Elgg  Version 6.3
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Database\AccessCollections;
6 use Elgg\Database\EntityTable;
7 use Elgg\Exceptions\HttpException;
8 use Elgg\Exceptions\Http\EntityNotFoundException;
9 use Elgg\Exceptions\Http\EntityPermissionsException;
10 use Elgg\Exceptions\Http\GatekeeperException;
11 use Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException;
12 use Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException;
13 use Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException;
14 use Elgg\Exceptions\Http\Gatekeeper\LoggedInGatekeeperException;
15 use Elgg\Exceptions\Http\Gatekeeper\LoggedOutGatekeeperException;
16 use Elgg\Http\Request as HttpRequest;
17 use Elgg\I18n\Translator;
18 
24 class Gatekeeper {
25 
36  public function __construct(
37  protected SessionManagerService $session_manager,
38  protected HttpRequest $request,
39  protected RedirectService $redirects,
40  protected EntityTable $entities,
41  protected AccessCollections $access,
42  protected Translator $translator
43  ) {
44  }
45 
52  public function assertAuthenticatedUser(): void {
53  if ($this->session_manager->isLoggedIn()) {
54  return;
55  }
56 
57  $this->redirects->setLastForwardFrom();
58 
59  throw new LoggedInGatekeeperException();
60  }
61 
68  public function assertUnauthenticatedUser(): void {
69  if (!$this->session_manager->isLoggedIn()) {
70  return;
71  }
72 
73  $exception = new LoggedOutGatekeeperException();
74  $exception->setRedirectUrl(elgg_get_site_url());
75 
76  throw $exception;
77  }
78 
86  public function assertAuthenticatedAdmin(): void {
87  $this->assertAuthenticatedUser();
88 
89  $user = $this->session_manager->getLoggedInUser();
90  if ($user->isAdmin()) {
91  return;
92  }
93 
94  $this->redirects->setLastForwardFrom();
95 
96  throw new AdminGatekeeperException();
97  }
98 
112  public function assertExists(int $guid, ?string $type = null, ?string $subtype = null): \ElggEntity {
113  $entity = elgg_call(ELGG_IGNORE_ACCESS | ELGG_SHOW_DISABLED_ENTITIES, function () use ($guid, $type, $subtype) {
114  return $this->entities->get($guid, $type, $subtype);
115  });
116 
117  if (!$entity instanceof \ElggEntity) {
118  $exception = new EntityNotFoundException();
119  $exception->setParams([
120  'guid' => $guid,
121  'type' => $type,
122  'subtype' => $subtype,
123  'route' => $this->request->get('_route'),
124  ]);
125  throw $exception;
126  }
127 
128  return $entity;
129  }
130 
141  public function assertAccessibleEntity(\ElggEntity $entity, ?\ElggUser $user = null, bool $validate_can_edit = false): void {
142 
143  $result = true;
144 
145  try {
146  $user_guid = $user ? $user->guid : 0;
147  if (!$this->session_manager->getIgnoreAccess() && !$entity->hasAccess($user_guid)) {
148  // user is logged in but still does not have access to it
149  $msg = $this->translator->translate('limited_access');
150  $exception = new EntityPermissionsException($msg);
151  $exception->setParams([
152  'entity' => $entity,
153  'user' => $user,
154  'route' => $this->request->get('_route'),
155  ]);
156  throw $exception;
157  }
158 
159  if ($validate_can_edit && !$entity->canEdit($user_guid)) {
160  // logged in user does not have edit or write access to it
161  $msg = $this->translator->translate('limited_access');
162  $exception = new EntityPermissionsException($msg);
163  $exception->setParams([
164  'entity' => $entity,
165  'user' => $user,
166  'route' => $this->request->get('_route'),
167  ]);
168  throw $exception;
169  }
170 
171  if (!$entity->isEnabled() && !$this->session_manager->getDisabledEntityVisibility()) {
172  // entity exists, but is disabled
173  $exception = new EntityNotFoundException();
174  $exception->setParams([
175  'entity' => $entity,
176  'user' => $user,
177  'route' => $this->request->get('_route'),
178  ]);
179  throw $exception;
180  }
181 
182  if ($entity instanceof \ElggGroup) {
183  $this->assertAccessibleGroup($entity, $user);
184  }
185 
186  foreach (['owner_guid', 'container_guid'] as $prop) {
187  if (!$entity->$prop) {
188  continue;
189  }
190 
191  $parent = $this->assertExists($entity->$prop);
192  $this->assertAccessibleEntity($parent, $user);
193  }
194  } catch (HttpException $ex) {
195  $result = $ex;
196  }
197 
198  $params = [
199  'entity' => $entity,
200  'user' => $user,
201  'route' => $this->request->get('_route'),
202  ];
203 
204  $result = _elgg_services()->events->triggerResults('gatekeeper', "{$entity->type}:{$entity->subtype}", $params, $result);
205 
206  if ($result instanceof HttpException) {
207  throw $result;
208  } else if ($result === false) {
209  throw new HttpException();
210  }
211  }
212 
222  public function assertAccessibleUser(\ElggUser $user, ?\ElggUser $viewer = null): void {
223  if (!$user->isBanned()) {
224  return;
225  }
226 
227  if (!isset($viewer)) {
228  $viewer = $this->session_manager->getLoggedInUser();
229  }
230 
231  if (!$viewer || !$viewer->isAdmin()) {
232  $exception = new EntityNotFoundException();
233  $exception->setParams([
234  'entity' => $user,
235  'user' => $viewer,
236  'route' => $this->request->get('_route'),
237  ]);
238  throw $exception;
239  }
240  }
241 
252  public function assertAccessibleGroup(\ElggGroup $group, ?\ElggUser $user = null): void {
253  if ($group->canAccessContent($user)) {
254  return;
255  }
256 
257  $this->assertAuthenticatedUser();
258 
259  $this->redirects->setLastForwardFrom();
260 
261  $exception = new GroupGatekeeperException();
262  $exception->setParams([
263  'entity' => $group,
264  'user' => $user,
265  'route' => $this->request->get('_route'),
266  ]);
267  $exception->setRedirectUrl($group->getURL());
268  throw $exception;
269  }
270 
277  public function assertXmlHttpRequest(): void {
278  if ($this->request->isXmlHttpRequest()) {
279  return;
280  }
281 
282  throw new AjaxGatekeeperException();
283  }
284 }
$result
$result
Definition: set_maintenance_mode.php:11
$entity
$entity
Definition: reset.php:8
$guid
$guid
Reset an ElggUpgrade.
Definition: reset.php:6
$subtype
$subtype
Definition: delete.php:22
$type
$type
Definition: delete.php:21
$params
$params
Saves global plugin settings.
Definition: save.php:13
$user
$user
Definition: ban.php:7
Elgg\Database\AccessCollections
Access collections database service.
Definition: AccessCollections.php:23
Elgg\Database\EntityTable
Entity table database service.
Definition: EntityTable.php:24
Elgg\Exceptions\HttpException
Generic HTTP exception.
Definition: HttpException.php:10
Elgg\Exceptions\Http\EntityPermissionsException
Thrown when entity can not be edited or container permissions do not allow it to be written.
Definition: EntityPermissionsException.php:10
Elgg\Exceptions\Http\GatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GatekeeperException.php:10
Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException
Thrown when the logged in user is not an admin.
Definition: AdminGatekeeperException.php:12
Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException
Thrown when the request is not a valid ajax request.
Definition: AjaxGatekeeperException.php:12
Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GroupGatekeeperException.php:12
Elgg\Gatekeeper
Gatekeeper.
Definition: Gatekeeper.php:24
Elgg\Gatekeeper\assertAuthenticatedUser
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:52
Elgg\Gatekeeper\assertAccessibleGroup
assertAccessibleGroup(\ElggGroup $group, ?\ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:252
Elgg\Gatekeeper\assertAuthenticatedAdmin
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:86
Elgg\Gatekeeper\assertXmlHttpRequest
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:277
Elgg\Gatekeeper\assertUnauthenticatedUser
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:68
Elgg\Gatekeeper\assertExists
assertExists(int $guid, ?string $type=null, ?string $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:112
Elgg\Gatekeeper\__construct
__construct(protected SessionManagerService $session_manager, protected HttpRequest $request, protected RedirectService $redirects, protected EntityTable $entities, protected AccessCollections $access, protected Translator $translator)
Constructor.
Definition: Gatekeeper.php:36
Elgg\Gatekeeper\assertAccessibleEntity
assertAccessibleEntity(\ElggEntity $entity, ?\ElggUser $user=null, bool $validate_can_edit=false)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:141
Elgg\Gatekeeper\assertAccessibleUser
assertAccessibleUser(\ElggUser $user, ?\ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:222
Elgg\Http\Request
Elgg HTTP request.
Definition: Request.php:17
Elgg\RedirectService
Handles common tasks when redirecting a request.
Definition: RedirectService.php:7
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:26
ELGG_IGNORE_ACCESS
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:121
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:123
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:337
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags.
Definition: elgglib.php:290
$request
$request
Definition: livesearch.php:12
$user_guid
$user_guid
Definition: login_as.php:10
$exception
$exception
Definition: error.php:15
$group
if(!elgg_get_config('trash_enabled')) $group
Definition: group.php:13
if
if(parse_url(elgg_get_site_url(), PHP_URL_PATH) !=='/') if(file_exists(elgg_get_root_path() . 'robots.txt'))
Set robots.txt.
Definition: robots.php:10
$access
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
Generated on Sun Sep 7 2025 00:00:22 for Elgg by doxygen 1.9.1