xref: /webtrees/app/Http/Middleware/AuthModerator.php (revision 09482a558a7989d76059e7f9911605cf836b77ba)
103f10823SGreg Roach<?php
203f10823SGreg Roach
303f10823SGreg Roach/**
403f10823SGreg Roach * webtrees: online genealogy
589f7189bSGreg Roach * Copyright (C) 2021 webtrees development team
603f10823SGreg Roach * This program is free software: you can redistribute it and/or modify
703f10823SGreg Roach * it under the terms of the GNU General Public License as published by
803f10823SGreg Roach * the Free Software Foundation, either version 3 of the License, or
903f10823SGreg Roach * (at your option) any later version.
1003f10823SGreg Roach * This program is distributed in the hope that it will be useful,
1103f10823SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
1203f10823SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1303f10823SGreg Roach * GNU General Public License for more details.
1403f10823SGreg Roach * You should have received a copy of the GNU General Public License
1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
1603f10823SGreg Roach */
17fcfa147eSGreg Roach
1803f10823SGreg Roachdeclare(strict_types=1);
1903f10823SGreg Roach
2003f10823SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware;
2103f10823SGreg Roach
2215958f0eSGreg Roachuse Fig\Http\Message\RequestMethodInterface;
2303f10823SGreg Roachuse Fisharebest\Webtrees\Auth;
2481b729d3SGreg Roachuse Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
2556f9a9c1SGreg Roachuse Fisharebest\Webtrees\Http\RequestHandlers\LoginPage;
2603f10823SGreg Roachuse Fisharebest\Webtrees\Tree;
2703f10823SGreg Roachuse Fisharebest\Webtrees\User;
2803f10823SGreg Roachuse Psr\Http\Message\ResponseInterface;
2903f10823SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
3003f10823SGreg Roachuse Psr\Http\Server\MiddlewareInterface;
3103f10823SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
3271378461SGreg Roach
3315958f0eSGreg Roachuse function assert;
3403f10823SGreg Roachuse function redirect;
350c0910bfSGreg Roachuse function route;
3603f10823SGreg Roach
3703f10823SGreg Roach/**
3803f10823SGreg Roach * Middleware to restrict access to moderators.
3903f10823SGreg Roach */
4003f10823SGreg Roachclass AuthModerator implements MiddlewareInterface
4103f10823SGreg Roach{
4203f10823SGreg Roach    /**
4303f10823SGreg Roach     * @param ServerRequestInterface  $request
4403f10823SGreg Roach     * @param RequestHandlerInterface $handler
4503f10823SGreg Roach     *
4603f10823SGreg Roach     * @return ResponseInterface
4703f10823SGreg Roach     */
4803f10823SGreg Roach    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
4903f10823SGreg Roach    {
5003f10823SGreg Roach        $tree = $request->getAttribute('tree');
5115958f0eSGreg Roach        assert($tree instanceof Tree);
525229eadeSGreg Roach
5303f10823SGreg Roach        $user = $request->getAttribute('user');
5403f10823SGreg Roach
5503f10823SGreg Roach        // Logged in with the correct role?
5686661454SGreg Roach        if (Auth::isModerator($tree, $user)) {
5703f10823SGreg Roach            return $handler->handle($request);
5803f10823SGreg Roach        }
5903f10823SGreg Roach
6003f10823SGreg Roach        // Logged in, but without the correct role?
6115958f0eSGreg Roach        if ($user instanceof User || $request->getMethod() === RequestMethodInterface::METHOD_POST) {
62d501c45dSGreg Roach            throw new HttpAccessDeniedException();
6303f10823SGreg Roach        }
6403f10823SGreg Roach
6503f10823SGreg Roach        // Not logged in.
66*09482a55SGreg Roach        return redirect(route(LoginPage::class, ['tree' => $tree->name(), 'url' => (string) $request->getUri()]));
6703f10823SGreg Roach    }
6803f10823SGreg Roach}
69