xref: /webtrees/app/Auth.php (revision e7f56f2af615447ab1a7646851f88b465ace9e04) 
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2018 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16declare(strict_types=1);
17
18namespace Fisharebest\Webtrees;
19
20use stdClass;
21
22/**
23 * Authentication.
24 */
25class Auth
26{
27    // Privacy constants
28    const PRIV_PRIVATE = 2; // Allows visitors to view the item
29    const PRIV_USER    = 1; // Allows members to access the item
30    const PRIV_NONE    = 0; // Allows managers to access the item
31    const PRIV_HIDE    = -1; // Hide the item to all users
32
33    /**
34     * Are we currently logged in?
35     *
36     * @return bool
37     */
38    public static function check(): bool
39    {
40        return self::id() !== null;
41    }
42
43    /**
44     * Is the specified/current user an administrator?
45     *
46     * @param User|null $user
47     *
48     * @return bool
49     */
50    public static function isAdmin(User $user = null): bool
51    {
52        $user = $user ?? self::user();
53
54        return $user->getPreference('canadmin') === '1';
55    }
56
57    /**
58     * Is the specified/current user a manager of a tree?
59     *
60     * @param Tree      $tree
61     * @param User|null $user
62     *
63     * @return bool
64     */
65    public static function isManager(Tree $tree, User $user = null): bool
66    {
67        $user = $user ?? self::user();
68
69        return self::isAdmin($user) || $tree->getUserPreference($user, 'canedit') === 'admin';
70    }
71
72    /**
73     * Is the specified/current user a moderator of a tree?
74     *
75     * @param Tree      $tree
76     * @param User|null $user
77     *
78     * @return bool
79     */
80    public static function isModerator(Tree $tree, User $user = null): bool
81    {
82        $user = $user ?? self::user();
83
84        return self::isManager($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'accept';
85    }
86
87    /**
88     * Is the specified/current user an editor of a tree?
89     *
90     * @param Tree      $tree
91     * @param User|null $user
92     *
93     * @return bool
94     */
95    public static function isEditor(Tree $tree, User $user = null): bool
96    {
97        $user = $user ?? self::user();
98
99        return self::isModerator($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'edit';
100    }
101
102    /**
103     * Is the specified/current user a member of a tree?
104     *
105     * @param Tree      $tree
106     * @param User|null $user
107     *
108     * @return bool
109     */
110    public static function isMember(Tree $tree, User $user = null): bool
111    {
112        $user = $user ?? self::user();
113
114        return self::isEditor($tree, $user) || $tree->getUserPreference($user, 'canedit') === 'access';
115    }
116
117    /**
118     * What is the specified/current user's access level within a tree?
119     *
120     * @param Tree      $tree
121     * @param User|null $user
122     *
123     * @return int
124     */
125    public static function accessLevel(Tree $tree, User $user = null)
126    {
127        $user = $user ?? self::user();
128
129        if (self::isManager($tree, $user)) {
130            return self::PRIV_NONE;
131        }
132
133        if (self::isMember($tree, $user)) {
134            return self::PRIV_USER;
135        }
136
137        return self::PRIV_PRIVATE;
138    }
139
140    /**
141     * The ID of the authenticated user, from the current session.
142     *
143     * @return int|null
144     */
145    public static function id()
146    {
147        return Session::get('wt_user');
148    }
149
150    /**
151     * The authenticated user, from the current session.
152     *
153     * @return User
154     */
155    public static function user()
156    {
157        $user = User::find(self::id());
158
159        if ($user === null) {
160            $visitor            = new stdClass();
161            $visitor->user_id   = '';
162            $visitor->user_name = '';
163            $visitor->real_name = '';
164            $visitor->email     = '';
165
166            return new User($visitor);
167        }
168
169        return $user;
170    }
171
172    /**
173     * Login directly as an explicit user - for masquerading.
174     *
175     * @param User $user
176     *
177     * @return void
178     */
179    public static function login(User $user)
180    {
181        Session::regenerate(false);
182        Session::put('wt_user', $user->getUserId());
183    }
184
185    /**
186     * End the session for the current user.
187     *
188     * @return void
189     */
190    public static function logout()
191    {
192        Session::regenerate(true);
193    }
194}
195