galette/lib/Galette/Core/Authentication.php

   1 <?php
   2
   3 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
   4
   5 /**
   6  * Abstract authentication class for galette
   7  *
   8  * PHP version 5
   9  *
  10  * Copyright © 2009-2023 The Galette Team
  11  *
  12  * This file is part of Galette (http://galette.tuxfamily.org).
  13  *
  14  * Galette is free software: you can redistribute it and/or modify
  15  * it under the terms of the GNU General Public License as published by
  16  * the Free Software Foundation, either version 3 of the License, or
  17  * (at your option) any later version.
  18  *
  19  * Galette is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  *  GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with Galette. If not, see <http://www.gnu.org/licenses/>.
  26  *
  27  * @category  Authentication
  28  * @package   Galette
  29  *
  30  * @author    Johan Cwiklinski <johan@x-tnd.be>
  31  * @copyright 2009-2023 The Galette Team
  32  * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
  33  * @link      http://galette.tuxfamily.org
  34  * @since     Available since 0.7dev - 2009-02-28
  35  */
  36
  37 namespace Galette\Core;
  38
  39 /**
  40  * Abstract authentication class for galette
  41  *
  42  * @category  Authentication
  43  * @name      Authentication
  44  * @package   Galette
  45  * @author    Johan Cwiklinski <johan@x-tnd.be>
  46  * @copyright 2009-2023 The Galette Team
  47  * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
  48  * @link      http://galette.tuxfamily.org
  49  * @since     Available since 0.7dev - 2009-02-28
  50  *
  51  * @property  ?string $login
  52  * @property  ?string $name
  53  * @property  ?string $surname
  54  * @property  ?integer $id
  55  * @property  ?string $lang
  56  * @property  array $managed_groups
  57  */
  58
  59 abstract class Authentication
  60 {
  61     public const ACCESS_USER = 0;
  62     public const ACCESS_MANAGER = 1;
  63     public const ACCESS_STAFF = 2;
  64     public const ACCESS_ADMIN = 3;
  65     public const ACCESS_SUPERADMIN = 4;
  66
  67     protected $login;
  68     protected $name;
  69     protected $surname;
  70     protected $admin = false;
  71     protected $id;
  72     protected $lang;
  73     protected $logged = false;
  74     protected $active = false;
  75     protected $superadmin = false;
  76     protected $staff = false;
  77     protected $uptodate = false;
  78     protected $managed_groups = [];
  79     protected $cron = false;
  80
  81     /**
  82      * Logs in user.
  83      *
  84      * @param string $user  user's login
  85      * @param string $passe user's password
  86      *
  87      * @return boolean
  88      */
  89     abstract public function logIn($user, $passe);
  90
  91     /**
  92      * Does this login already exists ?
  93      * These function should be used for setting admin login into Preferences
  94      *
  95      * @param string $user the username
  96      *
  97      * @return true if the username already exists, false otherwise
  98      */
  99     abstract public function loginExists($user);
 100
 101     /**
 102      * Login for the superuser
 103      *
 104      * @param string      $login       name
 105      * @param Preferences $preferences Preferences instance
 106      *
 107      * @return void
 108      */
 109     public function logAdmin($login, Preferences $preferences)
 110     {
 111         $this->logged = true;
 112         $this->name = 'Admin';
 113         $this->login = $login;
 114         $this->admin = true;
 115         $this->active = true;
 116         $this->staff = false;
 117         $this->uptodate = false;
 118         $this->id = 0;
 119         $this->lang = $preferences->pref_lang;
 120         //a flag for super admin only, since it's not a regular user
 121         $this->superadmin = true;
 122     }
 123
 124     /**
 125      * Authenticate from cron
 126      *
 127      * @param string $name Service name
 128      *
 129      * @return void
 130      */
 131     public function logCron($name)
 132     {
 133         //known cronable files
 134         $ok = array('reminder');
 135
 136         if (in_array($name, $ok)) {
 137             $this->logged = true;
 138             $this->cron = true;
 139             $this->login = 'cron';
 140         } else {
 141             trigger_error('Not authorized!', E_USER_ERROR);
 142         }
 143     }
 144
 145     /**
 146      * Log out user and unset variables
 147      *
 148      * @return void
 149      */
 150     public function logOut()
 151     {
 152         $this->id = null;
 153         $this->logged = false;
 154         $this->name = null;
 155         $this->login = null;
 156         $this->admin = false;
 157         $this->active = false;
 158         $this->superadmin = false;
 159         $this->staff = false;
 160         $this->uptodate = false;
 161     }
 162
 163     /**
 164      * Is user logged-in?
 165      *
 166      * @return bool
 167      */
 168     public function isLogged()
 169     {
 170         return $this->logged;
 171     }
 172
 173     /**
 174      * Is user admin?
 175      *
 176      * @return bool
 177      */
 178     public function isAdmin(): bool
 179     {
 180         return (bool)$this->admin;
 181     }
 182
 183     /**
 184      * Is user super admin?
 185      *
 186      * @return bool
 187      */
 188     public function isSuperAdmin(): bool
 189     {
 190         return (bool)$this->superadmin;
 191     }
 192
 193     /**
 194      * Is user active?
 195      *
 196      * @return bool
 197      */
 198     public function isActive(): bool
 199     {
 200         return (bool)$this->active;
 201     }
 202
 203     /**
 204      * Is user member of staff?
 205      *
 206      * @return bool
 207      */
 208     public function isStaff(): bool
 209     {
 210         return (bool)$this->staff;
 211     }
 212
 213     /**
 214      * is user a crontab?
 215      *
 216      * @return bool
 217      */
 218     public function isCron(): bool
 219     {
 220         return (bool)$this->cron;
 221     }
 222
 223     /**
 224      * Is user a group manager?
 225      * If no group id is specified, check if user is manager for at
 226      * least one group.
 227      *
 228      * @param array|int $id_group Group(s) identifier(s)
 229      *
 230      * @return boolean
 231      */
 232     public function isGroupManager($id_group = null): bool
 233     {
 234         $manager = false;
 235         if ($this->isAdmin() || $this->isStaff()) {
 236             return true;
 237         } else {
 238             if ($id_group === null) {
 239                 $manager = count($this->managed_groups) > 0;
 240             } else {
 241                 $groups = (array)$id_group;
 242
 243                 foreach ($groups as $group) {
 244                     if (in_array($group, $this->managed_groups)) {
 245                         $manager = true;
 246                         break;
 247                     }
 248                 }
 249             }
 250         }
 251         return $manager;
 252     }
 253
 254     /**
 255      * Get managed groups
 256      *
 257      * @return array
 258      */
 259     public function getManagedGroups(): array
 260     {
 261         return $this->managed_groups;
 262     }
 263
 264     /**
 265      * Is user currently up to date?
 266      * An up to date member is active and either due free, or with up to date
 267      * subscription
 268      *
 269      * @return bool
 270      */
 271     public function isUp2Date(): bool
 272     {
 273         return (bool)$this->uptodate;
 274     }
 275
 276     /**
 277      * Display logged in member name
 278      *
 279      * @param boolean $only_name If we want only the name without any additional text
 280      *
 281      * @return String
 282      */
 283     public function loggedInAs($only_name = false)
 284     {
 285         $n = $this->name . ' ' . $this->surname . ' (' . $this->login . ')';
 286         if ($only_name === false) {
 287             return str_replace(
 288                 '%login',
 289                 $n,
 290                 _T("Logged in as:<br/>%login")
 291             );
 292         } else {
 293             return $n;
 294         }
 295     }
 296
 297     /**
 298      * Global getter method
 299      *
 300      * @param string $name name of the property we want to retrieve
 301      *
 302      * @return mixed
 303      */
 304     public function __get($name)
 305     {
 306         $forbidden = array('logged', 'admin', 'active', 'superadmin', 'staff', 'cron', 'uptodate');
 307         if (isset($this->$name) && !in_array($name, $forbidden)) {
 308             switch ($name) {
 309                 case 'id':
 310                     return (int)$this->$name;
 311                 default:
 312                     return $this->$name;
 313             }
 314         } else {
 315             return false;
 316         }
 317     }
 318
 319     /**
 320      * Global isset method
 321      * Required for twig to access properties via __get
 322      *
 323      * @param string $name name of the property we want to retrieve
 324      *
 325      * @return bool
 326      */
 327     public function __isset($name)
 328     {
 329         $forbidden = array('logged', 'admin', 'active', 'superadmin', 'staff', 'cron', 'uptodate');
 330         if (isset($this->$name) && !in_array($name, $forbidden)) {
 331             return true;
 332         } else {
 333             return false;
 334         }
 335     }
 336
 337
 338     /**
 339      * get user access level
 340      *
 341      * @return integer
 342      */
 343     public function getAccessLevel()
 344     {
 345
 346         if ($this->isSuperAdmin()) {
 347             return self::ACCESS_SUPERADMIN;
 348         } elseif ($this->isAdmin()) {
 349             return self::ACCESS_ADMIN;
 350         } elseif ($this->isStaff()) {
 351             return self::ACCESS_STAFF;
 352         } elseif ($this->isGroupManager()) {
 353             return self::ACCESS_MANAGER;
 354         } else {
 355             return self::ACCESS_USER;
 356         }
 357     }
 358 }