1<?php 2/** 3 * webtrees: online genealogy 4 * Copyright (C) 2017 webtrees development team 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 3 of the License, or 8 * (at your option) any later version. 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * You should have received a copy of the GNU General Public License 14 * along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16namespace Fisharebest\Webtrees; 17 18/** 19 * Authentication. 20 */ 21class Auth { 22 // Privacy constants 23 const PRIV_PRIVATE = 2; // Allows visitors to view the item 24 const PRIV_USER = 1; // Allows members to access the item 25 const PRIV_NONE = 0; // Allows managers to access the item 26 const PRIV_HIDE = -1; // Hide the item to all users 27 28 /** 29 * Are we currently logged in? 30 * 31 * @return bool 32 */ 33 public static function check() { 34 return self::id() !== null; 35 } 36 37 /** 38 * Is the specified/current user an administrator? 39 * 40 * @param User|null $user 41 * 42 * @return bool 43 */ 44 public static function isAdmin(User $user = null) { 45 if ($user === null) { 46 $user = self::user(); 47 } 48 49 return $user && $user->getPreference('canadmin') === '1'; 50 } 51 52 /** 53 * Is the specified/current user a manager of a tree? 54 * 55 * @param Tree $tree 56 * @param User|null $user 57 * 58 * @return bool 59 */ 60 public static function isManager(Tree $tree, User $user = null) { 61 if ($user === null) { 62 $user = self::user(); 63 } 64 65 return self::isAdmin($user) || $user && $tree->getUserPreference($user, 'canedit') === 'admin'; 66 } 67 68 /** 69 * Is the specified/current user a moderator of a tree? 70 * 71 * @param Tree $tree 72 * @param User|null $user 73 * 74 * @return bool 75 */ 76 public static function isModerator(Tree $tree, User $user = null) { 77 if ($user === null) { 78 $user = self::user(); 79 } 80 81 return self::isManager($tree, $user) || $user && $tree->getUserPreference($user, 'canedit') === 'accept'; 82 } 83 84 /** 85 * Is the specified/current user an editor of a tree? 86 * 87 * @param Tree $tree 88 * @param User|null $user 89 * 90 * @return bool 91 */ 92 public static function isEditor(Tree $tree, User $user = null) { 93 if ($user === null) { 94 $user = self::user(); 95 } 96 97 return self::isModerator($tree, $user) || $user && $tree->getUserPreference($user, 'canedit') === 'edit'; 98 } 99 100 /** 101 * Is the specified/current user a member of a tree? 102 * 103 * @param Tree $tree 104 * @param User|null $user 105 * 106 * @return bool 107 */ 108 public static function isMember(Tree $tree, User $user = null) { 109 if ($user === null) { 110 $user = self::user(); 111 } 112 113 return self::isEditor($tree, $user) || $user && $tree->getUserPreference($user, 'canedit') === 'access'; 114 } 115 116 /** 117 * What is the specified/current user's access level within a tree? 118 * 119 * @param Tree $tree 120 * @param User|null $user 121 * 122 * @return int 123 */ 124 public static function accessLevel(Tree $tree, User $user = null) { 125 if ($user === null) { 126 $user = self::user(); 127 } 128 129 if (self::isManager($tree, $user)) { 130 return self::PRIV_NONE; 131 } elseif (self::isMember($tree, $user)) { 132 return self::PRIV_USER; 133 } else { 134 return self::PRIV_PRIVATE; 135 } 136 } 137 138 /** 139 * The ID of the authenticated user, from the current session. 140 * 141 * @return string|null 142 */ 143 public static function id() { 144 return Session::get('wt_user'); 145 } 146 147 /** 148 * The authenticated user, from the current session. 149 * 150 * @return User 151 */ 152 public static function user() { 153 $user = User::find(self::id()); 154 if ($user === null) { 155 $visitor = new \stdClass; 156 $visitor->user_id = ''; 157 $visitor->user_name = ''; 158 $visitor->real_name = ''; 159 $visitor->email = ''; 160 161 return new User($visitor); 162 } else { 163 return $user; 164 } 165 } 166 167 /** 168 * Login directly as an explicit user - for masquerading. 169 * 170 * @param User $user 171 */ 172 public static function login(User $user) { 173 Session::regenerate(false); 174 Session::put('wt_user', $user->getUserId()); 175 } 176 177 /** 178 * End the session for the current user. 179 */ 180 public static function logout() { 181 Session::regenerate(true); 182 } 183} 184