091bfd1SGreg Roach 2651635452cSGreg Roach return $header; 2661635452cSGreg Roach } 2671635452cSGreg Roach 2681635452cSGreg Roach if ($header->canShow()) { 2691635452cSGreg Roach return $header; 2701635452cSGreg Roach } 2711635452cSGreg Roach 27281b729d3SGreg Roach throw new HttpAccessDeniedException($message); 2731635452cSGreg Roach } 2741635452cSGreg Roach 2751635452cSGreg Roach /** 276e539f5c6SGreg Roach * @param Individual|null $individual 277ffc0a61fSGreg Roach * @param bool $edit 2783c3fd0a5SGreg Roach * @param bool $chart For some charts, we can show private records 279e539f5c6SGreg Roach * 280ddeb3354SGreg Roach * @return Individual 28181b729d3SGreg Roach * @throws HttpNotFoundException 28281b729d3SGreg Roach * @throws HttpAccessDeniedException 283e539f5c6SGreg Roach */ 28481b729d3SGreg Roach public static function checkIndividualAccess(?Individual $individual, bool $edit = false, bool $chart = false): Individual 285e539f5c6SGreg Roach { 28681b729d3SGreg Roach $message = I18N::translate('This individual does not exist or you do not have permission to view it.'); 28781b729d3SGreg Roach 288e539f5c6SGreg Roach if ($individual === null) { 28981b729d3SGreg Roach throw new HttpNotFoundException($message); 290e539f5c6SGreg Roach } 291e539f5c6SGreg Roach 2923c3fd0a5SGreg Roach if ($edit && $individual->canEdit()) { 2938091bfd1SGreg Roach $individual->lock(); 2948091bfd1SGreg Roach 295ddeb3354SGreg Roach return $individual; 296e539f5c6SGreg Roach } 297e539f5c6SGreg Roach 2983c3fd0a5SGreg Roach if ($chart && $individual->tree()->getPreference('SHOW_PRIVATE_RELATIONSHIPS') === '1') { 2993c3fd0a5SGreg Roach return $individual; 3003c3fd0a5SGreg Roach } 3013c3fd0a5SGreg Roach 3023c3fd0a5SGreg Roach if ($individual->canShow()) { 3033c3fd0a5SGreg Roach return $individual; 3043c3fd0a5SGreg Roach } 3053c3fd0a5SGreg Roach 30681b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3073c3fd0a5SGreg Roach } 3083c3fd0a5SGreg Roach 309e539f5c6SGreg Roach /** 310e8ded2caSGreg Roach * @param Location|null $location 311e8ded2caSGreg Roach * @param bool $edit 312e8ded2caSGreg Roach * 313e8ded2caSGreg Roach * @return Location 31481b729d3SGreg Roach * @throws HttpNotFoundException 31581b729d3SGreg Roach * @throws HttpAccessDeniedException 316e8ded2caSGreg Roach */ 317e8ded2caSGreg Roach public static function checkLocationAccess(?Location $location, bool $edit = false): Location 318e8ded2caSGreg Roach { 31981b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 32081b729d3SGreg Roach 321e8ded2caSGreg Roach if ($location === null) { 32281b729d3SGreg Roach throw new HttpNotFoundException($message); 323e8ded2caSGreg Roach } 324e8ded2caSGreg Roach 325e8ded2caSGreg Roach if ($edit && $location->canEdit()) { 326e8ded2caSGreg Roach $location->lock(); 327e8ded2caSGreg Roach 328e8ded2caSGreg Roach return $location; 329e8ded2caSGreg Roach } 330e8ded2caSGreg Roach 331e8ded2caSGreg Roach if ($location->canShow()) { 332e8ded2caSGreg Roach return $location; 333e8ded2caSGreg Roach } 334e8ded2caSGreg Roach 33581b729d3SGreg Roach throw new HttpAccessDeniedException($message); 336e8ded2caSGreg Roach } 337e8ded2caSGreg Roach 338e8ded2caSGreg Roach /** 339e539f5c6SGreg Roach * @param Media|null $media 340ffc0a61fSGreg Roach * @param bool $edit 341e539f5c6SGreg Roach * 342ddeb3354SGreg Roach * @return Media 34381b729d3SGreg Roach * @throws HttpNotFoundException 34481b729d3SGreg Roach * @throws HttpAccessDeniedException 345e539f5c6SGreg Roach */ 3463c3fd0a5SGreg Roach public static function checkMediaAccess(?Media $media, bool $edit = false): Media 347e539f5c6SGreg Roach { 34881b729d3SGreg Roach $message = I18N::translate('This media object does not exist or you do not have permission to view it.'); 34981b729d3SGreg Roach 350e539f5c6SGreg Roach if ($media === null) { 35181b729d3SGreg Roach throw new HttpNotFoundException($message); 352e539f5c6SGreg Roach } 353e539f5c6SGreg Roach 3543c3fd0a5SGreg Roach if ($edit && $media->canEdit()) { 3558091bfd1SGreg Roach $media->lock(); 3568091bfd1SGreg Roach 357ddeb3354SGreg Roach return $media; 358e539f5c6SGreg Roach } 359e539f5c6SGreg Roach 3603c3fd0a5SGreg Roach if ($media->canShow()) { 3613c3fd0a5SGreg Roach return $media; 3623c3fd0a5SGreg Roach } 3633c3fd0a5SGreg Roach 36481b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3653c3fd0a5SGreg Roach } 3663c3fd0a5SGreg Roach 367e539f5c6SGreg Roach /** 368e539f5c6SGreg Roach * @param Note|null $note 369ffc0a61fSGreg Roach * @param bool $edit 370e539f5c6SGreg Roach * 371ddeb3354SGreg Roach * @return Note 37281b729d3SGreg Roach * @throws HttpNotFoundException 37381b729d3SGreg Roach * @throws HttpAccessDeniedException 374e539f5c6SGreg Roach */ 3753c3fd0a5SGreg Roach public static function checkNoteAccess(?Note $note, bool $edit = false): Note 376e539f5c6SGreg Roach { 37781b729d3SGreg Roach $message = I18N::translate('This note does not exist or you do not have permission to view it.'); 37881b729d3SGreg Roach 379e539f5c6SGreg Roach if ($note === null) { 38081b729d3SGreg Roach throw new HttpNotFoundException($message); 381e539f5c6SGreg Roach } 382e539f5c6SGreg Roach 3833c3fd0a5SGreg Roach if ($edit && $note->canEdit()) { 3848091bfd1SGreg Roach $note->lock(); 3858091bfd1SGreg Roach 386ddeb3354SGreg Roach return $note; 387e539f5c6SGreg Roach } 388e539f5c6SGreg Roach 3893c3fd0a5SGreg Roach if ($note->canShow()) { 3903c3fd0a5SGreg Roach return $note; 3913c3fd0a5SGreg Roach } 3923c3fd0a5SGreg Roach 39381b729d3SGreg Roach throw new HttpAccessDeniedException($message); 3943c3fd0a5SGreg Roach } 3953c3fd0a5SGreg Roach 396e539f5c6SGreg Roach /** 397701f5d18SGreg Roach * @param SharedNote|null $shared_note 398701f5d18SGreg Roach * @param bool $edit 399701f5d18SGreg Roach * 400701f5d18SGreg Roach * @return SharedNote 401701f5d18SGreg Roach * @throws HttpNotFoundException 402701f5d18SGreg Roach * @throws HttpAccessDeniedException 403701f5d18SGreg Roach */ 404701f5d18SGreg Roach public static function checkSharedNoteAccess(?SharedNote $shared_note, bool $edit = false): SharedNote 405701f5d18SGreg Roach { 406701f5d18SGreg Roach $message = I18N::translate('This note does not exist or you do not have permission to view it.'); 407701f5d18SGreg Roach 408701f5d18SGreg Roach if ($shared_note === null) { 409701f5d18SGreg Roach throw new HttpNotFoundException($message); 410701f5d18SGreg Roach } 411701f5d18SGreg Roach 412701f5d18SGreg Roach if ($edit && $shared_note->canEdit()) { 413701f5d18SGreg Roach $shared_note->lock(); 414701f5d18SGreg Roach 415701f5d18SGreg Roach return $shared_note; 416701f5d18SGreg Roach } 417701f5d18SGreg Roach 418701f5d18SGreg Roach if ($shared_note->canShow()) { 419701f5d18SGreg Roach return $shared_note; 420701f5d18SGreg Roach } 421701f5d18SGreg Roach 422701f5d18SGreg Roach throw new HttpAccessDeniedException($message); 423701f5d18SGreg Roach } 424701f5d18SGreg Roach 425701f5d18SGreg Roach /** 426e539f5c6SGreg Roach * @param GedcomRecord|null $record 427ffc0a61fSGreg Roach * @param bool $edit 428e539f5c6SGreg Roach * 429ddeb3354SGreg Roach * @return GedcomRecord 43081b729d3SGreg Roach * @throws HttpNotFoundException 43181b729d3SGreg Roach * @throws HttpAccessDeniedException 432e539f5c6SGreg Roach */ 4333c3fd0a5SGreg Roach public static function checkRecordAccess(?GedcomRecord $record, bool $edit = false): GedcomRecord 434e539f5c6SGreg Roach { 43581b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 43681b729d3SGreg Roach 437e539f5c6SGreg Roach if ($record === null) { 43881b729d3SGreg Roach throw new HttpNotFoundException($message); 439e539f5c6SGreg Roach } 440e539f5c6SGreg Roach 4413c3fd0a5SGreg Roach if ($edit && $record->canEdit()) { 4428091bfd1SGreg Roach $record->lock(); 4438091bfd1SGreg Roach 444ddeb3354SGreg Roach return $record; 445e539f5c6SGreg Roach } 446e539f5c6SGreg Roach 4473c3fd0a5SGreg Roach if ($record->canShow()) { 4483c3fd0a5SGreg Roach return $record; 4493c3fd0a5SGreg Roach } 4503c3fd0a5SGreg Roach 45181b729d3SGreg Roach throw new HttpAccessDeniedException($message); 4523c3fd0a5SGreg Roach } 4533c3fd0a5SGreg Roach 454e539f5c6SGreg Roach /** 455e539f5c6SGreg Roach * @param Repository|null $repository 456ffc0a61fSGreg Roach * @param bool $edit 457e539f5c6SGreg Roach * 458ddeb3354SGreg Roach * @return Repository 45981b729d3SGreg Roach * @throws HttpNotFoundException 46081b729d3SGreg Roach * @throws HttpAccessDeniedException 461e539f5c6SGreg Roach */ 4623c3fd0a5SGreg Roach public static function checkRepositoryAccess(?Repository $repository, bool $edit = false): Repository 463e539f5c6SGreg Roach { 46481b729d3SGreg Roach $message = I18N::translate('This repository does not exist or you do not have permission to view it.'); 46581b729d3SGreg Roach 466e539f5c6SGreg Roach if ($repository === null) { 46781b729d3SGreg Roach throw new HttpNotFoundException($message); 468e539f5c6SGreg Roach } 469e539f5c6SGreg Roach 4703c3fd0a5SGreg Roach if ($edit && $repository->canEdit()) { 4718091bfd1SGreg Roach $repository->lock(); 4728091bfd1SGreg Roach 473ddeb3354SGreg Roach return $repository; 474e539f5c6SGreg Roach } 475e539f5c6SGreg Roach 4763c3fd0a5SGreg Roach if ($repository->canShow()) { 4773c3fd0a5SGreg Roach return $repository; 4783c3fd0a5SGreg Roach } 4793c3fd0a5SGreg Roach 48081b729d3SGreg Roach throw new HttpAccessDeniedException($message); 4813c3fd0a5SGreg Roach } 4823c3fd0a5SGreg Roach 483e539f5c6SGreg Roach /** 484e539f5c6SGreg Roach * @param Source|null $source 485ffc0a61fSGreg Roach * @param bool $edit 486e539f5c6SGreg Roach * 487ddeb3354SGreg Roach * @return Source 48881b729d3SGreg Roach * @throws HttpNotFoundException 48981b729d3SGreg Roach * @throws HttpAccessDeniedException 490e539f5c6SGreg Roach */ 4913c3fd0a5SGreg Roach public static function checkSourceAccess(?Source $source, bool $edit = false): Source 492e539f5c6SGreg Roach { 49381b729d3SGreg Roach $message = I18N::translate('This source does not exist or you do not have permission to view it.'); 49481b729d3SGreg Roach 495e539f5c6SGreg Roach if ($source === null) { 49681b729d3SGreg Roach throw new HttpNotFoundException($message); 497e539f5c6SGreg Roach } 498e539f5c6SGreg Roach 4993c3fd0a5SGreg Roach if ($edit && $source->canEdit()) { 5008091bfd1SGreg Roach $source->lock(); 5018091bfd1SGreg Roach 502ddeb3354SGreg Roach return $source; 503e539f5c6SGreg Roach } 504ffc0a61fSGreg Roach 5053c3fd0a5SGreg Roach if ($source->canShow()) { 5063c3fd0a5SGreg Roach return $source; 5073c3fd0a5SGreg Roach } 5083c3fd0a5SGreg Roach 50981b729d3SGreg Roach throw new HttpAccessDeniedException($message); 5103c3fd0a5SGreg Roach } 5113c3fd0a5SGreg Roach 512*b1089081SGreg Roach /** 513ffc0a61fSGreg Roach * @param Submitter|null $submitter 514ffc0a61fSGreg Roach * @param bool $edit 515ffc0a61fSGreg Roach * 516ffc0a61fSGreg Roach * @return Submitter 517*b1089081SGreg Roach * @throws HttpNotFoundException 518*b1089081SGreg Roach * @throws HttpAccessDeniedException 519ffc0a61fSGreg Roach */ 5203c3fd0a5SGreg Roach public static function checkSubmitterAccess(?Submitter $submitter, bool $edit = false): Submitter 521ffc0a61fSGreg Roach { 52281b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 52381b729d3SGreg Roach 524ffc0a61fSGreg Roach if ($submitter === null) { 52581b729d3SGreg Roach throw new HttpNotFoundException($message); 526ffc0a61fSGreg Roach } 527ffc0a61fSGreg Roach 5283c3fd0a5SGreg Roach if ($edit && $submitter->canEdit()) { 5298091bfd1SGreg Roach $submitter->lock(); 5308091bfd1SGreg Roach 531ffc0a61fSGreg Roach return $submitter; 532ffc0a61fSGreg Roach } 5333c3fd0a5SGreg Roach 5343c3fd0a5SGreg Roach if ($submitter->canShow()) { 5353c3fd0a5SGreg Roach return $submitter; 5363c3fd0a5SGreg Roach } 5373c3fd0a5SGreg Roach 53881b729d3SGreg Roach throw new HttpAccessDeniedException($message); 5393c3fd0a5SGreg Roach } 5401635452cSGreg Roach 541*b1089081SGreg Roach /** 5421635452cSGreg Roach * @param Submission|null $submission 5431635452cSGreg Roach * @param bool $edit 5441635452cSGreg Roach * 5451635452cSGreg Roach * @return Submission 54681b729d3SGreg Roach * @throws HttpNotFoundException 54781b729d3SGreg Roach * @throws HttpAccessDeniedException 5481635452cSGreg Roach */ 5491635452cSGreg Roach public static function checkSubmissionAccess(?Submission $submission, bool $edit = false): Submission 5501635452cSGreg Roach { 55181b729d3SGreg Roach $message = I18N::translate('This record does not exist or you do not have permission to view it.'); 55281b729d3SGreg Roach 5531635452cSGreg Roach if ($submission === null) { 55481b729d3SGreg Roach throw new HttpNotFoundException($message); 5551635452cSGreg Roach } 5561635452cSGreg Roach 5571635452cSGreg Roach if ($edit && $submission->canEdit()) { 5588091bfd1SGreg Roach $submission->lock(); 5598091bfd1SGreg Roach 5601635452cSGreg Roach return $submission; 5611635452cSGreg Roach } 5621635452cSGreg Roach 5631635452cSGreg Roach if ($submission->canShow()) { 5641635452cSGreg Roach return $submission; 5651635452cSGreg Roach } 5661635452cSGreg Roach 56781b729d3SGreg Roach throw new HttpAccessDeniedException($message); 5681635452cSGreg Roach } 569870365fbSGreg Roach 570870365fbSGreg Roach /** 5715416d6ddSGreg Roach * @param Tree $tree 5725416d6ddSGreg Roach * @param UserInterface $user 5735416d6ddSGreg Roach * 5745416d6ddSGreg Roach * @return bool 5755416d6ddSGreg Roach */ 5765416d6ddSGreg Roach public static function canUploadMedia(Tree $tree, UserInterface $user): bool 5775416d6ddSGreg Roach { 5785416d6ddSGreg Roach return 579be410956SGreg Roach self::isEditor($tree, $user) && 580be410956SGreg Roach self::accessLevel($tree, $user) <= (int) $tree->getPreference('MEDIA_UPLOAD'); 5815416d6ddSGreg Roach } 5825416d6ddSGreg Roach 5835416d6ddSGreg Roach 5845416d6ddSGreg Roach /** 585870365fbSGreg Roach * @return array<int,string> 586870365fbSGreg Roach */ 587870365fbSGreg Roach public static function accessLevelNames(): array 588870365fbSGreg Roach { 589870365fbSGreg Roach return [ 590d823340dSGreg Roach self::PRIV_PRIVATE => I18N::translate('Show to visitors'), 591d823340dSGreg Roach self::PRIV_USER => I18N::translate('Show to members'), 592d823340dSGreg Roach self::PRIV_NONE => I18N::translate('Show to managers'), 593d823340dSGreg Roach self::PRIV_HIDE => I18N::translate('Hide from everyone'), 594870365fbSGreg Roach ]; 595870365fbSGreg Roach } 596138139c2SGreg Roach 597138139c2SGreg Roach /** 598138139c2SGreg Roach * @return array<string,string> 599138139c2SGreg Roach */ 600138139c2SGreg Roach public static function privacyRuleNames(): array 601138139c2SGreg Roach { 602138139c2SGreg Roach return [ 603138139c2SGreg Roach 'none' => I18N::translate('Show to visitors'), 604138139c2SGreg Roach 'privacy' => I18N::translate('Show to members'), 605138139c2SGreg Roach 'confidential' => I18N::translate('Show to managers'), 606138139c2SGreg Roach 'hidden' => I18N::translate('Hide from everyone'), 607138139c2SGreg Roach ]; 608138139c2SGreg Roach } 609a25f0a04SGreg Roach} 610