Elgg  Version 6.2
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Database\AccessCollections;
6 use Elgg\Database\EntityTable;
7 use Elgg\Exceptions\HttpException;
8 use Elgg\Exceptions\Http\EntityNotFoundException;
9 use Elgg\Exceptions\Http\EntityPermissionsException;
10 use Elgg\Exceptions\Http\GatekeeperException;
11 use Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException;
12 use Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException;
13 use Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException;
14 use Elgg\Exceptions\Http\Gatekeeper\LoggedInGatekeeperException;
15 use Elgg\Exceptions\Http\Gatekeeper\LoggedOutGatekeeperException;
16 use Elgg\Http\Request as HttpRequest;
17 use Elgg\I18n\Translator;
18 
24 class Gatekeeper {
25 
36  public function __construct(
37  protected SessionManagerService $session_manager,
38  protected HttpRequest $request,
39  protected RedirectService $redirects,
40  protected EntityTable $entities,
41  protected AccessCollections $access,
42  protected Translator $translator
43  ) {
44  }
45 
52  public function assertAuthenticatedUser(): void {
53  if ($this->session_manager->isLoggedIn()) {
54  return;
55  }
56 
57  $this->redirects->setLastForwardFrom();
58 
59  throw new LoggedInGatekeeperException();
60  }
61 
68  public function assertUnauthenticatedUser(): void {
69  if (!$this->session_manager->isLoggedIn()) {
70  return;
71  }
72 
73  $exception = new LoggedOutGatekeeperException();
74  $exception->setRedirectUrl(elgg_get_site_url());
75 
76  throw $exception;
77  }
78 
86  public function assertAuthenticatedAdmin(): void {
87  $this->assertAuthenticatedUser();
88 
89  $user = $this->session_manager->getLoggedInUser();
90  if ($user->isAdmin()) {
91  return;
92  }
93 
94  $this->redirects->setLastForwardFrom();
95 
96  throw new AdminGatekeeperException();
97  }
98 
112  public function assertExists(int $guid, string $type = null, string $subtype = null): \ElggEntity {
113  $entity = elgg_call(ELGG_IGNORE_ACCESS | ELGG_SHOW_DISABLED_ENTITIES, function () use ($guid, $type, $subtype) {
114  return $this->entities->get($guid, $type, $subtype);
115  });
116 
117  if (!$entity instanceof \ElggEntity) {
118  $exception = new EntityNotFoundException();
119  $exception->setParams([
120  'guid' => $guid,
121  'type' => $type,
122  'subtype' => $subtype,
123  'route' => $this->request->get('_route'),
124  ]);
125  throw $exception;
126  }
127 
128  return $entity;
129  }
130 
141  public function assertAccessibleEntity(\ElggEntity $entity, \ElggUser $user = null, bool $validate_can_edit = false): void {
142 
143  $result = true;
144 
145  try {
146  $user_guid = $user ? $user->guid : 0;
147  if (!$this->session_manager->getIgnoreAccess() && !$entity->hasAccess($user_guid)) {
148  // user is logged in but still does not have access to it
149  $msg = $this->translator->translate('limited_access');
150  $exception = new EntityPermissionsException($msg);
151  $exception->setParams([
152  'entity' => $entity,
153  'user' => $user,
154  'route' => $this->request->get('_route'),
155  ]);
156  throw $exception;
157  }
158 
159  if ($validate_can_edit && !$entity->canEdit($user_guid)) {
160  // logged in user does not have edit or write access to it
161  $msg = $this->translator->translate('limited_access');
162  $exception = new EntityPermissionsException($msg);
163  $exception->setParams([
164  'entity' => $entity,
165  'user' => $user,
166  'route' => $this->request->get('_route'),
167  ]);
168  throw $exception;
169  }
170 
171  if (!$entity->isEnabled() && !$this->session_manager->getDisabledEntityVisibility()) {
172  // entity exists, but is disabled
173  $exception = new EntityNotFoundException();
174  $exception->setParams([
175  'entity' => $entity,
176  'user' => $user,
177  'route' => $this->request->get('_route'),
178  ]);
179  throw $exception;
180  }
181 
182  if ($entity instanceof \ElggGroup) {
183  $this->assertAccessibleGroup($entity, $user);
184  }
185 
186  foreach (['owner_guid', 'container_guid'] as $prop) {
187  if (!$entity->$prop) {
188  continue;
189  }
190 
191  $parent = $this->assertExists($entity->$prop);
192  $this->assertAccessibleEntity($parent, $user);
193  }
194  } catch (HttpException $ex) {
195  $result = $ex;
196  }
197 
198  $params = [
199  'entity' => $entity,
200  'user' => $user,
201  'route' => $this->request->get('_route'),
202  ];
203 
204  $result = _elgg_services()->events->triggerResults('gatekeeper', "{$entity->type}:{$entity->subtype}", $params, $result);
205 
206  if ($result instanceof HttpException) {
207  throw $result;
208  } else if ($result === false) {
209  throw new HttpException();
210  }
211  }
212 
222  public function assertAccessibleUser(\ElggUser $user, \ElggUser $viewer = null): void {
223  if (!$user->isBanned()) {
224  return;
225  }
226 
227  if (!isset($viewer)) {
228  $viewer = $this->session_manager->getLoggedInUser();
229  }
230 
231  if (!$viewer || !$viewer->isAdmin()) {
232  $exception = new EntityNotFoundException();
233  $exception->setParams([
234  'entity' => $user,
235  'user' => $viewer,
236  'route' => $this->request->get('_route'),
237  ]);
238  throw $exception;
239  }
240  }
241 
252  public function assertAccessibleGroup(\ElggGroup $group, \ElggUser $user = null): void {
253  if ($group->canAccessContent($user)) {
254  return;
255  }
256 
257  $this->assertAuthenticatedUser();
258 
259  $this->redirects->setLastForwardFrom();
260 
261  $exception = new GroupGatekeeperException();
262  $exception->setParams([
263  'entity' => $group,
264  'user' => $user,
265  'route' => $this->request->get('_route'),
266  ]);
267  $exception->setRedirectUrl($group->getURL());
268  throw $exception;
269  }
270 
277  public function assertXmlHttpRequest(): void {
278  if ($this->request->isXmlHttpRequest()) {
279  return;
280  }
281 
282  throw new AjaxGatekeeperException();
283  }
284 }
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:306
$group
if(!elgg_get_config('trash_enabled')) $group
Definition: group.php:13
$user_guid
$user_guid
Definition: login_as.php:10
$params
$params
Saves global plugin settings.
Definition: save.php:13
$result
$result
Definition: set_maintenance_mode.php:11
Elgg\Gatekeeper\assertXmlHttpRequest
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:277
$access
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
$request
$request
Definition: livesearch.php:12
void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException
Thrown when the logged in user is not an admin.
Definition: AdminGatekeeperException.php:12
$type
$type
Definition: delete.php:21
Elgg\Gatekeeper\assertAccessibleGroup
assertAccessibleGroup(\ElggGroup $group,\ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:252
Elgg\Gatekeeper\__construct
__construct(protected SessionManagerService $session_manager, protected HttpRequest $request, protected RedirectService $redirects, protected EntityTable $entities, protected AccessCollections $access, protected Translator $translator)
Constructor.
Definition: Gatekeeper.php:36
ElggEntity\canEdit
canEdit(int $user_guid=0)
Can a user edit this entity?
Definition: ElggEntity.php:397
Elgg\Gatekeeper\assertUnauthenticatedUser
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:68
Elgg\RedirectService
Handles common tasks when redirecting a request.
Definition: RedirectService.php:7
ELGG_IGNORE_ACCESS
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:121
Elgg\Gatekeeper\assertAccessibleEntity
assertAccessibleEntity(\ElggEntity $entity,\ElggUser $user=null, bool $validate_can_edit=false)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:141
Elgg\Gatekeeper\assertExists
assertExists(int $guid, string $type=null, string $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:112
Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GroupGatekeeperException.php:12
$entity
$entity
Definition: reset.php:8
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:123
Elgg\Gatekeeper\assertAuthenticatedAdmin
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:86
Elgg\Exceptions\Http\EntityPermissionsException
Thrown when entity can not be edited or container permissions do not allow it to be written...
Definition: EntityPermissionsException.php:10
ElggGroup\canAccessContent
canAccessContent(?\ElggUser $user=null)
Check if current user can access group content based on his/her membership status and group&#39;s content...
Definition: ElggGroup.php:265
ElggEntity\hasAccess
hasAccess(int $user_guid=0)
Check if the given user has access to this entity.
Definition: ElggEntity.php:384
$user
$user
Definition: ban.php:7
Elgg\Gatekeeper\assertAccessibleUser
assertAccessibleUser(\ElggUser $user,\ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:222
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:26
ElggEntity\isEnabled
isEnabled()
Is this entity enabled?
Definition: ElggEntity.php:1000
Elgg\Exceptions\HttpException
Generic HTTP exception.
Definition: HttpException.php:10
Elgg\Gatekeeper\assertAuthenticatedUser
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:52
$subtype
$subtype
Definition: delete.php:22
EntityNotFoundException
Aggregate action for saving settings.
$exception
$exception
Definition: error.php:15
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:173
Elgg\Gatekeeper
Gatekeeper.
Definition: Gatekeeper.php:24
Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException
Thrown when the request is not a valid ajax request.
Definition: AjaxGatekeeperException.php:12
ElggEntity\getURL
getURL()
Gets the URL for this entity.
Definition: ElggEntity.php:573
Elgg\Database\EntityTable
Entity table database service.
Definition: EntityTable.php:24
$guid
$guid
Reset an ElggUpgrade.
Definition: reset.php:6
Generated on Wed Jul 2 2025 00:00:18 for Elgg by   doxygen 1.8.11