3 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
6 * Galette Slim middleware for authentication
10 * Copyright © 2020 The Galette Team
12 * This file is part of Galette (http://galette.tuxfamily.org).
14 * Galette is free software: you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation, either version 3 of the License, or
17 * (at your option) any later version.
19 * Galette is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with Galette. If not, see <http://www.gnu.org/licenses/>.
30 * @author Johan Cwiklinski <johan@x-tnd.be>
31 * @copyright 2020 The Galette Team
32 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
33 * @link http://galette.tuxfamily.org
34 * @since Available since 0.9.4dev - 2020-05-06
37 namespace Galette\Middleware
;
39 use Psr\Http\Message\ServerRequestInterface
as Request
;
40 use Psr\Http\Message\ResponseInterface
as Response
;
41 use Galette\Entity\Adherent
;
42 use Galette\Filters\MembersList
;
43 use Galette\Repository\Members
;
47 * Galette Slim middleware for authentication
49 * @category Middleware
52 * @author Johan Cwiklinski <johan@x-tnd.be>
53 * @copyright 2020 The Galette Team
54 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
55 * @link http://galette.tuxfamily.org
56 * @since Available since 0.9.4dev - 2020-05-06
58 class Authenticate
extends CheckAcls
61 * @var Galette\Core\Login
73 * @param Slim\Container $container Container instance
75 public function __construct(\Slim\Container
$container)
77 parent
::__construct($container);
78 $this->login
= $container->get('login');
79 $this->session
= $container->get('session');
83 * Middleware invokable class
85 * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
86 * @param \Psr\Http\Message\ResponseInterface $response PSR7 response
87 * @param callable $next Next middleware
89 * @return \Psr\Http\Message\ResponseInterface
91 public function __invoke(Request
$request, Response
$response, $next): Response
93 if (!$this->login ||
!$this->login
->isLogged()) {
94 if ($request->isGet()) {
95 $this->session
->urlRedirect
= $request->getUri()->getPath();
98 'Login required to access ' . $this->session
->urlRedirect
,
101 $this->flash
->addMessage('error_detected', _T("Login required"));
103 ->withHeader('Location', $this->router
->pathFor('slash'));
106 $cur_route = $request->getAttribute('route')->getName();
107 $acl = $this->getAclFor($cur_route);
112 if ($this->login
->isSuperAdmin()) {
118 $this->login
->isSuperAdmin()
119 ||
$this->login
->isAdmin()
126 $this->login
->isSuperAdmin()
127 ||
$this->login
->isAdmin()
128 ||
$this->login
->isStaff()
135 $this->login
->isSuperAdmin()
136 ||
$this->login
->isAdmin()
137 ||
$this->login
->isStaff()
138 ||
$this->login
->isGroupManager()
144 if ($this->login
->isLogged()) {
149 throw new \
RuntimeException(
153 _T("Unknown ACL rule '%acl'!")
160 'Permission denied for route ' . $cur_route . ' for user ' . $this->login
->login
,
163 $this->flash
->addMessage(
165 _T("You do not have permission for requested URL.")
168 ->withHeader('Location', $this->router
->pathFor('slash'));
172 return $next($request, $response);