Elgg  Version master
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
18 
24 class Gatekeeper {
25 
36  public function __construct(
37  protected SessionManagerService $session_manager,
38  protected HttpRequest $request,
39  protected RedirectService $redirects,
40  protected EntityTable $entities,
41  protected AccessCollections $access,
42  protected Translator $translator
43  ) {
44  }
45 
52  public function assertAuthenticatedUser(): void {
53  if ($this->session_manager->isLoggedIn()) {
54  return;
55  }
56 
57  $this->redirects->setLastForwardFrom();
58 
59  throw new LoggedInGatekeeperException();
60  }
61 
68  public function assertUnauthenticatedUser(): void {
69  if (!$this->session_manager->isLoggedIn()) {
70  return;
71  }
72 
74  $exception->setRedirectUrl(elgg_get_site_url());
75 
76  throw $exception;
77  }
78 
86  public function assertAuthenticatedAdmin(): void {
87  $this->assertAuthenticatedUser();
88 
89  $user = $this->session_manager->getLoggedInUser();
90  if ($user->isAdmin()) {
91  return;
92  }
93 
94  $this->redirects->setLastForwardFrom();
95 
96  throw new AdminGatekeeperException();
97  }
98 
112  public function assertExists(int $guid, string $type = null, string $subtype = null): \ElggEntity {
114  return $this->entities->get($guid, $type, $subtype);
115  });
116 
117  if (!$entity instanceof \ElggEntity) {
119  $exception->setParams([
120  'guid' => $guid,
121  'type' => $type,
122  'subtype' => $subtype,
123  'route' => $this->request->get('_route'),
124  ]);
125  throw $exception;
126  }
127 
128  return $entity;
129  }
130 
141  public function assertAccessibleEntity(\ElggEntity $entity, \ElggUser $user = null, bool $validate_can_edit = false): void {
142 
143  $result = true;
144 
145  try {
146  $user_guid = $user ? $user->guid : 0;
147  if (!$this->session_manager->getIgnoreAccess() && !$entity->hasAccess($user_guid)) {
148  // user is logged in but still does not have access to it
149  $msg = $this->translator->translate('limited_access');
151  $exception->setParams([
152  'entity' => $entity,
153  'user' => $user,
154  'route' => $this->request->get('_route'),
155  ]);
156  throw $exception;
157  }
158 
159  if ($validate_can_edit && !$entity->canEdit($user_guid)) {
160  // logged in user does not have edit or write access to it
161  $msg = $this->translator->translate('limited_access');
163  $exception->setParams([
164  'entity' => $entity,
165  'user' => $user,
166  'route' => $this->request->get('_route'),
167  ]);
168  throw $exception;
169  }
170 
171  if (!$entity->isEnabled() && !$this->session_manager->getDisabledEntityVisibility()) {
172  // entity exists, but is disabled
174  $exception->setParams([
175  'entity' => $entity,
176  'user' => $user,
177  'route' => $this->request->get('_route'),
178  ]);
179  throw $exception;
180  }
181 
182  if ($entity instanceof \ElggGroup) {
183  $this->assertAccessibleGroup($entity, $user);
184  }
185 
186  foreach (['owner_guid', 'container_guid'] as $prop) {
187  if (!$entity->$prop) {
188  continue;
189  }
190 
191  $parent = $this->assertExists($entity->$prop);
192  $this->assertAccessibleEntity($parent, $user);
193  }
194  } catch (HttpException $ex) {
195  $result = $ex;
196  }
197 
198  $params = [
199  'entity' => $entity,
200  'user' => $user,
201  'route' => $this->request->get('_route'),
202  ];
203 
204  $result = _elgg_services()->events->triggerResults('gatekeeper', "{$entity->type}:{$entity->subtype}", $params, $result);
205 
206  if ($result instanceof HttpException) {
207  throw $result;
208  } else if ($result === false) {
209  throw new HttpException();
210  }
211  }
212 
222  public function assertAccessibleUser(\ElggUser $user, \ElggUser $viewer = null): void {
223  if (!$user->isBanned()) {
224  return;
225  }
226 
227  if (!isset($viewer)) {
228  $viewer = $this->session_manager->getLoggedInUser();
229  }
230 
231  if (!$viewer || !$viewer->isAdmin()) {
233  $exception->setParams([
234  'entity' => $user,
235  'user' => $viewer,
236  'route' => $this->request->get('_route'),
237  ]);
238  throw $exception;
239  }
240  }
241 
252  public function assertAccessibleGroup(\ElggGroup $group, \ElggUser $user = null): void {
253  if ($group->canAccessContent($user)) {
254  return;
255  }
256 
257  $this->assertAuthenticatedUser();
258 
259  $this->redirects->setLastForwardFrom();
260 
262  $exception->setParams([
263  'entity' => $group,
264  'user' => $user,
265  'route' => $this->request->get('_route'),
266  ]);
267  $exception->setRedirectUrl($group->getURL());
268  throw $exception;
269  }
270 
277  public function assertXmlHttpRequest(): void {
278  if ($this->request->isXmlHttpRequest()) {
279  return;
280  }
281 
282  throw new AjaxGatekeeperException();
283  }
284 }
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:304
if(!elgg_get_config('trash_enabled')) $group
Definition: group.php:13
$user_guid
Definition: login_as.php:10
$params
Saves global plugin settings.
Definition: save.php:13
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:277
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
$request
Definition: livesearch.php:12
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
Thrown when the logged in user is not an admin.
$type
Definition: delete.php:21
assertAccessibleGroup(\ElggGroup $group,\ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:252
__construct(protected SessionManagerService $session_manager, protected HttpRequest $request, protected RedirectService $redirects, protected EntityTable $entities, protected AccessCollections $access, protected Translator $translator)
Constructor.
Definition: Gatekeeper.php:36
canEdit(int $user_guid=0)
Can a user edit this entity?
Definition: ElggEntity.php:397
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:68
Handles common tasks when redirecting a request.
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:121
assertAccessibleEntity(\ElggEntity $entity,\ElggUser $user=null, bool $validate_can_edit=false)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:141
assertExists(int $guid, string $type=null, string $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:112
Thrown when one of the gatekeepers prevents access.
$entity
Definition: reset.php:8
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:123
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:86
Thrown when entity can not be edited or container permissions do not allow it to be written...
hasAccess(int $user_guid=0)
Check if the given user has access to this entity.
Definition: ElggEntity.php:384
$user
Definition: ban.php:7
assertAccessibleUser(\ElggUser $user,\ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:222
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
isEnabled()
Is this entity enabled?
Generic HTTP exception.
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:52
$subtype
Definition: delete.php:22
Aggregate action for saving settings.
$exception
Definition: error.php:15
_elgg_services()
Get the global service provider.
Definition: elgglib.php:351
isBanned()
Is this user banned or not?
Definition: ElggUser.php:173
canAccessContent(ElggUser $user=null)
Check if current user can access group content based on his/her membership status and group&#39;s content...
Definition: ElggGroup.php:264
Gatekeeper.
Definition: Gatekeeper.php:24
Thrown when the request is not a valid ajax request.
getURL()
Gets the URL for this entity.
Definition: ElggEntity.php:573
Entity table database service.
Definition: EntityTable.php:24
$guid
Reset an ElggUpgrade.
Definition: reset.php:6