xref: /webtrees/app/Auth.php (revision 0ea23b7829d8bd38dc862b61285e14b0e1858a16) 
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2018 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16namespace Fisharebest\Webtrees;
17
18use stdClass;
19
20/**
21 * Authentication.
22 */
23class Auth
24{
25    // Privacy constants
26    const PRIV_PRIVATE = 2; // Allows visitors to view the item
27    const PRIV_USER    = 1; // Allows members to access the item
28    const PRIV_NONE    = 0; // Allows managers to access the item
29    const PRIV_HIDE    = -1; // Hide the item to all users
30
31    /**
32     * Are we currently logged in?
33     *
34     * @return bool
35     */
36    public static function check(): bool
37    {
38        return self::id() !== null;
39    }
40
41    /**
42     * Is the specified/current user an administrator?
43     *
44     * @param User|null $user
45     *
46     * @return bool
47     */
48    public static function isAdmin(User $user = null): bool
49    {
50        $user = $user ?? self::user();
51
52        return $user->getPreference('canadmin') === '1';
53    }
54
55    /**
56     * Is the specified/current user a manager of a tree?
57     *
58     * @param Tree      $tree
59     * @param User|null $user
60     *
61     * @return bool
62     */
63    public static function isManager(Tree $tree, User $user = null): bool
64    {
65        $user = $user ?? self::user();
66
67        return self::isAdmin($user) || $tree->getUserPreference($user, 'canedit') === 'admin';
68    }
69
70    /**
71     * Is the specified/current user a moderator of a tree?
72     *
73     * @param Tree      $tree
74     * @param User|null $user
75     *
76     * @return bool
77     */
78    public static function isModerator(Tree $tree, User $user = null): bool
79    {
80        $user = $user ?? self::user();
81
82        return self::isManager($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'accept';
83    }
84
85    /**
86     * Is the specified/current user an editor of a tree?
87     *
88     * @param Tree      $tree
89     * @param User|null $user
90     *
91     * @return bool
92     */
93    public static function isEditor(Tree $tree, User $user = null): bool
94    {
95        $user = $user ?? self::user();
96
97        return self::isModerator($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'edit';
98    }
99
100    /**
101     * Is the specified/current user a member of a tree?
102     *
103     * @param Tree      $tree
104     * @param User|null $user
105     *
106     * @return bool
107     */
108    public static function isMember(Tree $tree, User $user = null): bool
109    {
110        $user = $user ?? self::user();
111
112        return self::isEditor($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'access';
113    }
114
115    /**
116     * What is the specified/current user's access level within a tree?
117     *
118     * @param Tree      $tree
119     * @param User|null $user
120     *
121     * @return int
122     */
123    public static function accessLevel(Tree $tree, User $user = null)
124    {
125        $user = $user ?? self::user();
126
127        if (self::isManager($tree, $user)) {
128            return self::PRIV_NONE;
129        }
130
131        if (self::isMember($tree, $user)) {
132            return self::PRIV_USER;
133        }
134
135        return self::PRIV_PRIVATE;
136    }
137
138    /**
139     * The ID of the authenticated user, from the current session.
140     *
141     * @return int|null
142     */
143    public static function id()
144    {
145        return Session::get('wt_user');
146    }
147
148    /**
149     * The authenticated user, from the current session.
150     *
151     * @return User
152     */
153    public static function user()
154    {
155        $user = User::find(self::id());
156
157        if ($user === null) {
158            $visitor            = new stdClass();
159            $visitor->user_id   = '';
160            $visitor->user_name = '';
161            $visitor->real_name = '';
162            $visitor->email     = '';
163
164            return new User($visitor);
165        }
166
167        return $user;
168    }
169
170    /**
171     * Login directly as an explicit user - for masquerading.
172     *
173     * @param User $user
174     *
175     * @return void
176     */
177    public static function login(User $user)
178    {
179        Session::regenerate(false);
180        Session::put('wt_user', $user->getUserId());
181    }
182
183    /**
184     * End the session for the current user.
185     *
186     * @return void
187     */
188    public static function logout()
189    {
190        Session::regenerate(true);
191    }
192}
193