xref: /webtrees/app/Http/Middleware/AuthModerator.php (revision f567c3d8c682bc271cb765480294cb4273f7632a)
103f10823SGreg Roach<?php
203f10823SGreg Roach
303f10823SGreg Roach/**
403f10823SGreg Roach * webtrees: online genealogy
503f10823SGreg Roach * Copyright (C) 2019 webtrees development team
603f10823SGreg Roach * This program is free software: you can redistribute it and/or modify
703f10823SGreg Roach * it under the terms of the GNU General Public License as published by
803f10823SGreg Roach * the Free Software Foundation, either version 3 of the License, or
903f10823SGreg Roach * (at your option) any later version.
1003f10823SGreg Roach * This program is distributed in the hope that it will be useful,
1103f10823SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
1203f10823SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1303f10823SGreg Roach * GNU General Public License for more details.
1403f10823SGreg Roach * You should have received a copy of the GNU General Public License
1503f10823SGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
1603f10823SGreg Roach */
1703f10823SGreg Roachdeclare(strict_types=1);
1803f10823SGreg Roach
1903f10823SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware;
2003f10823SGreg Roach
2103f10823SGreg Roachuse Fisharebest\Webtrees\Auth;
2256f9a9c1SGreg Roachuse Fisharebest\Webtrees\Http\RequestHandlers\LoginPage;
2303f10823SGreg Roachuse Fisharebest\Webtrees\Tree;
2403f10823SGreg Roachuse Fisharebest\Webtrees\User;
2503f10823SGreg Roachuse Psr\Http\Message\ResponseInterface;
2603f10823SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
2703f10823SGreg Roachuse Psr\Http\Server\MiddlewareInterface;
2803f10823SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
2903f10823SGreg Roachuse Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
3071378461SGreg Roach
3103f10823SGreg Roachuse function redirect;
3203f10823SGreg Roach
3303f10823SGreg Roach/**
3403f10823SGreg Roach * Middleware to restrict access to moderators.
3503f10823SGreg Roach */
3603f10823SGreg Roachclass AuthModerator implements MiddlewareInterface
3703f10823SGreg Roach{
3803f10823SGreg Roach    /**
3903f10823SGreg Roach     * @param ServerRequestInterface  $request
4003f10823SGreg Roach     * @param RequestHandlerInterface $handler
4103f10823SGreg Roach     *
4203f10823SGreg Roach     * @return ResponseInterface
4303f10823SGreg Roach     */
4403f10823SGreg Roach    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
4503f10823SGreg Roach    {
4603f10823SGreg Roach        $tree = $request->getAttribute('tree');
4703f10823SGreg Roach        $user = $request->getAttribute('user');
4803f10823SGreg Roach
4903f10823SGreg Roach        // Logged in with the correct role?
5003f10823SGreg Roach        if ($tree instanceof Tree && Auth::isModerator($tree, $user)) {
5103f10823SGreg Roach            return $handler->handle($request);
5203f10823SGreg Roach        }
5303f10823SGreg Roach
5403f10823SGreg Roach        // Logged in, but without the correct role?
5503f10823SGreg Roach        if ($user instanceof User) {
5603f10823SGreg Roach            throw new AccessDeniedHttpException();
5703f10823SGreg Roach        }
5803f10823SGreg Roach
5903f10823SGreg Roach        // Not logged in.
60*f567c3d8SGreg Roach        return redirect(route(LoginPage::class, ['url' => $request->getUri()]));
6103f10823SGreg Roach    }
6203f10823SGreg Roach}
63