galette/lib/Galette/Core/Authentication.php

   1 <?php
   2
   3 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
   4
   5 /**
   6  * Abstract authentication class for galette
   7  *
   8  * PHP version 5
   9  *
  10  * Copyright © 2009-2024 The Galette Team
  11  *
  12  * This file is part of Galette (http://galette.tuxfamily.org).
  13  *
  14  * Galette is free software: you can redistribute it and/or modify
  15  * it under the terms of the GNU General Public License as published by
  16  * the Free Software Foundation, either version 3 of the License, or
  17  * (at your option) any later version.
  18  *
  19  * Galette is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  *  GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with Galette. If not, see <http://www.gnu.org/licenses/>.
  26  *
  27  * @category  Authentication
  28  * @package   Galette
  29  *
  30  * @author    Johan Cwiklinski <johan@x-tnd.be>
  31  * @copyright 2009-2024 The Galette Team
  32  * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
  33  * @link      http://galette.tuxfamily.org
  34  * @since     Available since 0.7dev - 2009-02-28
  35  */
  36
  37 namespace Galette\Core;
  38
  39 /**
  40  * Abstract authentication class for galette
  41  *
  42  * @category  Authentication
  43  * @name      Authentication
  44  * @package   Galette
  45  * @author    Johan Cwiklinski <johan@x-tnd.be>
  46  * @copyright 2009-2024 The Galette Team
  47  * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
  48  * @link      http://galette.tuxfamily.org
  49  * @since     Available since 0.7dev - 2009-02-28
  50  *
  51  * @property  ?string $login
  52  * @property  ?string $name
  53  * @property  ?string $surname
  54  * @property  ?integer $id
  55  * @property  ?string $lang
  56  * @property  array $managed_groups
  57  */
  58
  59 abstract class Authentication
  60 {
  61     public const ACCESS_USER = 0;
  62     public const ACCESS_MANAGER = 1;
  63     public const ACCESS_STAFF = 2;
  64     public const ACCESS_ADMIN = 3;
  65     public const ACCESS_SUPERADMIN = 4;
  66
  67     protected $login;
  68     protected $name;
  69     protected $surname;
  70     protected $admin = false;
  71     protected $id;
  72     protected $lang;
  73     protected $logged = false;
  74     protected $active = false;
  75     protected $superadmin = false;
  76     protected $staff = false;
  77     protected $uptodate = false;
  78     protected $managed_groups = [];
  79     protected $cron = false;
  80     protected $compact_menu = false;
  81     protected $dark_mode = false;
  82
  83     /**
  84      * Logs in user.
  85      *
  86      * @param string $user  user's login
  87      * @param string $passe user's password
  88      *
  89      * @return boolean
  90      */
  91     abstract public function logIn($user, $passe);
  92
  93     /**
  94      * Does this login already exists ?
  95      * These function should be used for setting admin login into Preferences
  96      *
  97      * @param string $user the username
  98      *
  99      * @return true if the username already exists, false otherwise
 100      */
 101     abstract public function loginExists($user);
 102
 103     /**
 104      * Login for the superuser
 105      *
 106      * @param string      $login       name
 107      * @param Preferences $preferences Preferences instance
 108      *
 109      * @return void
 110      */
 111     public function logAdmin($login, Preferences $preferences)
 112     {
 113         $this->logged = true;
 114         $this->name = 'Admin';
 115         $this->login = $login;
 116         $this->admin = true;
 117         $this->active = true;
 118         $this->staff = false;
 119         $this->uptodate = false;
 120         $this->id = 0;
 121         $this->lang = $preferences->pref_lang;
 122         //a flag for super admin only, since it's not a regular user
 123         $this->superadmin = true;
 124     }
 125
 126     /**
 127      * Authenticate from cron
 128      *
 129      * @param string      $name        Service name
 130      * @param Preferences $preferences Preferences instance
 131      *
 132      * @return void
 133      */
 134     public function logCron($name, Preferences $preferences)
 135     {
 136         //known cronable files
 137         $ok = array('reminder');
 138
 139         if (in_array($name, $ok)) {
 140             $this->logged = true;
 141             $this->cron = true;
 142             $this->login = 'cron';
 143             $this->lang = $preferences->pref_lang;
 144         } else {
 145             trigger_error('Not authorized!', E_USER_ERROR);
 146         }
 147     }
 148
 149     /**
 150      * Log out user and unset variables
 151      *
 152      * @return void
 153      */
 154     public function logOut()
 155     {
 156         $this->id = null;
 157         $this->logged = false;
 158         $this->name = null;
 159         $this->login = null;
 160         $this->admin = false;
 161         $this->active = false;
 162         $this->superadmin = false;
 163         $this->staff = false;
 164         $this->uptodate = false;
 165         $this->lang = null;
 166     }
 167
 168     /**
 169      * Is user logged-in?
 170      *
 171      * @return bool
 172      */
 173     public function isLogged()
 174     {
 175         return $this->logged;
 176     }
 177
 178     /**
 179      * Is user admin?
 180      *
 181      * @return bool
 182      */
 183     public function isAdmin(): bool
 184     {
 185         return (bool)$this->admin;
 186     }
 187
 188     /**
 189      * Is user super admin?
 190      *
 191      * @return bool
 192      */
 193     public function isSuperAdmin(): bool
 194     {
 195         return (bool)$this->superadmin;
 196     }
 197
 198     /**
 199      * Is user active?
 200      *
 201      * @return bool
 202      */
 203     public function isActive(): bool
 204     {
 205         return (bool)$this->active;
 206     }
 207
 208     /**
 209      * Is user member of staff?
 210      *
 211      * @return bool
 212      */
 213     public function isStaff(): bool
 214     {
 215         return (bool)$this->staff;
 216     }
 217
 218     /**
 219      * is user a crontab?
 220      *
 221      * @return bool
 222      */
 223     public function isCron(): bool
 224     {
 225         return (bool)$this->cron;
 226     }
 227
 228     /**
 229      * Is user a group manager?
 230      * If no group id is specified, check if user is manager for at
 231      * least one group.
 232      *
 233      * @param array|int $id_group Group(s) identifier(s)
 234      *
 235      * @return boolean
 236      */
 237     public function isGroupManager($id_group = null): bool
 238     {
 239         $manager = false;
 240         if ($this->isAdmin() || $this->isStaff()) {
 241             return true;
 242         } else {
 243             if ($id_group === null) {
 244                 $manager = count($this->managed_groups) > 0;
 245             } else {
 246                 $groups = (array)$id_group;
 247
 248                 foreach ($groups as $group) {
 249                     if (in_array($group, $this->managed_groups)) {
 250                         $manager = true;
 251                         break;
 252                     }
 253                 }
 254             }
 255         }
 256         return $manager;
 257     }
 258
 259     /**
 260      * Get managed groups
 261      *
 262      * @return array
 263      */
 264     public function getManagedGroups(): array
 265     {
 266         return $this->managed_groups;
 267     }
 268
 269     /**
 270      * Get compact menu mode
 271      *
 272      * @return bool
 273      */
 274     public function getCompactMenu(): bool
 275     {
 276         return $this->logged && isset($_COOKIE['galette_compact_menu']) && $_COOKIE['galette_compact_menu'];
 277     }
 278
 279     /**
 280      * Is dark mode enabled?
 281      *
 282      * @return bool
 283      */
 284     public function isDarkModeEnabled(): bool
 285     {
 286         return isset($_COOKIE['galette_dark_mode']) && $_COOKIE['galette_dark_mode'];
 287     }
 288
 289     /**
 290      * Is user currently up to date?
 291      * An up-to-date member is active and either due free, or with up-to-date
 292      * subscription
 293      *
 294      * @return bool
 295      */
 296     public function isUp2Date(): bool
 297     {
 298         return (bool)$this->uptodate;
 299     }
 300
 301     /**
 302      * Display logged in member name
 303      *
 304      * @param boolean $only_name If we want only the name without any additional text
 305      *
 306      * @return String
 307      */
 308     public function loggedInAs($only_name = false)
 309     {
 310         $n = $this->name . ' ' . $this->surname . ' (' . $this->login . ')';
 311         if ($only_name === false) {
 312             return str_replace(
 313                 '%login',
 314                 $n,
 315                 _T("Logged in as:<br/>%login")
 316             );
 317         } else {
 318             return $n;
 319         }
 320     }
 321
 322     /**
 323      * Global getter method
 324      *
 325      * @param string $name name of the property we want to retrieve
 326      *
 327      * @return mixed
 328      */
 329     public function __get($name)
 330     {
 331         $forbidden = array('logged', 'admin', 'active', 'superadmin', 'staff', 'cron', 'uptodate');
 332         if (isset($this->$name) && !in_array($name, $forbidden)) {
 333             switch ($name) {
 334                 case 'id':
 335                     return (int)$this->$name;
 336                 default:
 337                     return $this->$name;
 338             }
 339         } else {
 340             return false;
 341         }
 342     }
 343
 344     /**
 345      * Global isset method
 346      * Required for twig to access properties via __get
 347      *
 348      * @param string $name name of the property we want to retrieve
 349      *
 350      * @return bool
 351      */
 352     public function __isset($name)
 353     {
 354         $forbidden = array('logged', 'admin', 'active', 'superadmin', 'staff', 'cron', 'uptodate');
 355         if (isset($this->$name) && !in_array($name, $forbidden)) {
 356             return true;
 357         } else {
 358             return false;
 359         }
 360     }
 361
 362
 363     /**
 364      * get user access level
 365      *
 366      * @return integer
 367      */
 368     public function getAccessLevel()
 369     {
 370
 371         if ($this->isSuperAdmin()) {
 372             return self::ACCESS_SUPERADMIN;
 373         } elseif ($this->isAdmin()) {
 374             return self::ACCESS_ADMIN;
 375         } elseif ($this->isStaff()) {
 376             return self::ACCESS_STAFF;
 377         } elseif ($this->isGroupManager()) {
 378             return self::ACCESS_MANAGER;
 379         } else {
 380             return self::ACCESS_USER;
 381         }
 382     }
 383 }