Skip to content
Snippets Groups Projects
Commit 3b477eda authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

user class: php8 only; added variable types; use short array syntax

parent 78b4f912
Branches
No related tags found
1 merge request!66php8 only; added variable types; short array syntax; remove glyphicons
...@@ -141,7 +141,6 @@ class sws { ...@@ -141,7 +141,6 @@ class sws {
if (is_array($aKnownClasses)) { if (is_array($aKnownClasses)) {
$this->setConfig($aKnownClasses); $this->setConfig($aKnownClasses);
} }
return true;
} }
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
......
...@@ -5,32 +5,36 @@ ...@@ -5,32 +5,36 @@
* This class is used in the base class * This class is used in the base class
* *
* @author hahn * @author hahn
*
* Axel <axel.hahn@unibe.ch>
* 2024-08-29 Axel php8 only; added variable types; use short array syntax
*/ */
class user { class user
{
/** /**
* login name of the current user * login name of the current user
* @var string * @var string
*/ */
private $_sUsername=false; private string $_sUsername = '';
/** /**
* list of groups of the current user * list of groups of the current user
* @var array * @var array
*/ */
private $_aUserGroups=array(); private array $_aUserGroups = [];
/** /**
* list of roles based on the groups * list of roles based on the groups
* @var array * @var array
*/ */
private $_aUserPermmissions=array(); private array $_aUserPermmissions = [];
/** /**
* list of projects the current user is involved in * list of projects the current user is involved in
* @var array * @var array
*/ */
private $_aProjects=array(); private $_aProjects = [];
/** /**
* name of the last checked role * name of the last checked role
...@@ -39,10 +43,13 @@ class user { ...@@ -39,10 +43,13 @@ class user {
private $_sLastCheckedPermission = false; private $_sLastCheckedPermission = false;
/** /**
* Constructor
* init user with optional given user * init user with optional given user
* @param type $sUser *
* @param string $sUser username to set
*/ */
public function __construct($sUser=false){ public function __construct(string $sUser = '')
{
$this->setUser($sUser); $this->setUser($sUser);
} }
...@@ -53,11 +60,13 @@ class user { ...@@ -53,11 +60,13 @@ class user {
/** /**
* get string with detected user from current session / basic auth / cli access * Get string with detected user from current session / basic auth / cli access
*
* @return string * @return string
*/ */
private function _autoDetectUser(){ private function _autoDetectUser(): string
$sUser=false; {
$sUser = '';
if (isset($_SESSION) && isset($_SESSION["PHP_AUTH_USER"])) { if (isset($_SESSION) && isset($_SESSION["PHP_AUTH_USER"])) {
$sUser = $_SESSION["PHP_AUTH_USER"]; $sUser = $_SESSION["PHP_AUTH_USER"];
} }
...@@ -70,8 +79,12 @@ class user { ...@@ -70,8 +79,12 @@ class user {
return $sUser; return $sUser;
} }
// UNUSED SO FAR /**
private function _getUser2Projects(){ * UNUSED SO FAR
* Idea: limit user access to a set of projects
*/
private function _getUser2Projects()
{
$sFile = __DIR__ . '/../../../config/inc_user2projects.php'; $sFile = __DIR__ . '/../../../config/inc_user2projects.php';
return file_exists($sFile) return file_exists($sFile)
? require $sFile ? require $sFile
...@@ -79,21 +92,28 @@ class user { ...@@ -79,21 +92,28 @@ class user {
; ;
} }
private function _getUser2Roles(){ /**
* Load roles per user from config
* @return array
*/
private function _getUser2Roles(): array
{
$sFile = __DIR__ . '/../../../config/inc_user2roles.php'; $sFile = __DIR__ . '/../../../config/inc_user2roles.php';
return file_exists($sFile) return file_exists($sFile)
? require $sFile ? require $sFile
: ['admin' => ['admin']] : ['admin' => ['admin']]
; ;
} }
/** /**
* TODO: reimplement * TODO: reimplement
* get the user groups of the current user from an internal source. * get the user groups of the current user from an internal source.
* The function returns a flat aray with names of the groups * The function returns a flat aray with names of the groups
* @return array * @return array
*/ */
private function _getUserGroups(){ private function _getUserGroups(): array
$aGroups=array(); {
$aGroups = [];
if ($this->_sUsername) { if ($this->_sUsername) {
$aGroups[] = "authenticated"; $aGroups[] = "authenticated";
// $aGroups[]='#'.$this->_sUsername; // $aGroups[]='#'.$this->_sUsername;
...@@ -114,8 +134,9 @@ class user { ...@@ -114,8 +134,9 @@ class user {
* The function returns a flat aray with names of the roles * The function returns a flat aray with names of the roles
* @return array * @return array
*/ */
private function _getUserPermission(){ private function _getUserPermission(): array
$aRoles=array(); {
$aRoles = [];
$aRolesDefinitions = require(__DIR__ . '/../../../config/inc_roles.php'); $aRolesDefinitions = require(__DIR__ . '/../../../config/inc_roles.php');
// anonymous roles: // anonymous roles:
...@@ -139,11 +160,14 @@ class user { ...@@ -139,11 +160,14 @@ class user {
/** /**
* authenticate a user with the configured methods * authenticate a user with the configured methods
*
* @global array $aConfig global config * @global array $aConfig global config
* @global array $aParams params (i.e. GET and POST) * @global array $aParams params (i.e. GET and POST)
*
* @return boolean * @return boolean
*/ */
public function authenticate(){ public function authenticate(): bool
{
global $aConfig, $aParams; global $aConfig, $aParams;
if (!isset($aConfig['auth']) || !is_array($aConfig['auth']) || !count($aConfig['auth']) || !isset($aParams['user'])) { if (!isset($aConfig['auth']) || !is_array($aConfig['auth']) || !count($aConfig['auth']) || !isset($aParams['user'])) {
return false; return false;
...@@ -184,7 +208,8 @@ class user { ...@@ -184,7 +208,8 @@ class user {
* logoff user * logoff user
* @return boolean * @return boolean
*/ */
public function logoff(){ public function logoff(): bool
{
unset($_SESSION["PHP_AUTH_USER"]); unset($_SESSION["PHP_AUTH_USER"]);
$this->setUser(); $this->setUser();
return true; return true;
...@@ -193,9 +218,11 @@ class user { ...@@ -193,9 +218,11 @@ class user {
/** /**
* set an authenticated user and get its roles * set an authenticated user and get its roles
* @param string $sUser optional: set a given username * @param string $sUser optional: set a given username
* @return void
*/ */
public function setUser($sUser=false){ public function setUser(string $sUser = ''): void
if($sUser!==false){ {
if ($sUser) {
$this->_sUsername = $sUser; $this->_sUsername = $sUser;
$_SESSION["PHP_AUTH_USER"] = $sUser; $_SESSION["PHP_AUTH_USER"] = $sUser;
} else { } else {
...@@ -207,10 +234,11 @@ class user { ...@@ -207,10 +234,11 @@ class user {
} }
/** /**
* return html code to display a denied message * Get html code to display a denied message
* @return string * @return string
*/ */
public function showDenied(){ public function showDenied(): string
{
return '<div class="alert alert-danger" role="alert">' return '<div class="alert alert-danger" role="alert">'
. ($this->_sUsername . ($this->_sUsername
? t("class-user-error-deny-no-role") . '<br>' . $this->_sUsername . ' --> (' . $this->_sLastCheckedPermission . ')<br>' ? t("class-user-error-deny-no-role") . '<br>' . $this->_sUsername . ' --> (' . $this->_sLastCheckedPermission . ')<br>'
...@@ -226,56 +254,70 @@ class user { ...@@ -226,56 +254,70 @@ class user {
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
// UNUSED SO FAR /**
public function getUser2Projects(){ * UNUSED SO FAR
* Idea: limit user access to a set of projects
*/
public function getUser2Projects()
{
return $this->_getUser2Projects(); return $this->_getUser2Projects();
} }
public function getUser2Roles(){ /**
* Get a list of all roles for the current user
* @return array
*/
public function getUser2Roles(): array
{
return $this->_getUser2Roles(); return $this->_getUser2Roles();
} }
/** /**
* get the current username * Get the current username
* @return string * @return string
*/ */
public function getUsername(){ public function getUsername(): string
{
return $this->_sUsername; return $this->_sUsername;
} }
/** /**
* get a flat array with roles of the current user * Get a flat array with roles of the current user
* @return array * @return array
*/ */
public function getUserGroups(){ public function getUserGroups(): array
{
return $this->_aUserGroups; return $this->_aUserGroups;
} }
/** /**
* get a flat array with roles of the current user * Get a flat array with roles of the current user
* @return array * @return array
*/ */
public function getUserPermission(){ public function getUserPermission(): array
{
return $this->_aUserPermmissions; return $this->_aUserPermmissions;
} }
/** /**
* check if the current user has a given role name * check if the current user has a given role name
* @param string $sGroupname name of the role to check * @param string $sGroupname name of the role to check
* @return type * @return bool
*/ */
public function hasGroup($sGroupname){ public function hasGroup($sGroupname)
return (array_search($sGroupname, $this->_aUserGroups)!==false); {
return !!(array_search($sGroupname, $this->_aUserGroups) !== false);
} }
/** /**
* check if the current user has a given role name * check if the current user has a given role name
* @param string $sPermission name of the role to check * @param string $sPermission name of the role to check
* @return type * @return boolean
*/ */
public function hasPermission($sPermission){ public function hasPermission($sPermission): bool
{
$this->_sLastCheckedPermission = $sPermission; $this->_sLastCheckedPermission = $sPermission;
$bReturn=array_search($sPermission, $this->_aUserPermmissions)!==false; $bReturn = !!(array_search($sPermission, $this->_aUserPermmissions) !== false);
// $this->log(__FUNCTION__ . "($sRolename) -> " . $bReturn ? 'true' : 'false'); // $this->log(__FUNCTION__ . "($sRolename) -> " . $bReturn ? 'true' : 'false');
return $bReturn; return $bReturn;
} }
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment