diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 20:52:54 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 22:56:57 +0200 |
| commit | 03c6304e19d5d3ecd276dd3f42220db301ab511d (patch) | |
| tree | 25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/lib/credentials.inc.php | |
| parent | 9e6b861b6f40a90363c402b4d26602f33964cf41 (diff) | |
| download | aur-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.gz aur-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz | |
Rework permission handling
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/credentials.inc.php')
| -rw-r--r-- | web/lib/credentials.inc.php | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php new file mode 100644 index 00000000..22068e4c --- /dev/null +++ b/web/lib/credentials.inc.php @@ -0,0 +1,76 @@ +<?php +include_once("config.inc.php"); + +define("CRED_ACCOUNT_CHANGE_TYPE", 1); +define("CRED_ACCOUNT_EDIT", 2); +define("CRED_ACCOUNT_EDIT_DEV", 3); +define("CRED_ACCOUNT_LAST_LOGIN", 4); +define("CRED_ACCOUNT_SEARCH", 5); +define("CRED_COMMENT_DELETE", 6); +define("CRED_PKGBASE_ADOPT", 7); +define("CRED_PKGBASE_CHANGE_CATEGORY", 8); +define("CRED_PKGBASE_DELETE", 9); +define("CRED_PKGBASE_DISOWN", 10); +define("CRED_PKGBASE_FLAG", 11); +define("CRED_PKGBASE_LIST_VOTERS", 12); +define("CRED_PKGBASE_NOTIFY", 13); +define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14); +define("CRED_PKGBASE_UNFLAG", 15); +define("CRED_PKGBASE_VOTE", 16); +define("CRED_PKGREQ_CLOSE", 17); +define("CRED_PKGREQ_LIST", 18); +define("CRED_TU_ADD_VOTE", 19); +define("CRED_TU_LIST_VOTES", 20); +define("CRED_TU_VOTE", 21); + +/** + * Determine if a user has the permission to perform a given action + * + * @param int $credential The type of action to peform + * @param array $approved_users A user whitelist for this query + * + * @return bool Return true if the user has the permission, false if not + */ +function has_credential($credential, $approved_users=array()) { + if (!isset($_COOKIE['AURSID'])) { + return false; + } + + $uid = uid_from_sid($_COOKIE['AURSID']); + if (in_array($uid, $approved_users)) { + return true; + } + + $atype = account_from_sid($_COOKIE['AURSID']); + + switch ($credential) { + case CRED_PKGBASE_FLAG: + case CRED_PKGBASE_NOTIFY: + case CRED_PKGBASE_VOTE: + return ($atype == 'User' || $atype == 'Trusted User' || + $atype == 'Developer'); + case CRED_ACCOUNT_CHANGE_TYPE: + case CRED_ACCOUNT_EDIT: + case CRED_ACCOUNT_LAST_LOGIN: + case CRED_ACCOUNT_SEARCH: + case CRED_COMMENT_DELETE: + case CRED_PKGBASE_ADOPT: + case CRED_PKGBASE_CHANGE_CATEGORY: + case CRED_PKGBASE_DELETE: + case CRED_PKGBASE_DISOWN: + case CRED_PKGBASE_LIST_VOTERS: + case CRED_PKGBASE_SUBMIT_BLACKLISTED: + case CRED_PKGBASE_UNFLAG: + case CRED_PKGREQ_CLOSE: + case CRED_PKGREQ_LIST: + return ($atype == 'Trusted User' || $atype == 'Developer'); + case CRED_TU_ADD_VOTE: + case CRED_TU_LIST_VOTES: + case CRED_TU_VOTE: + return ($atype == 'Trusted User'); + case CRED_ACCOUNT_EDIT_DEV: + return ($atype == 'Developer'); + } + + return false; +} |