external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rework permission handling

Browse source 
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-07-15 20:52:54 +02:00
parent 9e6b861b6f
commit 03c6304e19
24 changed files with 187 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

76
web/lib/credentials.inc.php Normal file
View file

@ -0,0 +1,76 @@
<?php
include_once("config.inc.php");
define("CRED_ACCOUNT_CHANGE_TYPE", 1);
define("CRED_ACCOUNT_EDIT", 2);
define("CRED_ACCOUNT_EDIT_DEV", 3);
define("CRED_ACCOUNT_LAST_LOGIN", 4);
define("CRED_ACCOUNT_SEARCH", 5);
define("CRED_COMMENT_DELETE", 6);
define("CRED_PKGBASE_ADOPT", 7);
define("CRED_PKGBASE_CHANGE_CATEGORY", 8);
define("CRED_PKGBASE_DELETE", 9);
define("CRED_PKGBASE_DISOWN", 10);
define("CRED_PKGBASE_FLAG", 11);
define("CRED_PKGBASE_LIST_VOTERS", 12);
define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16);
define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19);
define("CRED_TU_LIST_VOTES", 20);
define("CRED_TU_VOTE", 21);
/**
* Determine if a user has the permission to perform a given action
*
* @param int $credential The type of action to peform
* @param array $approved_users A user whitelist for this query
*
* @return bool Return true if the user has the permission, false if not
*/
function has_credential($credential, $approved_users=array()) {
if (!isset($_COOKIE['AURSID'])) {
return false;
}
$uid = uid_from_sid($_COOKIE['AURSID']);
if (in_array($uid, $approved_users)) {
return true;
}
$atype = account_from_sid($_COOKIE['AURSID']);
switch ($credential) {
case CRED_PKGBASE_FLAG:
case CRED_PKGBASE_NOTIFY:
case CRED_PKGBASE_VOTE:
return ($atype == 'User' || $atype == 'Trusted User' ||
$atype == 'Developer');
case CRED_ACCOUNT_CHANGE_TYPE:
case CRED_ACCOUNT_EDIT:
case CRED_ACCOUNT_LAST_LOGIN:
case CRED_ACCOUNT_SEARCH:
case CRED_COMMENT_DELETE:
case CRED_PKGBASE_ADOPT:
case CRED_PKGBASE_CHANGE_CATEGORY:
case CRED_PKGBASE_DELETE:
case CRED_PKGBASE_DISOWN:
case CRED_PKGBASE_LIST_VOTERS:
case CRED_PKGBASE_SUBMIT_BLACKLISTED:
case CRED_PKGBASE_UNFLAG:
case CRED_PKGREQ_CLOSE:
case CRED_PKGREQ_LIST:
return ($atype == 'Trusted User' || $atype == 'Developer');
case CRED_TU_ADD_VOTE:
case CRED_TU_LIST_VOTES:
case CRED_TU_VOTE:
return ($atype == 'Trusted User');
case CRED_ACCOUNT_EDIT_DEV:
return ($atype == 'Developer');
}
return false;
}