103f10823SGreg Roach<?php 203f10823SGreg Roach 303f10823SGreg Roach/** 403f10823SGreg Roach * webtrees: online genealogy 589f7189bSGreg Roach * Copyright (C) 2021 webtrees development team 603f10823SGreg Roach * This program is free software: you can redistribute it and/or modify 703f10823SGreg Roach * it under the terms of the GNU General Public License as published by 803f10823SGreg Roach * the Free Software Foundation, either version 3 of the License, or 903f10823SGreg Roach * (at your option) any later version. 1003f10823SGreg Roach * This program is distributed in the hope that it will be useful, 1103f10823SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 1203f10823SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1303f10823SGreg Roach * GNU General Public License for more details. 1403f10823SGreg Roach * You should have received a copy of the GNU General Public License 1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>. 1603f10823SGreg Roach */ 17fcfa147eSGreg Roach 1803f10823SGreg Roachdeclare(strict_types=1); 1903f10823SGreg Roach 2003f10823SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware; 2103f10823SGreg Roach 2215958f0eSGreg Roachuse Fig\Http\Message\RequestMethodInterface; 2303f10823SGreg Roachuse Fisharebest\Webtrees\Auth; 2481b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; 2556f9a9c1SGreg Roachuse Fisharebest\Webtrees\Http\RequestHandlers\LoginPage; 2603f10823SGreg Roachuse Fisharebest\Webtrees\Tree; 2703f10823SGreg Roachuse Fisharebest\Webtrees\User; 2803f10823SGreg Roachuse Psr\Http\Message\ResponseInterface; 2903f10823SGreg Roachuse Psr\Http\Message\ServerRequestInterface; 3003f10823SGreg Roachuse Psr\Http\Server\MiddlewareInterface; 3103f10823SGreg Roachuse Psr\Http\Server\RequestHandlerInterface; 3271378461SGreg Roach 3315958f0eSGreg Roachuse function assert; 3403f10823SGreg Roachuse function redirect; 350c0910bfSGreg Roachuse function route; 3603f10823SGreg Roach 3703f10823SGreg Roach/** 3803f10823SGreg Roach * Middleware to restrict access to moderators. 3903f10823SGreg Roach */ 4003f10823SGreg Roachclass AuthModerator implements MiddlewareInterface 4103f10823SGreg Roach{ 4203f10823SGreg Roach /** 4303f10823SGreg Roach * @param ServerRequestInterface $request 4403f10823SGreg Roach * @param RequestHandlerInterface $handler 4503f10823SGreg Roach * 4603f10823SGreg Roach * @return ResponseInterface 4703f10823SGreg Roach */ 4803f10823SGreg Roach public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface 4903f10823SGreg Roach { 5003f10823SGreg Roach $tree = $request->getAttribute('tree'); 5115958f0eSGreg Roach assert($tree instanceof Tree); 525229eadeSGreg Roach 5303f10823SGreg Roach $user = $request->getAttribute('user'); 5403f10823SGreg Roach 5503f10823SGreg Roach // Logged in with the correct role? 5686661454SGreg Roach if (Auth::isModerator($tree, $user)) { 5703f10823SGreg Roach return $handler->handle($request); 5803f10823SGreg Roach } 5903f10823SGreg Roach 6003f10823SGreg Roach // Logged in, but without the correct role? 6115958f0eSGreg Roach if ($user instanceof User || $request->getMethod() === RequestMethodInterface::METHOD_POST) { 62d501c45dSGreg Roach throw new HttpAccessDeniedException(); 6303f10823SGreg Roach } 6403f10823SGreg Roach 6503f10823SGreg Roach // Not logged in. 66*09482a55SGreg Roach return redirect(route(LoginPage::class, ['tree' => $tree->name(), 'url' => (string) $request->getUri()])); 6703f10823SGreg Roach } 6803f10823SGreg Roach} 69