-
Notifications
You must be signed in to change notification settings - Fork 669
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(middleware): added page owner can edit middleware
Allow routes to validate page owner canEdit rights in route definition
- Loading branch information
Showing
6 changed files
with
1,289 additions
and
0 deletions.
There are no files selected for viewing
19 changes: 19 additions & 0 deletions
19
engine/classes/Elgg/Router/Middleware/GroupPageOwnerCanEditGatekeeper.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<?php | ||
|
||
namespace Elgg\Router\Middleware; | ||
|
||
/** | ||
* Check if the current route page owner can be edited (by the current logged in user) and is an user | ||
* | ||
* @since 3.2 | ||
*/ | ||
class GroupPageOwnerCanEditGatekeeper extends PageOwnerCanEditGatekeeper { | ||
|
||
/** | ||
* {@inheritDoc} | ||
* @see \Elgg\Router\Middleware\PageOwnerCanEditGatekeeper::__invoke() | ||
*/ | ||
public function __invoke(\Elgg\Request $request) { | ||
$this->assertAccess($request, 'group'); | ||
} | ||
} |
61 changes: 61 additions & 0 deletions
61
engine/classes/Elgg/Router/Middleware/PageOwnerCanEditGatekeeper.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<?php | ||
|
||
namespace Elgg\Router\Middleware; | ||
|
||
use Elgg\Router\Route; | ||
use Elgg\EntityPermissionsException; | ||
|
||
/** | ||
* Check if the current route page owner can be edited (by the current logged in user) | ||
* | ||
* @since 3.2 | ||
*/ | ||
class PageOwnerCanEditGatekeeper { | ||
|
||
/** | ||
* Validate the current request | ||
* | ||
* @param \Elgg\Request $request the current request | ||
* | ||
* @return void | ||
* @throws EntityPermissionsException | ||
*/ | ||
public function __invoke(\Elgg\Request $request) { | ||
$this->assertAccess($request); | ||
} | ||
|
||
/** | ||
* Validate the current request | ||
* | ||
* @param \Elgg\Request $request the current request | ||
* @param string $type (optional) the required type of the page owner | ||
* @param string $subtype (optional) the required subtype of the page owner | ||
* | ||
* @return void | ||
* @throws EntityPermissionsException | ||
*/ | ||
protected function assertAccess(\Elgg\Request $request, string $type = '', string $subtype = '') { | ||
|
||
$route = $request->getHttpRequest()->getRoute(); | ||
if (!$route instanceof Route) { | ||
return; | ||
} | ||
|
||
$page_owner = $route->resolvePageOwner(); | ||
if (!$page_owner instanceof \ElggEntity) { | ||
return; | ||
} | ||
|
||
if (!$page_owner->canEdit()) { | ||
throw new EntityPermissionsException(); | ||
} | ||
|
||
if (!empty($type) && $page_owner->getType() !== $type) { | ||
throw new EntityPermissionsException(); | ||
} | ||
|
||
if (!empty($subtype) && $page_owner->getSubtype() !== $subtype) { | ||
throw new EntityPermissionsException(); | ||
} | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
engine/classes/Elgg/Router/Middleware/UserPageOwnerCanEditGatekeeper.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<?php | ||
|
||
namespace Elgg\Router\Middleware; | ||
|
||
/** | ||
* Check if the current route page owner can be edited (by the current logged in user) and is an user | ||
* | ||
* @since 3.2 | ||
*/ | ||
class UserPageOwnerCanEditGatekeeper extends PageOwnerCanEditGatekeeper { | ||
|
||
/** | ||
* {@inheritDoc} | ||
* @see \Elgg\Router\Middleware\PageOwnerCanEditGatekeeper::__invoke() | ||
*/ | ||
public function __invoke(\Elgg\Request $request) { | ||
$this->assertAccess($request, 'user'); | ||
} | ||
} |
Oops, something went wrong.