xref: /webtrees/app/Http/Middleware/AuthAdministrator.php (revision d11be7027e34e3121be11cc025421873364403f9)
103f10823SGreg Roach<?php
203f10823SGreg Roach
303f10823SGreg Roach/**
403f10823SGreg Roach * webtrees: online genealogy
5*d11be702SGreg Roach * Copyright (C) 2023 webtrees development team
603f10823SGreg Roach * This program is free software: you can redistribute it and/or modify
703f10823SGreg Roach * it under the terms of the GNU General Public License as published by
803f10823SGreg Roach * the Free Software Foundation, either version 3 of the License, or
903f10823SGreg Roach * (at your option) any later version.
1003f10823SGreg Roach * This program is distributed in the hope that it will be useful,
1103f10823SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
1203f10823SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1303f10823SGreg Roach * GNU General Public License for more details.
1403f10823SGreg Roach * You should have received a copy of the GNU General Public License
1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
1603f10823SGreg Roach */
17fcfa147eSGreg Roach
1803f10823SGreg Roachdeclare(strict_types=1);
1903f10823SGreg Roach
2003f10823SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware;
2103f10823SGreg Roach
2215958f0eSGreg Roachuse Fig\Http\Message\RequestMethodInterface;
2303f10823SGreg Roachuse Fisharebest\Webtrees\Auth;
2481b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
2556f9a9c1SGreg Roachuse Fisharebest\Webtrees\Http\RequestHandlers\LoginPage;
2603f10823SGreg Roachuse Fisharebest\Webtrees\User;
27b55cbc6bSGreg Roachuse Fisharebest\Webtrees\Validator;
2803f10823SGreg Roachuse Psr\Http\Message\ResponseInterface;
2903f10823SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
3003f10823SGreg Roachuse Psr\Http\Server\MiddlewareInterface;
3103f10823SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
3271378461SGreg Roach
3303f10823SGreg Roachuse function redirect;
340c0910bfSGreg Roachuse function route;
3503f10823SGreg Roach
3603f10823SGreg Roach/**
3703f10823SGreg Roach * Middleware to restrict access to administrators.
3803f10823SGreg Roach */
3903f10823SGreg Roachclass AuthAdministrator implements MiddlewareInterface
4003f10823SGreg Roach{
4103f10823SGreg Roach    /**
4203f10823SGreg Roach     * @param ServerRequestInterface  $request
4303f10823SGreg Roach     * @param RequestHandlerInterface $handler
4403f10823SGreg Roach     *
4503f10823SGreg Roach     * @return ResponseInterface
4603f10823SGreg Roach     */
4703f10823SGreg Roach    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
4803f10823SGreg Roach    {
49b55cbc6bSGreg Roach        $user = Validator::attributes($request)->user();
5003f10823SGreg Roach
5103f10823SGreg Roach        // Logged in with the correct role?
5203f10823SGreg Roach        if (Auth::isAdmin($user)) {
5303f10823SGreg Roach            return $handler->handle($request);
5403f10823SGreg Roach        }
5503f10823SGreg Roach
5603f10823SGreg Roach        // Logged in, but without the correct role?
5715958f0eSGreg Roach        if ($user instanceof User || $request->getMethod() === RequestMethodInterface::METHOD_POST) {
58d501c45dSGreg Roach            throw new HttpAccessDeniedException();
5903f10823SGreg Roach        }
6003f10823SGreg Roach
6103f10823SGreg Roach        // Not logged in.
6209482a55SGreg Roach        return redirect(route(LoginPage::class, ['url' => (string) $request->getUri()]));
6303f10823SGreg Roach    }
6403f10823SGreg Roach}
65