1<?php 2/** 3 * webtrees: online genealogy 4 * Copyright (C) 2019 webtrees development team 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 3 of the License, or 8 * (at your option) any later version. 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * You should have received a copy of the GNU General Public License 14 * along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16declare(strict_types=1); 17 18namespace Fisharebest\Webtrees; 19 20use stdClass; 21 22/** 23 * Authentication. 24 */ 25class Auth 26{ 27 // Privacy constants 28 const PRIV_PRIVATE = 2; // Allows visitors to view the item 29 const PRIV_USER = 1; // Allows members to access the item 30 const PRIV_NONE = 0; // Allows managers to access the item 31 const PRIV_HIDE = -1; // Hide the item to all users 32 33 /** 34 * Are we currently logged in? 35 * 36 * @return bool 37 */ 38 public static function check(): bool 39 { 40 return self::id() !== null; 41 } 42 43 /** 44 * Is the specified/current user an administrator? 45 * 46 * @param User|null $user 47 * 48 * @return bool 49 */ 50 public static function isAdmin(User $user = null): bool 51 { 52 $user = $user ?? self::user(); 53 54 return $user->getPreference('canadmin') === '1'; 55 } 56 57 /** 58 * Is the specified/current user a manager of a tree? 59 * 60 * @param Tree $tree 61 * @param User|null $user 62 * 63 * @return bool 64 */ 65 public static function isManager(Tree $tree, User $user = null): bool 66 { 67 $user = $user ?? self::user(); 68 69 return self::isAdmin($user) || $tree->getUserPreference($user, 'canedit') === 'admin'; 70 } 71 72 /** 73 * Is the specified/current user a moderator of a tree? 74 * 75 * @param Tree $tree 76 * @param User|null $user 77 * 78 * @return bool 79 */ 80 public static function isModerator(Tree $tree, User $user = null): bool 81 { 82 $user = $user ?? self::user(); 83 84 return self::isManager($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'accept'; 85 } 86 87 /** 88 * Is the specified/current user an editor of a tree? 89 * 90 * @param Tree $tree 91 * @param User|null $user 92 * 93 * @return bool 94 */ 95 public static function isEditor(Tree $tree, User $user = null): bool 96 { 97 $user = $user ?? self::user(); 98 99 return self::isModerator($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'edit'; 100 } 101 102 /** 103 * Is the specified/current user a member of a tree? 104 * 105 * @param Tree $tree 106 * @param User|null $user 107 * 108 * @return bool 109 */ 110 public static function isMember(Tree $tree, User $user = null): bool 111 { 112 $user = $user ?? self::user(); 113 114 return self::isEditor($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'access'; 115 } 116 117 /** 118 * What is the specified/current user's access level within a tree? 119 * 120 * @param Tree $tree 121 * @param User|null $user 122 * 123 * @return int 124 */ 125 public static function accessLevel(Tree $tree, User $user = null) 126 { 127 $user = $user ?? self::user(); 128 129 if (self::isManager($tree, $user)) { 130 return self::PRIV_NONE; 131 } 132 133 if (self::isMember($tree, $user)) { 134 return self::PRIV_USER; 135 } 136 137 return self::PRIV_PRIVATE; 138 } 139 140 /** 141 * The ID of the authenticated user, from the current session. 142 * 143 * @return int|null 144 */ 145 public static function id() 146 { 147 return Session::get('wt_user'); 148 } 149 150 /** 151 * The authenticated user, from the current session. 152 * 153 * @return User 154 */ 155 public static function user() 156 { 157 $user = User::find(self::id()); 158 159 if ($user === null) { 160 $visitor = new stdClass(); 161 $visitor->user_id = ''; 162 $visitor->user_name = ''; 163 $visitor->real_name = ''; 164 $visitor->email = ''; 165 166 return new User($visitor); 167 } 168 169 return $user; 170 } 171 172 /** 173 * Login directly as an explicit user - for masquerading. 174 * 175 * @param User $user 176 * 177 * @return void 178 */ 179 public static function login(User $user) 180 { 181 Session::regenerate(false); 182 Session::put('wt_user', $user->getUserId()); 183 } 184 185 /** 186 * End the session for the current user. 187 * 188 * @return void 189 */ 190 public static function logout() 191 { 192 Session::regenerate(true); 193 } 194} 195