xref: /webtrees/app/Auth.php (revision 8b67c11a1199191915b4af08a3841e7ce9d528b6)
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2019 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16declare(strict_types=1);
17
18namespace Fisharebest\Webtrees;
19
20use stdClass;
21
22/**
23 * Authentication.
24 */
25class Auth
26{
27    // Privacy constants
28    public const PRIV_PRIVATE = 2; // Allows visitors to view the item
29    public const PRIV_USER    = 1; // Allows members to access the item
30    public const PRIV_NONE    = 0; // Allows managers to access the item
31    public const PRIV_HIDE    = -1; // Hide the item to all users
32
33    /**
34     * Are we currently logged in?
35     *
36     * @return bool
37     */
38    public static function check(): bool
39    {
40        return self::id() !== null;
41    }
42
43    /**
44     * Is the specified/current user an administrator?
45     *
46     * @param User|null $user
47     *
48     * @return bool
49     */
50    public static function isAdmin(User $user = null): bool
51    {
52        $user = $user ?? self::user();
53
54        return $user->getPreference('canadmin') === '1';
55    }
56
57    /**
58     * Is the specified/current user a manager of a tree?
59     *
60     * @param Tree      $tree
61     * @param User|null $user
62     *
63     * @return bool
64     */
65    public static function isManager(Tree $tree, User $user = null): bool
66    {
67        $user = $user ?? self::user();
68
69        return self::isAdmin($user) || $tree->getUserPreference($user, 'canedit') === 'admin';
70    }
71
72    /**
73     * Is the specified/current user a moderator of a tree?
74     *
75     * @param Tree      $tree
76     * @param User|null $user
77     *
78     * @return bool
79     */
80    public static function isModerator(Tree $tree, User $user = null): bool
81    {
82        $user = $user ?? self::user();
83
84        return self::isManager($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'accept';
85    }
86
87    /**
88     * Is the specified/current user an editor of a tree?
89     *
90     * @param Tree      $tree
91     * @param User|null $user
92     *
93     * @return bool
94     */
95    public static function isEditor(Tree $tree, User $user = null): bool
96    {
97        $user = $user ?? self::user();
98
99        return self::isModerator($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'edit';
100    }
101
102    /**
103     * Is the specified/current user a member of a tree?
104     *
105     * @param Tree      $tree
106     * @param User|null $user
107     *
108     * @return bool
109     */
110    public static function isMember(Tree $tree, User $user = null): bool
111    {
112        $user = $user ?? self::user();
113
114        return self::isEditor($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'access';
115    }
116
117    /**
118     * What is the specified/current user's access level within a tree?
119     *
120     * @param Tree      $tree
121     * @param User|null $user
122     *
123     * @return int
124     */
125    public static function accessLevel(Tree $tree, User $user = null)
126    {
127        $user = $user ?? self::user();
128
129        if (self::isManager($tree, $user)) {
130            return self::PRIV_NONE;
131        }
132
133        if (self::isMember($tree, $user)) {
134            return self::PRIV_USER;
135        }
136
137        return self::PRIV_PRIVATE;
138    }
139
140    /**
141     * The ID of the authenticated user, from the current session.
142     *
143     * @return int|null
144     */
145    public static function id()
146    {
147        return Session::get('wt_user');
148    }
149
150    /**
151     * The authenticated user, from the current session.
152     *
153     * @return User
154     */
155    public static function user()
156    {
157        return User::find(self::id()) ?? User::visitor();
158    }
159
160    /**
161     * Login directly as an explicit user - for masquerading.
162     *
163     * @param User $user
164     *
165     * @return void
166     */
167    public static function login(User $user)
168    {
169        Session::regenerate(false);
170        Session::put('wt_user', $user->getUserId());
171    }
172
173    /**
174     * End the session for the current user.
175     *
176     * @return void
177     */
178    public static function logout()
179    {
180        Session::regenerate(true);
181    }
182}
183