Elgg  Version master
Gatekeeper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Database\AccessCollections;
6 use Elgg\Database\EntityTable;
7 use Elgg\Exceptions\HttpException;
8 use Elgg\Exceptions\Http\EntityNotFoundException;
9 use Elgg\Exceptions\Http\EntityPermissionsException;
10 use Elgg\Exceptions\Http\GatekeeperException;
11 use Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException;
12 use Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException;
13 use Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException;
14 use Elgg\Exceptions\Http\Gatekeeper\GroupToolGatekeeperException;
15 use Elgg\Exceptions\Http\Gatekeeper\LoggedInGatekeeperException;
16 use Elgg\Exceptions\Http\Gatekeeper\LoggedOutGatekeeperException;
17 use Elgg\Http\Request as HttpRequest;
18 use Elgg\I18n\Translator;
19 use Elgg\Page\PageOwnerService;
20 
26 class Gatekeeper {
27 
39  public function __construct(
40  protected SessionManagerService $session_manager,
41  protected HttpRequest $request,
42  protected RedirectService $redirects,
43  protected EntityTable $entities,
44  protected AccessCollections $access,
45  protected Translator $translator,
46  protected PageOwnerService $page_owner
47  ) {
48  }
49 
56  public function assertAuthenticatedUser(): void {
57  if ($this->session_manager->isLoggedIn()) {
58  return;
59  }
60 
61  $this->redirects->setLastForwardFrom();
62 
63  throw new LoggedInGatekeeperException();
64  }
65 
72  public function assertUnauthenticatedUser(): void {
73  if (!$this->session_manager->isLoggedIn()) {
74  return;
75  }
76 
77  $exception = new LoggedOutGatekeeperException();
78  $exception->setRedirectUrl(elgg_get_site_url());
79 
80  throw $exception;
81  }
82 
90  public function assertAuthenticatedAdmin(): void {
91  $this->assertAuthenticatedUser();
92 
93  $user = $this->session_manager->getLoggedInUser();
94  if ($user->isAdmin()) {
95  return;
96  }
97 
98  $this->redirects->setLastForwardFrom();
99 
100  throw new AdminGatekeeperException();
101  }
102 
116  public function assertExists(int $guid, ?string $type = null, ?string $subtype = null): \ElggEntity {
117  $entity = elgg_call(ELGG_IGNORE_ACCESS | ELGG_SHOW_DISABLED_ENTITIES, function () use ($guid, $type, $subtype) {
118  return $this->entities->get($guid, $type, $subtype);
119  });
120 
121  if (!$entity instanceof \ElggEntity) {
122  $exception = new EntityNotFoundException();
123  $exception->setParams([
124  'guid' => $guid,
125  'type' => $type,
126  'subtype' => $subtype,
127  'route' => $this->request->get('_route'),
128  ]);
129  throw $exception;
130  }
131 
132  return $entity;
133  }
134 
145  public function assertAccessibleEntity(\ElggEntity $entity, ?\ElggUser $user = null, bool $validate_can_edit = false): void {
146 
147  $result = true;
148 
149  try {
150  $user_guid = $user ? $user->guid : 0;
151  if (!$this->session_manager->getIgnoreAccess() && !$entity->hasAccess($user_guid)) {
152  // user is logged in but still does not have access to it
153  $msg = $this->translator->translate('limited_access');
154  $exception = new EntityPermissionsException($msg);
155  $exception->setParams([
156  'entity' => $entity,
157  'user' => $user,
158  'route' => $this->request->get('_route'),
159  ]);
160  throw $exception;
161  }
162 
163  if ($validate_can_edit && !$entity->canEdit($user_guid)) {
164  // logged in user does not have edit or write access to it
165  $msg = $this->translator->translate('limited_access');
166  $exception = new EntityPermissionsException($msg);
167  $exception->setParams([
168  'entity' => $entity,
169  'user' => $user,
170  'route' => $this->request->get('_route'),
171  ]);
172  throw $exception;
173  }
174 
175  if (!$entity->isEnabled() && !$this->session_manager->getDisabledEntityVisibility()) {
176  // entity exists, but is disabled
177  $exception = new EntityNotFoundException();
178  $exception->setParams([
179  'entity' => $entity,
180  'user' => $user,
181  'route' => $this->request->get('_route'),
182  ]);
183  throw $exception;
184  }
185 
186  if ($entity instanceof \ElggGroup) {
187  $this->assertAccessibleGroup($entity, $user);
188  }
189 
190  foreach (['owner_guid', 'container_guid'] as $prop) {
191  if (!$entity->$prop) {
192  continue;
193  }
194 
195  $parent = $this->assertExists($entity->$prop);
196  $this->assertAccessibleEntity($parent, $user);
197  }
198  } catch (HttpException $ex) {
199  $result = $ex;
200  }
201 
202  $params = [
203  'entity' => $entity,
204  'user' => $user,
205  'route' => $this->request->get('_route'),
206  ];
207 
208  $result = _elgg_services()->events->triggerResults('gatekeeper', "{$entity->type}:{$entity->subtype}", $params, $result);
209 
210  if ($result instanceof HttpException) {
211  throw $result;
212  } else if ($result === false) {
213  throw new HttpException();
214  }
215  }
216 
226  public function assertAccessibleUser(\ElggUser $user, ?\ElggUser $viewer = null): void {
227  if (!$user->isBanned()) {
228  return;
229  }
230 
231  if (!isset($viewer)) {
232  $viewer = $this->session_manager->getLoggedInUser();
233  }
234 
235  if (!$viewer || !$viewer->isAdmin()) {
236  $exception = new EntityNotFoundException();
237  $exception->setParams([
238  'entity' => $user,
239  'user' => $viewer,
240  'route' => $this->request->get('_route'),
241  ]);
242  throw $exception;
243  }
244  }
245 
256  public function assertAccessibleGroup(\ElggGroup $group, ?\ElggUser $user = null): void {
257  if ($group->canAccessContent($user)) {
258  return;
259  }
260 
261  $this->assertAuthenticatedUser();
262 
263  $this->redirects->setLastForwardFrom();
264 
265  $exception = new GroupGatekeeperException();
266  $exception->setParams([
267  'entity' => $group,
268  'user' => $user,
269  'route' => $this->request->get('_route'),
270  ]);
271  $exception->setRedirectUrl($group->getURL());
272  throw $exception;
273  }
274 
285  public function assertGroupToolEnabled(string $group_tool, ?\ElggGroup $group = null): void {
286  $group = $group ?? $this->page_owner->getPageOwnerEntity();
287  if (!$group instanceof \ElggGroup) {
288  return;
289  }
290 
291  if ($group->isToolEnabled($group_tool)) {
292  return;
293  }
294 
295  $ex = new GroupToolGatekeeperException();
296  $ex->setRedirectUrl($group->getURL());
297  $ex->setParams([
298  'entity' => $group,
299  'tool' => $group_tool,
300  ]);
301 
302  throw $ex;
303  }
304 
311  public function assertXmlHttpRequest(): void {
312  if ($this->request->isXmlHttpRequest()) {
313  return;
314  }
315 
316  throw new AjaxGatekeeperException();
317  }
318 }
$result
$result
Definition: set_maintenance_mode.php:11
$entity
$entity
Definition: reset.php:8
$guid
$guid
Reset an ElggUpgrade.
Definition: reset.php:6
$subtype
$subtype
Definition: delete.php:22
$type
$type
Definition: delete.php:21
$params
$params
Saves global plugin settings.
Definition: save.php:13
$page_owner
$page_owner
Definition: add.php:16
$user
$user
Definition: ban.php:7
Elgg\Database\AccessCollections
Access collections database service.
Definition: AccessCollections.php:23
Elgg\Database\EntityTable
Entity table database service.
Definition: EntityTable.php:24
Elgg\Exceptions\HttpException
Generic HTTP exception.
Definition: HttpException.php:10
Elgg\Exceptions\HttpException\setParams
setParams(array $params=[])
Set params to provide context about the exception.
Definition: HttpException.php:29
Elgg\Exceptions\HttpException\setRedirectUrl
setRedirectUrl($url)
Set preferred redirect URL If set, a redirect response will be issued.
Definition: HttpException.php:57
Elgg\Exceptions\Http\EntityPermissionsException
Thrown when entity can not be edited or container permissions do not allow it to be written.
Definition: EntityPermissionsException.php:10
Elgg\Exceptions\Http\GatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GatekeeperException.php:10
Elgg\Exceptions\Http\Gatekeeper\AdminGatekeeperException
Thrown when the logged in user is not an admin.
Definition: AdminGatekeeperException.php:12
Elgg\Exceptions\Http\Gatekeeper\AjaxGatekeeperException
Thrown when the request is not a valid ajax request.
Definition: AjaxGatekeeperException.php:12
Elgg\Exceptions\Http\Gatekeeper\GroupGatekeeperException
Thrown when one of the gatekeepers prevents access.
Definition: GroupGatekeeperException.php:12
Elgg\Exceptions\Http\Gatekeeper\GroupToolGatekeeperException
Thrown when the requested group tool isn't enabled for a group.
Definition: GroupToolGatekeeperException.php:10
Elgg\Gatekeeper
Gatekeeper.
Definition: Gatekeeper.php:26
Elgg\Gatekeeper\assertAuthenticatedUser
assertAuthenticatedUser()
Require a user to be authenticated to with code execution.
Definition: Gatekeeper.php:56
Elgg\Gatekeeper\assertAccessibleGroup
assertAccessibleGroup(\ElggGroup $group, ?\ElggUser $user=null)
Validate group content visibility.
Definition: Gatekeeper.php:256
Elgg\Gatekeeper\assertAuthenticatedAdmin
assertAuthenticatedAdmin()
Require an admin user to be authenticated to proceed with code execution.
Definition: Gatekeeper.php:90
Elgg\Gatekeeper\assertXmlHttpRequest
assertXmlHttpRequest()
Require XmlHttpRequest.
Definition: Gatekeeper.php:311
Elgg\Gatekeeper\assertUnauthenticatedUser
assertUnauthenticatedUser()
Require a user to be not authenticated (logged out) to with code execution.
Definition: Gatekeeper.php:72
Elgg\Gatekeeper\assertExists
assertExists(int $guid, ?string $type=null, ?string $subtype=null)
Require an entity with a given guid, type and subtype to proceed with code execution.
Definition: Gatekeeper.php:116
Elgg\Gatekeeper\assertAccessibleEntity
assertAccessibleEntity(\ElggEntity $entity, ?\ElggUser $user=null, bool $validate_can_edit=false)
Require that authenticated user has access to entity.
Definition: Gatekeeper.php:145
Elgg\Gatekeeper\__construct
__construct(protected SessionManagerService $session_manager, protected HttpRequest $request, protected RedirectService $redirects, protected EntityTable $entities, protected AccessCollections $access, protected Translator $translator, protected PageOwnerService $page_owner)
Constructor.
Definition: Gatekeeper.php:39
Elgg\Gatekeeper\assertAccessibleUser
assertAccessibleUser(\ElggUser $user, ?\ElggUser $viewer=null)
Validate active user account.
Definition: Gatekeeper.php:226
Elgg\Gatekeeper\assertGroupToolEnabled
assertGroupToolEnabled(string $group_tool, ?\ElggGroup $group=null)
Validate group tool enabled.
Definition: Gatekeeper.php:285
Elgg\Http\Request
Elgg HTTP request.
Definition: Request.php:17
Elgg\Page\PageOwnerService
Holds page owner related functions.
Definition: PageOwnerService.php:19
Elgg\RedirectService
Handles common tasks when redirecting a request.
Definition: RedirectService.php:7
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:26
ELGG_IGNORE_ACCESS
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:121
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:123
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:343
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags.
Definition: elgglib.php:296
$request
$request
Definition: livesearch.php:12
$user_guid
$user_guid
Definition: login_as.php:10
$exception
$exception
Definition: error.php:15
$group
if(!elgg_get_config('trash_enabled')) $group
Definition: group.php:13
if
if(parse_url(elgg_get_site_url(), PHP_URL_PATH) !=='/') if(file_exists(elgg_get_root_path() . 'robots.txt'))
Set robots.txt.
Definition: robots.php:10
$access
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
Generated on Tue Dec 9 2025 00:02:10 for Elgg by doxygen 1.9.1