xref: /webtrees/app/Auth.php (revision cfe766af61e4d860f17afd91dc1b2e538caffa79)
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2018 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16namespace Fisharebest\Webtrees;
17
18use stdClass;
19
20/**
21 * Authentication.
22 */
23class Auth
24{
25    // Privacy constants
26    const PRIV_PRIVATE = 2; // Allows visitors to view the item
27    const PRIV_USER    = 1; // Allows members to access the item
28    const PRIV_NONE    = 0; // Allows managers to access the item
29    const PRIV_HIDE    = -1; // Hide the item to all users
30
31    /**
32     * Are we currently logged in?
33     *
34     * @return bool
35     */
36    public static function check(): bool
37    {
38        return self::id() !== null;
39    }
40
41    /**
42     * Is the specified/current user an administrator?
43     *
44     * @param User|null $user
45     *
46     * @return bool
47     */
48    public static function isAdmin(User $user = null): bool
49    {
50        $user = $user ?? self::user();
51
52        return $user->getPreference('canadmin') === '1';
53    }
54
55    /**
56     * Is the specified/current user a manager of a tree?
57     *
58     * @param Tree      $tree
59     * @param User|null $user
60     *
61     * @return bool
62     */
63    public static function isManager(Tree $tree, User $user = null): bool
64    {
65        $user = $user ?? self::user();
66
67        return self::isAdmin($user) || $tree->getUserPreference($user, 'canedit') === 'admin';
68    }
69
70    /**
71     * Is the specified/current user a moderator of a tree?
72     *
73     * @param Tree      $tree
74     * @param User|null $user
75     *
76     * @return bool
77     */
78    public static function isModerator(Tree $tree, User $user = null): bool
79    {
80        $user = $user ?? self::user();
81
82        return self::isManager($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'accept';
83    }
84
85    /**
86     * Is the specified/current user an editor of a tree?
87     *
88     * @param Tree      $tree
89     * @param User|null $user
90     *
91     * @return bool
92     */
93    public static function isEditor(Tree $tree, User $user = null): bool
94    {
95        $user = $user ?? self::user();
96
97        return self::isModerator($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'edit';
98    }
99
100    /**
101     * Is the specified/current user a member of a tree?
102     *
103     * @param Tree      $tree
104     * @param User|null $user
105     *
106     * @return bool
107     */
108    public static function isMember(Tree $tree, User $user = null): bool
109    {
110        $user = $user ?? self::user();
111
112        return self::isEditor($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'access';
113    }
114
115    /**
116     * What is the specified/current user's access level within a tree?
117     *
118     * @param Tree      $tree
119     * @param User|null $user
120     *
121     * @return int
122     */
123    public static function accessLevel(Tree $tree, User $user = null)
124    {
125        $user = $user ?? self::user();
126
127        if (self::isManager($tree, $user)) {
128            return self::PRIV_NONE;
129        } elseif (self::isMember($tree, $user)) {
130            return self::PRIV_USER;
131        } else {
132            return self::PRIV_PRIVATE;
133        }
134    }
135
136    /**
137     * The ID of the authenticated user, from the current session.
138     *
139     * @return int|null
140     */
141    public static function id()
142    {
143        return Session::get('wt_user');
144    }
145
146    /**
147     * The authenticated user, from the current session.
148     *
149     * @return User
150     */
151    public static function user()
152    {
153        $user = User::find(self::id());
154
155        if ($user === null) {
156            $visitor            = new stdClass();
157            $visitor->user_id   = '';
158            $visitor->user_name = '';
159            $visitor->real_name = '';
160            $visitor->email     = '';
161
162            return new User($visitor);
163        } else {
164            return $user;
165        }
166    }
167
168    /**
169     * Login directly as an explicit user - for masquerading.
170     *
171     * @param User $user
172     *
173     * @return void
174     */
175    public static function login(User $user)
176    {
177        Session::regenerate(false);
178        Session::put('wt_user', $user->getUserId());
179    }
180
181    /**
182     * End the session for the current user.
183     *
184     * @return void
185     */
186    public static function logout()
187    {
188        Session::regenerate(true);
189    }
190}
191