diff --git a/public_html/deployment/classes/sws.class.php b/public_html/deployment/classes/sws.class.php
index 1405b255e3a7d6a4975a9df17c2425fecc7fcac9..19194e0a479ae2652ed13dd37a915655909d1006 100644
--- a/public_html/deployment/classes/sws.class.php
+++ b/public_html/deployment/classes/sws.class.php
@@ -141,7 +141,6 @@ class sws {
if (is_array($aKnownClasses)) {
$this->setConfig($aKnownClasses);
}
- return true;
}
// ----------------------------------------------------------------------
diff --git a/public_html/deployment/classes/user.class.php b/public_html/deployment/classes/user.class.php
index ad58ef39a312697d1e3bd937ae190c991cd6bd2b..f8414bdf58fd792c7f377ce9446fbb515527fe08 100644
--- a/public_html/deployment/classes/user.class.php
+++ b/public_html/deployment/classes/user.class.php
@@ -5,106 +5,126 @@
* This class is used in the base class
*
* @author hahn
+ *
+ * Axel <axel.hahn@unibe.ch>
+ * 2024-08-29 Axel php8 only; added variable types; use short array syntax
*/
-class user {
-
+class user
+{
+
/**
* login name of the current user
* @var string
*/
- private $_sUsername=false;
-
+ private string $_sUsername = '';
+
/**
* list of groups of the current user
* @var array
*/
- private $_aUserGroups=array();
-
+ private array $_aUserGroups = [];
+
/**
* list of roles based on the groups
* @var array
*/
- private $_aUserPermmissions=array();
-
+ private array $_aUserPermmissions = [];
+
/**
* list of projects the current user is involved in
* @var array
*/
- private $_aProjects=array();
-
+ private $_aProjects = [];
+
/**
* name of the last checked role
* @var string
*/
- private $_sLastCheckedPermission=false;
-
+ private $_sLastCheckedPermission = false;
+
/**
+ * Constructor
* init user with optional given user
- * @param type $sUser
+ *
+ * @param string $sUser username to set
*/
- public function __construct($sUser=false){
+ public function __construct(string $sUser = '')
+ {
$this->setUser($sUser);
}
-
-
+
+
// ----------------------------------------------------------------------
// private functions
// ----------------------------------------------------------------------
-
-
+
+
/**
- * get string with detected user from current session / basic auth / cli access
+ * Get string with detected user from current session / basic auth / cli access
+ *
* @return string
*/
- private function _autoDetectUser(){
- $sUser=false;
- if (isset($_SESSION) && isset($_SESSION["PHP_AUTH_USER"])){
- $sUser=$_SESSION["PHP_AUTH_USER"];
+ private function _autoDetectUser(): string
+ {
+ $sUser = '';
+ if (isset($_SESSION) && isset($_SESSION["PHP_AUTH_USER"])) {
+ $sUser = $_SESSION["PHP_AUTH_USER"];
}
- if (!$sUser && isset($_SERVER["PHP_AUTH_USER"])){
- $sUser=$_SERVER["PHP_AUTH_USER"];
+ if (!$sUser && isset($_SERVER["PHP_AUTH_USER"])) {
+ $sUser = $_SERVER["PHP_AUTH_USER"];
}
if (php_sapi_name() == "cli") {
- $sUser="cliadmin";
+ $sUser = "cliadmin";
}
return $sUser;
}
- // UNUSED SO FAR
- private function _getUser2Projects(){
- $sFile=__DIR__ . '/../../../config/inc_user2projects.php';
+ /**
+ * UNUSED SO FAR
+ * Idea: limit user access to a set of projects
+ */
+ private function _getUser2Projects()
+ {
+ $sFile = __DIR__ . '/../../../config/inc_user2projects.php';
return file_exists($sFile)
? require $sFile
: []
;
}
-
- private function _getUser2Roles(){
- $sFile=__DIR__ . '/../../../config/inc_user2roles.php';
+
+ /**
+ * Load roles per user from config
+ * @return array
+ */
+ private function _getUser2Roles(): array
+ {
+ $sFile = __DIR__ . '/../../../config/inc_user2roles.php';
return file_exists($sFile)
? require $sFile
- : ['admin'=>['admin']]
+ : ['admin' => ['admin']]
;
}
+
/**
* TODO: reimplement
* get the user groups of the current user from an internal source.
* The function returns a flat aray with names of the groups
* @return array
*/
- private function _getUserGroups(){
- $aGroups=array();
- if ($this->_sUsername){
- $aGroups[]="authenticated";
+ private function _getUserGroups(): array
+ {
+ $aGroups = [];
+ if ($this->_sUsername) {
+ $aGroups[] = "authenticated";
// $aGroups[]='#'.$this->_sUsername;
- $aUserDefinitions=$this->_getUser2Roles();
- foreach (array_keys($aUserDefinitions) as $sGroup){
- if (array_search($this->_sUsername, $aUserDefinitions[$sGroup])!==false){
- $aGroups[]=$sGroup;
+ $aUserDefinitions = $this->_getUser2Roles();
+ foreach (array_keys($aUserDefinitions) as $sGroup) {
+ if (array_search($this->_sUsername, $aUserDefinitions[$sGroup]) !== false) {
+ $aGroups[] = $sGroup;
}
}
}
- $this->_aUserGroups=$aGroups;
+ $this->_aUserGroups = $aGroups;
return $this->_aUserGroups;
}
@@ -114,66 +134,70 @@ class user {
* The function returns a flat aray with names of the roles
* @return array
*/
- private function _getUserPermission(){
- $aRoles=array();
- $aRolesDefinitions=require(__DIR__ . '/../../../config/inc_roles.php');
+ private function _getUserPermission(): array
+ {
+ $aRoles = [];
+ $aRolesDefinitions = require(__DIR__ . '/../../../config/inc_roles.php');
// anonymous roles:
- $aRoles=array_merge($aRoles, $aRolesDefinitions['all']);
-
- foreach (array_keys($aRolesDefinitions) as $sGroup){
- if ($this->hasGroup($sGroup)){
- $aRoles=array_merge($aRoles, $aRolesDefinitions[$sGroup]);
+ $aRoles = array_merge($aRoles, $aRolesDefinitions['all']);
+
+ foreach (array_keys($aRolesDefinitions) as $sGroup) {
+ if ($this->hasGroup($sGroup)) {
+ $aRoles = array_merge($aRoles, $aRolesDefinitions[$sGroup]);
}
}
-
- $this->_aUserPermmissions= array_unique($aRoles);
+
+ $this->_aUserPermmissions = array_unique($aRoles);
return $this->_aUserPermmissions;
}
-
-
+
+
// ----------------------------------------------------------------------
// public ACTIONS
// ----------------------------------------------------------------------
-
-
+
+
/**
* authenticate a user with the configured methods
+ *
* @global array $aConfig global config
* @global array $aParams params (i.e. GET and POST)
+ *
* @return boolean
*/
- public function authenticate(){
+ public function authenticate(): bool
+ {
global $aConfig, $aParams;
- if(!isset($aConfig['auth']) || !is_array($aConfig['auth']) || !count($aConfig['auth']) || !isset($aParams['user'])){
+ if (!isset($aConfig['auth']) || !is_array($aConfig['auth']) || !count($aConfig['auth']) || !isset($aParams['user'])) {
return false;
}
- $sUser=$aParams['user'];
- $sPassword=isset($aParams['password']) ? $aParams['password'] : false;
+ $sUser = $aParams['user'];
+ $sPassword = isset($aParams['password']) ? $aParams['password'] : false;
- foreach (array_keys($aConfig['auth']) as $sAuthMethod){
- $oUserAuth=false;
- switch ($sAuthMethod){
+ foreach (array_keys($aConfig['auth']) as $sAuthMethod) {
+ $oUserAuth = false;
+ switch ($sAuthMethod) {
case 'ldap':
require_once("userauth.ldap.class.php");
- $oUserAuth=new userauthLdap($aConfig['auth']['ldap']);
+ $oUserAuth = new userauthLdap($aConfig['auth']['ldap']);
break;
// implement other methods here
// see userauth.ldap.class.php as simple example
-
+
default:
- echo 'WARNING: authmethod '.$sAuthMethod.' in your config is not implemented in '.basename(__FILE__).' and is useless so far.<br>';
+ echo 'WARNING: authmethod ' . $sAuthMethod . ' in your config is not implemented in ' . basename(__FILE__) . ' and is useless so far.<br>';
}
// if authentication fails then continue and try next method
- if ($oUserAuth && $oUserAuth->authenticate($sUser, $sPassword)){
-
+ if ($oUserAuth && $oUserAuth->authenticate($sUser, $sPassword)) {
+
// set a session - it must correspondent with _autoDetectUser()
// $_SESSION["PHP_AUTH_USER"]=$sUser;
$this->setUser($sUser);
return true;
}
// if authentication fails then continue and try next method
- if(!$oUserAuth){
+ if (!$oUserAuth) {
echo "DEBUG: ERROR oUserAuth waasn't initialized for [$sAuthMethod].<br>";
}
}
@@ -184,98 +208,116 @@ class user {
* logoff user
* @return boolean
*/
- public function logoff(){
+ public function logoff(): bool
+ {
unset($_SESSION["PHP_AUTH_USER"]);
$this->setUser();
return true;
}
-
+
/**
* set an authenticated user and get its roles
* @param string $sUser optional: set a given username
+ * @return void
*/
- public function setUser($sUser=false){
- if($sUser!==false){
- $this->_sUsername=$sUser;
- $_SESSION["PHP_AUTH_USER"]=$sUser;
+ public function setUser(string $sUser = ''): void
+ {
+ if ($sUser) {
+ $this->_sUsername = $sUser;
+ $_SESSION["PHP_AUTH_USER"] = $sUser;
} else {
// check user from basic auth or cli
- $this->_sUsername=$this->_autoDetectUser();
+ $this->_sUsername = $this->_autoDetectUser();
}
$this->_getUserGroups();
$this->_getUserPermission();
}
-
+
/**
- * return html code to display a denied message
+ * Get html code to display a denied message
* @return string
*/
- public function showDenied(){
+ public function showDenied(): string
+ {
return '<div class="alert alert-danger" role="alert">'
- . ($this->_sUsername
- ? t("class-user-error-deny-no-role").'<br>'.$this->_sUsername.' --> ('.$this->_sLastCheckedPermission.')<br>'
- : t("class-user-error-login-required")
- )
- . '</div><br>'
- . '<a href="/deployment/all/login/" class="btn btn-primary">'.t('menu-login').'</a>'
+ . ($this->_sUsername
+ ? t("class-user-error-deny-no-role") . '<br>' . $this->_sUsername . ' --> (' . $this->_sLastCheckedPermission . ')<br>'
+ : t("class-user-error-login-required")
+ )
+ . '</div><br>'
+ . '<a href="/deployment/all/login/" class="btn btn-primary">' . t('menu-login') . '</a>'
;
}
-
+
// ----------------------------------------------------------------------
// public GETTER
// ----------------------------------------------------------------------
-
- // UNUSED SO FAR
- public function getUser2Projects(){
+
+ /**
+ * UNUSED SO FAR
+ * Idea: limit user access to a set of projects
+ */
+ public function getUser2Projects()
+ {
return $this->_getUser2Projects();
}
-
- public function getUser2Roles(){
+
+ /**
+ * Get a list of all roles for the current user
+ * @return array
+ */
+ public function getUser2Roles(): array
+ {
return $this->_getUser2Roles();
}
/**
- * get the current username
+ * Get the current username
* @return string
*/
- public function getUsername(){
+ public function getUsername(): string
+ {
return $this->_sUsername;
}
+
/**
- * get a flat array with roles of the current user
+ * Get a flat array with roles of the current user
* @return array
*/
- public function getUserGroups(){
+ public function getUserGroups(): array
+ {
return $this->_aUserGroups;
}
/**
- * get a flat array with roles of the current user
+ * Get a flat array with roles of the current user
* @return array
*/
- public function getUserPermission(){
+ public function getUserPermission(): array
+ {
return $this->_aUserPermmissions;
}
/**
* check if the current user has a given role name
* @param string $sGroupname name of the role to check
- * @return type
+ * @return bool
*/
- public function hasGroup($sGroupname){
- return (array_search($sGroupname, $this->_aUserGroups)!==false);
+ public function hasGroup($sGroupname)
+ {
+ return !!(array_search($sGroupname, $this->_aUserGroups) !== false);
}
/**
* check if the current user has a given role name
* @param string $sPermission name of the role to check
- * @return type
+ * @return boolean
*/
- public function hasPermission($sPermission){
- $this->_sLastCheckedPermission=$sPermission;
- $bReturn=array_search($sPermission, $this->_aUserPermmissions)!==false;
+ public function hasPermission($sPermission): bool
+ {
+ $this->_sLastCheckedPermission = $sPermission;
+ $bReturn = !!(array_search($sPermission, $this->_aUserPermmissions) !== false);
// $this->log(__FUNCTION__ . "($sRolename) -> " . $bReturn ? 'true' : 'false');
return $bReturn;
}
-
}