Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
I
Imldeployment
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
IML Open Source
Imldeployment
Commits
3b477eda
Commit
3b477eda
authored
10 months ago
by
Hahn Axel (hahn)
Browse files
Options
Downloads
Patches
Plain Diff
user class: php8 only; added variable types; use short array syntax
parent
78b4f912
Branches
Branches containing commit
No related tags found
1 merge request
!66
php8 only; added variable types; short array syntax; remove glyphicons
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
public_html/deployment/classes/sws.class.php
+0
-1
0 additions, 1 deletion
public_html/deployment/classes/sws.class.php
public_html/deployment/classes/user.class.php
+147
-105
147 additions, 105 deletions
public_html/deployment/classes/user.class.php
with
147 additions
and
106 deletions
public_html/deployment/classes/sws.class.php
+
0
−
1
View file @
3b477eda
...
@@ -141,7 +141,6 @@ class sws {
...
@@ -141,7 +141,6 @@ class sws {
if
(
is_array
(
$aKnownClasses
))
{
if
(
is_array
(
$aKnownClasses
))
{
$this
->
setConfig
(
$aKnownClasses
);
$this
->
setConfig
(
$aKnownClasses
);
}
}
return
true
;
}
}
// ----------------------------------------------------------------------
// ----------------------------------------------------------------------
...
...
This diff is collapsed.
Click to expand it.
public_html/deployment/classes/user.class.php
+
147
−
105
View file @
3b477eda
...
@@ -5,32 +5,36 @@
...
@@ -5,32 +5,36 @@
* This class is used in the base class
* This class is used in the base class
*
*
* @author hahn
* @author hahn
*
* Axel <axel.hahn@unibe.ch>
* 2024-08-29 Axel php8 only; added variable types; use short array syntax
*/
*/
class
user
{
class
user
{
/**
/**
* login name of the current user
* login name of the current user
* @var string
* @var string
*/
*/
private
$_sUsername
=
false
;
private
string
$_sUsername
=
''
;
/**
/**
* list of groups of the current user
* list of groups of the current user
* @var array
* @var array
*/
*/
private
$_aUserGroups
=
array
()
;
private
array
$_aUserGroups
=
[]
;
/**
/**
* list of roles based on the groups
* list of roles based on the groups
* @var array
* @var array
*/
*/
private
$_aUserPermmissions
=
array
()
;
private
array
$_aUserPermmissions
=
[]
;
/**
/**
* list of projects the current user is involved in
* list of projects the current user is involved in
* @var array
* @var array
*/
*/
private
$_aProjects
=
array
()
;
private
$_aProjects
=
[]
;
/**
/**
* name of the last checked role
* name of the last checked role
...
@@ -39,10 +43,13 @@ class user {
...
@@ -39,10 +43,13 @@ class user {
private
$_sLastCheckedPermission
=
false
;
private
$_sLastCheckedPermission
=
false
;
/**
/**
* Constructor
* init user with optional given user
* init user with optional given user
* @param type $sUser
*
* @param string $sUser username to set
*/
*/
public
function
__construct
(
$sUser
=
false
){
public
function
__construct
(
string
$sUser
=
''
)
{
$this
->
setUser
(
$sUser
);
$this
->
setUser
(
$sUser
);
}
}
...
@@ -53,11 +60,13 @@ class user {
...
@@ -53,11 +60,13 @@ class user {
/**
/**
* get string with detected user from current session / basic auth / cli access
* Get string with detected user from current session / basic auth / cli access
*
* @return string
* @return string
*/
*/
private
function
_autoDetectUser
(){
private
function
_autoDetectUser
():
string
$sUser
=
false
;
{
$sUser
=
''
;
if
(
isset
(
$_SESSION
)
&&
isset
(
$_SESSION
[
"PHP_AUTH_USER"
]))
{
if
(
isset
(
$_SESSION
)
&&
isset
(
$_SESSION
[
"PHP_AUTH_USER"
]))
{
$sUser
=
$_SESSION
[
"PHP_AUTH_USER"
];
$sUser
=
$_SESSION
[
"PHP_AUTH_USER"
];
}
}
...
@@ -70,8 +79,12 @@ class user {
...
@@ -70,8 +79,12 @@ class user {
return
$sUser
;
return
$sUser
;
}
}
// UNUSED SO FAR
/**
private
function
_getUser2Projects
(){
* UNUSED SO FAR
* Idea: limit user access to a set of projects
*/
private
function
_getUser2Projects
()
{
$sFile
=
__DIR__
.
'/../../../config/inc_user2projects.php'
;
$sFile
=
__DIR__
.
'/../../../config/inc_user2projects.php'
;
return
file_exists
(
$sFile
)
return
file_exists
(
$sFile
)
?
require
$sFile
?
require
$sFile
...
@@ -79,21 +92,28 @@ class user {
...
@@ -79,21 +92,28 @@ class user {
;
;
}
}
private
function
_getUser2Roles
(){
/**
* Load roles per user from config
* @return array
*/
private
function
_getUser2Roles
():
array
{
$sFile
=
__DIR__
.
'/../../../config/inc_user2roles.php'
;
$sFile
=
__DIR__
.
'/../../../config/inc_user2roles.php'
;
return
file_exists
(
$sFile
)
return
file_exists
(
$sFile
)
?
require
$sFile
?
require
$sFile
:
[
'admin'
=>
[
'admin'
]]
:
[
'admin'
=>
[
'admin'
]]
;
;
}
}
/**
/**
* TODO: reimplement
* TODO: reimplement
* get the user groups of the current user from an internal source.
* get the user groups of the current user from an internal source.
* The function returns a flat aray with names of the groups
* The function returns a flat aray with names of the groups
* @return array
* @return array
*/
*/
private
function
_getUserGroups
(){
private
function
_getUserGroups
():
array
$aGroups
=
array
();
{
$aGroups
=
[];
if
(
$this
->
_sUsername
)
{
if
(
$this
->
_sUsername
)
{
$aGroups
[]
=
"authenticated"
;
$aGroups
[]
=
"authenticated"
;
// $aGroups[]='#'.$this->_sUsername;
// $aGroups[]='#'.$this->_sUsername;
...
@@ -114,8 +134,9 @@ class user {
...
@@ -114,8 +134,9 @@ class user {
* The function returns a flat aray with names of the roles
* The function returns a flat aray with names of the roles
* @return array
* @return array
*/
*/
private
function
_getUserPermission
(){
private
function
_getUserPermission
():
array
$aRoles
=
array
();
{
$aRoles
=
[];
$aRolesDefinitions
=
require
(
__DIR__
.
'/../../../config/inc_roles.php'
);
$aRolesDefinitions
=
require
(
__DIR__
.
'/../../../config/inc_roles.php'
);
// anonymous roles:
// anonymous roles:
...
@@ -139,11 +160,14 @@ class user {
...
@@ -139,11 +160,14 @@ class user {
/**
/**
* authenticate a user with the configured methods
* authenticate a user with the configured methods
*
* @global array $aConfig global config
* @global array $aConfig global config
* @global array $aParams params (i.e. GET and POST)
* @global array $aParams params (i.e. GET and POST)
*
* @return boolean
* @return boolean
*/
*/
public
function
authenticate
(){
public
function
authenticate
():
bool
{
global
$aConfig
,
$aParams
;
global
$aConfig
,
$aParams
;
if
(
!
isset
(
$aConfig
[
'auth'
])
||
!
is_array
(
$aConfig
[
'auth'
])
||
!
count
(
$aConfig
[
'auth'
])
||
!
isset
(
$aParams
[
'user'
]))
{
if
(
!
isset
(
$aConfig
[
'auth'
])
||
!
is_array
(
$aConfig
[
'auth'
])
||
!
count
(
$aConfig
[
'auth'
])
||
!
isset
(
$aParams
[
'user'
]))
{
return
false
;
return
false
;
...
@@ -184,7 +208,8 @@ class user {
...
@@ -184,7 +208,8 @@ class user {
* logoff user
* logoff user
* @return boolean
* @return boolean
*/
*/
public
function
logoff
(){
public
function
logoff
():
bool
{
unset
(
$_SESSION
[
"PHP_AUTH_USER"
]);
unset
(
$_SESSION
[
"PHP_AUTH_USER"
]);
$this
->
setUser
();
$this
->
setUser
();
return
true
;
return
true
;
...
@@ -193,9 +218,11 @@ class user {
...
@@ -193,9 +218,11 @@ class user {
/**
/**
* set an authenticated user and get its roles
* set an authenticated user and get its roles
* @param string $sUser optional: set a given username
* @param string $sUser optional: set a given username
* @return void
*/
*/
public
function
setUser
(
$sUser
=
false
){
public
function
setUser
(
string
$sUser
=
''
):
void
if
(
$sUser
!==
false
){
{
if
(
$sUser
)
{
$this
->
_sUsername
=
$sUser
;
$this
->
_sUsername
=
$sUser
;
$_SESSION
[
"PHP_AUTH_USER"
]
=
$sUser
;
$_SESSION
[
"PHP_AUTH_USER"
]
=
$sUser
;
}
else
{
}
else
{
...
@@ -207,10 +234,11 @@ class user {
...
@@ -207,10 +234,11 @@ class user {
}
}
/**
/**
*
r
et
urn
html code to display a denied message
*
G
et html code to display a denied message
* @return string
* @return string
*/
*/
public
function
showDenied
(){
public
function
showDenied
():
string
{
return
'<div class="alert alert-danger" role="alert">'
return
'<div class="alert alert-danger" role="alert">'
.
(
$this
->
_sUsername
.
(
$this
->
_sUsername
?
t
(
"class-user-error-deny-no-role"
)
.
'<br>'
.
$this
->
_sUsername
.
' --> ('
.
$this
->
_sLastCheckedPermission
.
')<br>'
?
t
(
"class-user-error-deny-no-role"
)
.
'<br>'
.
$this
->
_sUsername
.
' --> ('
.
$this
->
_sLastCheckedPermission
.
')<br>'
...
@@ -226,56 +254,70 @@ class user {
...
@@ -226,56 +254,70 @@ class user {
// ----------------------------------------------------------------------
// ----------------------------------------------------------------------
// UNUSED SO FAR
/**
public
function
getUser2Projects
(){
* UNUSED SO FAR
* Idea: limit user access to a set of projects
*/
public
function
getUser2Projects
()
{
return
$this
->
_getUser2Projects
();
return
$this
->
_getUser2Projects
();
}
}
public
function
getUser2Roles
(){
/**
* Get a list of all roles for the current user
* @return array
*/
public
function
getUser2Roles
():
array
{
return
$this
->
_getUser2Roles
();
return
$this
->
_getUser2Roles
();
}
}
/**
/**
*
g
et the current username
*
G
et the current username
* @return string
* @return string
*/
*/
public
function
getUsername
(){
public
function
getUsername
():
string
{
return
$this
->
_sUsername
;
return
$this
->
_sUsername
;
}
}
/**
/**
*
g
et a flat array with roles of the current user
*
G
et a flat array with roles of the current user
* @return array
* @return array
*/
*/
public
function
getUserGroups
(){
public
function
getUserGroups
():
array
{
return
$this
->
_aUserGroups
;
return
$this
->
_aUserGroups
;
}
}
/**
/**
*
g
et a flat array with roles of the current user
*
G
et a flat array with roles of the current user
* @return array
* @return array
*/
*/
public
function
getUserPermission
(){
public
function
getUserPermission
():
array
{
return
$this
->
_aUserPermmissions
;
return
$this
->
_aUserPermmissions
;
}
}
/**
/**
* check if the current user has a given role name
* check if the current user has a given role name
* @param string $sGroupname name of the role to check
* @param string $sGroupname name of the role to check
* @return
type
* @return
bool
*/
*/
public
function
hasGroup
(
$sGroupname
){
public
function
hasGroup
(
$sGroupname
)
return
(
array_search
(
$sGroupname
,
$this
->
_aUserGroups
)
!==
false
);
{
return
!!
(
array_search
(
$sGroupname
,
$this
->
_aUserGroups
)
!==
false
);
}
}
/**
/**
* check if the current user has a given role name
* check if the current user has a given role name
* @param string $sPermission name of the role to check
* @param string $sPermission name of the role to check
* @return
type
* @return
boolean
*/
*/
public
function
hasPermission
(
$sPermission
){
public
function
hasPermission
(
$sPermission
):
bool
{
$this
->
_sLastCheckedPermission
=
$sPermission
;
$this
->
_sLastCheckedPermission
=
$sPermission
;
$bReturn
=
array_search
(
$sPermission
,
$this
->
_aUserPermmissions
)
!==
false
;
$bReturn
=
!!
(
array_search
(
$sPermission
,
$this
->
_aUserPermmissions
)
!==
false
)
;
// $this->log(__FUNCTION__ . "($sRolename) -> " . $bReturn ? 'true' : 'false');
// $this->log(__FUNCTION__ . "($sRolename) -> " . $bReturn ? 'true' : 'false');
return
$bReturn
;
return
$bReturn
;
}
}
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment