-
-
Notifications
You must be signed in to change notification settings - Fork 207
/
AuthTrait.php
180 lines (153 loc) · 4.32 KB
/
AuthTrait.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
<?php namespace Myth\Auth;
use Config\Services;
trait AuthTrait {
/**
* Instance of Authentication Class
* @var null
*/
public $authenticate = null;
/**
* Instance of Authorization class
* @var null
*/
public $authorize = null;
/**
* Have the auth classes already been loaded?
* @var bool
*/
private $classesLoaded = false;
/**
* The alias for the authentication lib to load.
* @var string
*/
protected $authenticationLib = 'local';
/**
* Verifies that a user is logged in
*
* @param string $uri
* @param bool $returnOnly
*
* @return bool
*/
public function restrict(string $uri=null, bool $returnOnly=false)
{
$this->setupAuthClasses();
if ($this->authenticate->check())
{
return true;
}
if (method_exists($this, 'setMessage'))
{
$this->setMessage( lang('Auth.notLoggedIn') );
}
if ($returnOnly)
{
return false;
}
if (empty($uri))
{
redirect( route_to('login') );
}
redirect($uri);
}
/**
* Ensures that the current user is in at least one of the passed in
* groups. The groups can be passed in as either ID's or group names.
* You can pass either a single item or an array of items.
*
* If the user is not a member of one of the groups will return
* the user to the page they just came from as shown in
* $_SERVER['']
*
* Example:
* restrictToGroups([1, 2, 3]);
* restrictToGroups(14);
* restrictToGroups('admins');
* restrictToGroups( ['admins', 'moderators'] );
*
* @param mixed $groups
* @param string $uri The URI to redirect to on fail.
*
* @return bool
*/
public function restrictToGroups($groups, $uri=null)
{
$this->setupAuthClasses();
if ($this->authenticate->check())
{
if ($this->authorize->inGroup($groups, $this->authenticate->id() ) )
{
return true;
}
}
if (method_exists($this, 'setMessage'))
{
$this->setMessage( lang('Auth.notEnoughPrivilege') );
}
if (empty($uri))
{
redirect( route_to('login') .'?request_uri='. current_url() );
}
redirect($uri .'?request_uri='. current_url());
}
/**
* Ensures that the current user has at least one of the passed in
* permissions. The permissions can be passed in either as ID's or names.
* You can pass either a single item or an array of items.
*
* If the user does not have one of the permissions it will return
* the user to the URI set in $url or the site root, and attempt
* to set a status message.
*
* @param $permissions
* @param string $uri The URI to redirect to on fail.
*
* @return bool
*/
public function restrictWithPermissions($permissions, $uri=null)
{
$this->setupAuthClasses();
if ($this->authenticate->check())
{
if ($this->authorize->hasPermission($permissions, $this->authenticate->id() ) )
{
return true;
}
}
if (method_exists($this, 'setMessage'))
{
$this->setMessage( lang('auth.notEnoughPrivilege') );
}
if (empty($uri))
{
redirect( route_to('login') .'?request_uri='. current_url() );
}
redirect($uri .'?request_uri='. current_url());
}
/**
* Ensures that the Authentication and Authorization libraries are
* loaded and ready to go, if they are not already.
*
* Uses the following config values:
* - auth.authenticate_lib
* - auth.authorize_lib
*/
public function setupAuthClasses()
{
if ($this->classesLoaded)
{
return;
}
/*
* Authentication
*/
$this->authenticate = Services::authentication($this->authenticationLib);
// Try to log us in automatically.
$this->authenticate->check();
/*
* Authorization
*/
$this->authorize = Services::authentication();
$this->classesLoaded = true;
}
}