Elgg  Version 3.0
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Database\AccessCollections;
6 use Elgg\Database\EntityTable;
7 use Elgg\Http\Request as HttpRequest;
8 use Elgg\I18n\Translator;
9 use ElggEntity;
10 use ElggGroup;
11 use ElggSession;
12 use ElggUser;
13 use Exception;
14 use Elgg\Http\Exception\AdminGatekeeperException;
15 use Elgg\Http\Exception\LoggedInGatekeeperException;
16 use Elgg\Http\Exception\LoggedOutGatekeeperException;
17 use Elgg\Http\Exception\AjaxGatekeeperException;
18 
24 class Gatekeeper {
25 
29  protected $session;
30 
34  protected $request;
35 
39  protected $redirects;
40 
44  protected $entities;
45 
49  protected $access;
50 
54  protected $translator;
55 
66  public function __construct(
67  ElggSession $session,
68  HttpRequest $request,
69  RedirectService $redirects,
70  EntityTable $entities,
71  AccessCollections $access,
72  Translator $translator
73  ) {
74  $this->session = $session;
75  $this->request = $request;
76  $this->redirects = $redirects;
77  $this->entities = $entities;
78  $this->access = $access;
79  $this->translator = $translator;
80  }
81 
87  public function assertAuthenticatedUser() {
88  if ($this->session->isLoggedIn()) {
89  return;
90  }
91 
92  $this->redirects->setLastForwardFrom();
93 
94  throw new LoggedInGatekeeperException();
95  }
96 
102  public function assertUnauthenticatedUser() {
103  if (!$this->session->isLoggedIn()) {
104  return;
105  }
106 
107  $exception = new LoggedOutGatekeeperException();
108  $exception->setRedirectUrl(elgg_get_site_url());
109 
110  throw $exception;
111  }
112 
119  public function assertAuthenticatedAdmin() {
120  $this->assertAuthenticatedUser();
121 
122  $user = $this->session->getLoggedInUser();
123  if ($user->isAdmin()) {
124  return;
125  }
126 
127  $this->redirects->setLastForwardFrom();
128 
129  throw new AdminGatekeeperException();
130  }
131 
146  public function assertExists($guid, $type = null, $subtype = null) {
147  $entity = elgg_call(ELGG_IGNORE_ACCESS | ELGG_SHOW_DISABLED_ENTITIES, function () use ($guid, $type, $subtype) {
148  return $this->entities->get($guid, $type, $subtype);
149  });
150 
151  if (!$entity) {
152  $exception = new EntityNotFoundException();
153  $exception->setParams([
154  'guid' => $guid,
155  'type' => $type,
156  'subtype' => $subtype,
157  'route' => $this->request->get('_route'),
158  ]);
159  throw $exception;
160  }
161 
162  return $entity;
163  }
164 
174  public function assertAccessibleEntity(ElggEntity $entity, ElggUser $user = null) {
175 
176  $result = true;
177 
178  try {
179  if (!$this->session->getIgnoreAccess() && !$this->access->hasAccessToEntity($entity, $user)) {
180  // user is logged in but still does not have access to it
181  $msg = $this->translator->translate('limited_access');
182  $exception = new EntityPermissionsException($msg);
183  $exception->setParams([
184  'entity' => $entity,
185  'user' => $user,
186  'route' => $this->request->get('_route'),
187  ]);
188  throw $exception;
189  }
190 
191  if (!$entity->isEnabled() && !$this->session->getDisabledEntityVisibility()) {
192  // entity exists, but is disabled
193  $exception = new EntityNotFoundException();
194  $exception->setParams([
195  'entity' => $entity,
196  'user' => $user,
197  'route' => $this->request->get('_route'),
198  ]);
199  throw $exception;
200  }
201 
202  if ($entity instanceof ElggGroup) {
203  $this->assertAccessibleGroup($entity, $user);
204  }
205 
206  foreach (['owner_guid', 'container_guid'] as $prop) {
207  if (!$entity->$prop) {
208  continue;
209  }
210 
211  $parent = $this->assertExists($entity->$prop);
212  $this->assertAccessibleEntity($parent, $user);
213  }
214  } catch (HttpException $ex) {
215  $result = $ex;
216  }
217 
218  $hook_params = [
219  'entity' => $entity,
220  'user' => $user,
221  'route' => $this->request->get('_route'),
222  ];
223 
224  $result = _elgg_services()->hooks->trigger('gatekeeper', "{$entity->type}:{$entity->subtype}", $hook_params, $result);
225 
226  if ($result instanceof HttpException) {
227  throw $result;
228  } else if ($result === false) {
229  throw new HttpException();
230  }
231  }
232 
242  public function assertAccessibleUser(ElggUser $user, ElggUser $viewer = null) {
243  if (!$user->isBanned()) {
244  return;
245  }
246 
247  if (!isset($viewer)) {
248  $viewer = $this->session->getLoggedInUser();
249  }
250 
251  if (!$viewer || !$viewer->isAdmin()) {
252  $exception = new EntityNotFoundException();
253  $exception->setParams([
254  'entity' => $user,
255  'user' => $viewer,
256  'route' => $this->request->get('_route'),
257  ]);
258  throw $exception;
259  }
260  }
261 
272  public function assertAccessibleGroup(ElggGroup $group, ElggUser $user = null) {
273  if ($group->canAccessContent($user)) {
274  return;
275  }
276 
277  $this->assertAuthenticatedUser();
278 
279  $this->redirects->setLastForwardFrom();
280 
281  $exception = new GroupGatekeeperException();
282  $exception->setParams([
283  'entity' => $group,
284  'user' => $user,
285  'route' => $this->request->get('_route'),
286  ]);
287  $exception->setRedirectUrl($group->getURL());
288  throw $exception;
289  }
290 
297  public function assertXmlHttpRequest() {
298  if ($this->request->isXmlHttpRequest()) {
299  return;
300  }
301 
302  throw new AjaxGatekeeperException();
303  }
304 
305 }
Elgg\Http\Exception\AjaxGatekeeperException
Thrown when the request is not a valid ajax request.
Definition: AjaxGatekeeperException.php:11
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:1176
Elgg\HttpException
Generic HTTP exception.
Definition: HttpException.php:8
$result
$result
Definition: set_maintenance_mode.php:11
Elgg\Gatekeeper\assertXmlHttpRequest
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:297
Elgg\Gatekeeper\assertAccessibleGroup
assertAccessibleGroup(ElggGroup $group, ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:272
$request
$request
Page handler for autocomplete endpoint.
Definition: livesearch.php:9
$subtype
$subtype
Definition: delete.php:22
$guid
$guid
Removes an admin notice.
Definition: delete_admin_notice.php:6
$type
$type
Definition: delete.php:21
Elgg\Gatekeeper\assertAccessibleUser
assertAccessibleUser(ElggUser $user, ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:242
Elgg\Gatekeeper\assertExists
assertExists($guid, $type=null, $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:146
Elgg\Http\Exception\LoggedOutGatekeeperException
Thrown when logged in but this isn&#39;t allowed.
Definition: LoggedOutGatekeeperException.php:11
Elgg\EntityNotFoundException
Thrown when entity can not be found.
Definition: EntityNotFoundException.php:10
Elgg\Gatekeeper\assertUnauthenticatedUser
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:102
Elgg\Http\Exception\AdminGatekeeperException
Thrown when the logged in user is not an admin.
Definition: AdminGatekeeperException.php:11
Elgg\Gatekeeper\assertAccessibleEntity
assertAccessibleEntity(ElggEntity $entity, ElggUser $user=null)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:174
Elgg\RedirectService
Handles common tasks when redirecting a request.
Definition: RedirectService.php:9
ELGG_IGNORE_ACCESS
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:156
Elgg
Configuration exception.
$entity
$entity
Definition: reset.php:8
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:158
Elgg\Gatekeeper\assertAuthenticatedAdmin
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:119
$exception
$exception
Definition: admin_exception.php:14
$user
$user
Definition: ban.php:7
ElggUser
elgg ElggUser
Definition: ElggUser.js:12
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:25
ElggEntity\isEnabled
isEnabled()
Is this entity enabled?
Definition: ElggEntity.php:1774
Elgg\EntityPermissionsException
Thrown when entity can not be edited or container permissions do not allow it to be written...
Definition: EntityPermissionsException.php:10
Elgg\Gatekeeper\assertAuthenticatedUser
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:87
Elgg\GroupGatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GroupGatekeeperException.php:10
Elgg\Gatekeeper\__construct
__construct(ElggSession $session, HttpRequest $request, RedirectService $redirects, EntityTable $entities, AccessCollections $access, Translator $translator)
Constructor.
Definition: Gatekeeper.php:66
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:1292
ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:171
ElggGroup\canAccessContent
canAccessContent(ElggUser $user=null)
Check if current user can access group content based on his/her membership status and group&#39;s content...
Definition: ElggGroup.php:350
Elgg\Gatekeeper
Gatekeeper.
Definition: Gatekeeper.php:24
ElggEntity
elgg ElggEntity
Definition: ElggEntity.js:15
ElggEntity\getURL
getURL()
Gets the URL for this entity.
Definition: ElggEntity.php:1210
Elgg\Database\EntityTable
WARNING: API IN FLUX.
Definition: EntityTable.php:38
$access
$access
Definition: save.php:18
Generated on Tue Mar 2 2021 00:00:20 for Elgg by   doxygen 1.8.11