Elgg  Version 5.1
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Database\AccessCollections;
6 use Elgg\Database\EntityTable;
7 use Elgg\Exceptions\HttpException;
8 use Elgg\Exceptions\Http\EntityNotFoundException;
9 use Elgg\Exceptions\Http\EntityPermissionsException;
10 use Elgg\Exceptions\Http\GatekeeperException;
11 use Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException;
12 use Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException;
13 use Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException;
14 use Elgg\Exceptions\Http\Gatekeeper\LoggedInGatekeeperException;
15 use Elgg\Exceptions\Http\Gatekeeper\LoggedOutGatekeeperException;
16 use Elgg\Http\Request as HttpRequest;
17 use Elgg\I18n\Translator;
18 
24 class Gatekeeper {
25 
29  protected $session_manager;
30 
34  protected $request;
35 
39  protected $redirects;
40 
44  protected $entities;
45 
49  protected $access;
50 
54  protected $translator;
55 
66  public function __construct(
67  SessionManagerService $session_manager,
68  HttpRequest $request,
69  RedirectService $redirects,
70  EntityTable $entities,
71  AccessCollections $access,
72  Translator $translator
73  ) {
74  $this->session_manager = $session_manager;
75  $this->request = $request;
76  $this->redirects = $redirects;
77  $this->entities = $entities;
78  $this->access = $access;
79  $this->translator = $translator;
80  }
81 
87  public function assertAuthenticatedUser() {
88  if ($this->session_manager->isLoggedIn()) {
89  return;
90  }
91 
92  $this->redirects->setLastForwardFrom();
93 
94  throw new LoggedInGatekeeperException();
95  }
96 
102  public function assertUnauthenticatedUser() {
103  if (!$this->session_manager->isLoggedIn()) {
104  return;
105  }
106 
107  $exception = new LoggedOutGatekeeperException();
108  $exception->setRedirectUrl(elgg_get_site_url());
109 
110  throw $exception;
111  }
112 
119  public function assertAuthenticatedAdmin() {
120  $this->assertAuthenticatedUser();
121 
122  $user = $this->session_manager->getLoggedInUser();
123  if ($user->isAdmin()) {
124  return;
125  }
126 
127  $this->redirects->setLastForwardFrom();
128 
129  throw new AdminGatekeeperException();
130  }
131 
145  public function assertExists(int $guid, string $type = null, string $subtype = null): \ElggEntity {
146  $entity = elgg_call(ELGG_IGNORE_ACCESS | ELGG_SHOW_DISABLED_ENTITIES, function () use ($guid, $type, $subtype) {
147  return $this->entities->get($guid, $type, $subtype);
148  });
149 
150  if (!$entity instanceof \ElggEntity) {
151  $exception = new EntityNotFoundException();
152  $exception->setParams([
153  'guid' => $guid,
154  'type' => $type,
155  'subtype' => $subtype,
156  'route' => $this->request->get('_route'),
157  ]);
158  throw $exception;
159  }
160 
161  return $entity;
162  }
163 
174  public function assertAccessibleEntity(\ElggEntity $entity, \ElggUser $user = null, bool $validate_can_edit = false): void {
175 
176  $result = true;
177 
178  try {
179  $user_guid = $user ? $user->guid : 0;
180  if (!$this->session_manager->getIgnoreAccess() && !$entity->hasAccess($user_guid)) {
181  // user is logged in but still does not have access to it
182  $msg = $this->translator->translate('limited_access');
183  $exception = new EntityPermissionsException($msg);
184  $exception->setParams([
185  'entity' => $entity,
186  'user' => $user,
187  'route' => $this->request->get('_route'),
188  ]);
189  throw $exception;
190  }
191 
192  if ($validate_can_edit && !$entity->canEdit($user_guid)) {
193  // logged in user does not have edit or write access to it
194  $msg = $this->translator->translate('limited_access');
195  $exception = new EntityPermissionsException($msg);
196  $exception->setParams([
197  'entity' => $entity,
198  'user' => $user,
199  'route' => $this->request->get('_route'),
200  ]);
201  throw $exception;
202  }
203 
204  if (!$entity->isEnabled() && !$this->session_manager->getDisabledEntityVisibility()) {
205  // entity exists, but is disabled
206  $exception = new EntityNotFoundException();
207  $exception->setParams([
208  'entity' => $entity,
209  'user' => $user,
210  'route' => $this->request->get('_route'),
211  ]);
212  throw $exception;
213  }
214 
215  if ($entity instanceof \ElggGroup) {
216  $this->assertAccessibleGroup($entity, $user);
217  }
218 
219  foreach (['owner_guid', 'container_guid'] as $prop) {
220  if (!$entity->$prop) {
221  continue;
222  }
223 
224  $parent = $this->assertExists($entity->$prop);
225  $this->assertAccessibleEntity($parent, $user);
226  }
227  } catch (HttpException $ex) {
228  $result = $ex;
229  }
230 
231  $params = [
232  'entity' => $entity,
233  'user' => $user,
234  'route' => $this->request->get('_route'),
235  ];
236 
237  $result = _elgg_services()->events->triggerResults('gatekeeper', "{$entity->type}:{$entity->subtype}", $params, $result);
238 
239  if ($result instanceof HttpException) {
240  throw $result;
241  } else if ($result === false) {
242  throw new HttpException();
243  }
244  }
245 
255  public function assertAccessibleUser(\ElggUser $user, \ElggUser $viewer = null): void {
256  if (!$user->isBanned()) {
257  return;
258  }
259 
260  if (!isset($viewer)) {
261  $viewer = $this->session_manager->getLoggedInUser();
262  }
263 
264  if (!$viewer || !$viewer->isAdmin()) {
265  $exception = new EntityNotFoundException();
266  $exception->setParams([
267  'entity' => $user,
268  'user' => $viewer,
269  'route' => $this->request->get('_route'),
270  ]);
271  throw $exception;
272  }
273  }
274 
285  public function assertAccessibleGroup(\ElggGroup $group, \ElggUser $user = null): void {
286  if ($group->canAccessContent($user)) {
287  return;
288  }
289 
290  $this->assertAuthenticatedUser();
291 
292  $this->redirects->setLastForwardFrom();
293 
294  $exception = new GroupGatekeeperException();
295  $exception->setParams([
296  'entity' => $group,
297  'user' => $user,
298  'route' => $this->request->get('_route'),
299  ]);
300  $exception->setRedirectUrl($group->getURL());
301  throw $exception;
302  }
303 
310  public function assertXmlHttpRequest() {
311  if ($this->request->isXmlHttpRequest()) {
312  return;
313  }
314 
315  throw new AjaxGatekeeperException();
316  }
317 }
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:299
$user_guid
$user_guid
Definition: login_as.php:10
$params
$params
Saves global plugin settings.
Definition: save.php:13
$result
$result
Definition: set_maintenance_mode.php:11
Elgg\Gatekeeper\assertXmlHttpRequest
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:310
Elgg\Gatekeeper\__construct
__construct(SessionManagerService $session_manager, HttpRequest $request, RedirectService $redirects, EntityTable $entities, AccessCollections $access, Translator $translator)
Constructor.
Definition: Gatekeeper.php:66
$access
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:25
$request
$request
Definition: livesearch.php:12
void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException
Thrown when the logged in user is not an admin.
Definition: AdminGatekeeperException.php:12
$type
$type
Definition: delete.php:22
Elgg\Gatekeeper\assertAccessibleGroup
assertAccessibleGroup(\ElggGroup $group,\ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:285
ElggEntity\canEdit
canEdit(int $user_guid=0)
Can a user edit this entity?
Definition: ElggEntity.php:946
Elgg\Gatekeeper\assertUnauthenticatedUser
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:102
Elgg\RedirectService
Handles common tasks when redirecting a request.
Definition: RedirectService.php:7
ELGG_IGNORE_ACCESS
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:130
Elgg\Gatekeeper\assertAccessibleEntity
assertAccessibleEntity(\ElggEntity $entity,\ElggUser $user=null, bool $validate_can_edit=false)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:174
Elgg\Gatekeeper\assertExists
assertExists(int $guid, string $type=null, string $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:145
Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GroupGatekeeperException.php:12
$entity
$entity
Definition: reset.php:8
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:132
Elgg\Gatekeeper\assertAuthenticatedAdmin
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:119
Elgg\Exceptions\Http\EntityPermissionsException
Thrown when entity can not be edited or container permissions do not allow it to be written...
Definition: EntityPermissionsException.php:12
ElggEntity\hasAccess
hasAccess(int $user_guid=0)
Check if the given user has access to this entity.
Definition: ElggEntity.php:933
$user
$user
Definition: ban.php:7
Elgg\Gatekeeper\assertAccessibleUser
assertAccessibleUser(\ElggUser $user,\ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:255
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:26
ElggEntity\isEnabled
isEnabled()
Is this entity enabled?
Definition: ElggEntity.php:1642
Elgg\Exceptions\HttpException
Generic HTTP exception.
Definition: HttpException.php:10
Elgg\Gatekeeper\assertAuthenticatedUser
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:87
$subtype
$subtype
Definition: delete.php:23
EntityNotFoundException
Aggregate action for saving settings.
$exception
$exception
Definition: error.php:15
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:346
ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:178
ElggGroup\canAccessContent
canAccessContent(ElggUser $user=null)
Check if current user can access group content based on his/her membership status and group&#39;s content...
Definition: ElggGroup.php:268
Elgg\Gatekeeper
Gatekeeper.
Definition: Gatekeeper.php:24
Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException
Thrown when the request is not a valid ajax request.
Definition: AjaxGatekeeperException.php:12
Elgg\Database\AccessCollections
Access collections database service.
Definition: AccessCollections.php:23
ElggEntity\getURL
getURL()
Gets the URL for this entity.
Definition: ElggEntity.php:1123
Elgg\Database\EntityTable
Entity table database service.
Definition: EntityTable.php:26
$guid
$guid
Reset an ElggUpgrade.
Definition: reset.php:6
Generated on Mon Dec 4 2023 00:00:21 for Elgg by   doxygen 1.8.11