xref: /webtrees/app/Http/Middleware/AuthMember.php (revision 71378461661e7642e52abe7d41c9cfffb3e5369b)
101202f80SGreg Roach<?php
201202f80SGreg Roach
301202f80SGreg Roach/**
401202f80SGreg Roach * webtrees: online genealogy
501202f80SGreg Roach * Copyright (C) 2019 webtrees development team
601202f80SGreg Roach * This program is free software: you can redistribute it and/or modify
701202f80SGreg Roach * it under the terms of the GNU General Public License as published by
801202f80SGreg Roach * the Free Software Foundation, either version 3 of the License, or
901202f80SGreg Roach * (at your option) any later version.
1001202f80SGreg Roach * This program is distributed in the hope that it will be useful,
1101202f80SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
1201202f80SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1301202f80SGreg Roach * GNU General Public License for more details.
1401202f80SGreg Roach * You should have received a copy of the GNU General Public License
1501202f80SGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
1601202f80SGreg Roach */
1701202f80SGreg Roachdeclare(strict_types=1);
1801202f80SGreg Roach
1901202f80SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware;
2001202f80SGreg Roach
2101202f80SGreg Roachuse Fisharebest\Webtrees\Auth;
2201202f80SGreg Roachuse Fisharebest\Webtrees\Http\RequestHandlers\LoginPage;
2301202f80SGreg Roachuse Fisharebest\Webtrees\Tree;
2401202f80SGreg Roachuse Fisharebest\Webtrees\User;
2501202f80SGreg Roachuse Psr\Http\Message\ResponseInterface;
2601202f80SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
2701202f80SGreg Roachuse Psr\Http\Server\MiddlewareInterface;
2801202f80SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
2901202f80SGreg Roachuse Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
30*71378461SGreg Roach
3101202f80SGreg Roachuse function redirect;
3201202f80SGreg Roach
3301202f80SGreg Roach/**
3401202f80SGreg Roach * Middleware to restrict access to editors.
3501202f80SGreg Roach */
3601202f80SGreg Roachclass AuthMember implements MiddlewareInterface
3701202f80SGreg Roach{
3801202f80SGreg Roach    /**
3901202f80SGreg Roach     * @param ServerRequestInterface  $request
4001202f80SGreg Roach     * @param RequestHandlerInterface $handler
4101202f80SGreg Roach     *
4201202f80SGreg Roach     * @return ResponseInterface
4301202f80SGreg Roach     */
4401202f80SGreg Roach    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
4501202f80SGreg Roach    {
4601202f80SGreg Roach        $tree = $request->getAttribute('tree');
4701202f80SGreg Roach        $user = $request->getAttribute('user');
4801202f80SGreg Roach
4901202f80SGreg Roach        // Logged in with the correct role?
5001202f80SGreg Roach        if ($tree instanceof Tree && Auth::isMember($tree, $user)) {
5101202f80SGreg Roach            return $handler->handle($request);
5201202f80SGreg Roach        }
5301202f80SGreg Roach
5401202f80SGreg Roach        // Logged in, but without the correct role?
5501202f80SGreg Roach        if ($user instanceof User) {
5601202f80SGreg Roach            throw new AccessDeniedHttpException();
5701202f80SGreg Roach        }
5801202f80SGreg Roach
5901202f80SGreg Roach        // Not logged in.
6001202f80SGreg Roach        return redirect(route(LoginPage::class, ['url' => $request->getAttribute('request_uri')]));
6101202f80SGreg Roach    }
6201202f80SGreg Roach}
63