From 03c6304e19d5d3ecd276dd3f42220db301ab511d Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Tue, 15 Jul 2014 20:52:54 +0200
Subject: Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/acctfuncs.inc.php    | 37 ++++++------------
 web/lib/aur.inc.php          | 11 +-----
 web/lib/credentials.inc.php  | 76 ++++++++++++++++++++++++++++++++++++
 web/lib/pkgbasefuncs.inc.php | 93 ++++++++++++++++++--------------------------
 web/lib/pkgfuncs.inc.php     | 36 ++++-------------
 web/lib/pkgreqfuncs.inc.php  |  2 +-
 6 files changed, 134 insertions(+), 121 deletions(-)
 create mode 100644 web/lib/credentials.inc.php

(limited to 'web/lib')

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 06d43117..e2e37b87 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -42,7 +42,6 @@ function html_format_pgp_fingerprint($fingerprint) {
  * Loads the account editing form, with any values that are already saved
  *
  * @global array $SUPPORTED_LANGS Languages that are supported by the AUR
- * @param string $UTYPE User type of the account accessing the form
  * @param string $A Form to use, either UpdateAccount or NewAccount
  * @param string $U The username to display
  * @param string $T The account type of the displayed user
@@ -59,7 +58,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  *
  * @return void
  */
-function display_account_form($UTYPE,$A,$U="",$T="",$S="",
+function display_account_form($A,$U="",$T="",$S="",
 		$E="",$P="",$C="",$R="",$L="",$I="",$K="",$J="", $UID=0) {
 	global $SUPPORTED_LANGS;
 
@@ -71,7 +70,6 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
  * Process information given to new/edit account form
  *
  * @global array $SUPPORTED_LANGS Languages that are supported by the AUR
- * @param string $UTYPE The account type of the user modifying the account
  * @param string $TYPE Either "edit" for editing or "new" for registering an account
  * @param string $A Form to use, either UpdateAccount or NewAccount
  * @param string $U The username for the account
@@ -89,7 +87,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
  *
  * @return string|void Return void if successful, otherwise return error
  */
-function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
+function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 			$P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) {
 	global $SUPPORTED_LANGS, $AUR_LOCATION;
 
@@ -143,7 +141,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 		$error = __("The PGP key fingerprint is invalid.");
 	}
 
-	if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) {
+	$atype = account_from_sid($_COOKIE['AURSID']);
+	if (($atype == "User" && $T > 1) || ($atype == "Trusted User" && $T > 2)) {
 		$error = __("Cannot increase account permissions.");
 	}
 	if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
@@ -188,7 +187,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 
 	if ($error) {
 		print "<ul class='errorlist'><li>".$error."</li></ul>\n";
-		display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
+		display_account_form($A, $U, $T, $S, $E, "", "",
 				$R, $L, $I, $K, $J, $UID);
 		return;
 	}
@@ -299,7 +298,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 /**
  * Display the search results page
  *
- * @param string $UTYPE User type of the account accessing the form
  * @param string $O The offset for the results page
  * @param string $SB The column to sort the results page by
  * @param string $U The username search criteria
@@ -312,7 +310,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
  *
  * @return void
  */
-function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
+function search_results_page($O=0,$SB="",$U="",$T="",
 		$S="",$E="",$R="",$I="",$K="") {
 
 	$HITS_PER_PAGE = 50;
@@ -1098,28 +1096,15 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal) {
 /**
  * Verify a user has the proper permissions to edit an account
  *
- * @param string $atype Account type of the editing user
  * @param array $acctinfo User account information for edited account
- * @param int $uid User ID of the editing user
  *
  * @return bool True if permission to edit the account, otherwise false
  */
-function can_edit_account($atype, $acctinfo, $uid) {
-	/* Developers can edit any account */
-	if ($atype == 'Developer') {
-		return true;
-	}
-
-	/* Trusted Users can edit all accounts except Developer accounts */
-	if ($atype == 'Trusted User' &&
-		$acctinfo['AccountType'] != 'Developer') {
-			return true;
+function can_edit_account($acctinfo) {
+	if ($acctinfo['AccountType'] == 'Developer') {
+		return has_credential(CRED_ACCOUNT_EDIT_DEV);
 	}
 
-	/* Users can edit only their own account */
-	if ($acctinfo['ID'] == $uid) {
-		return true;
-	}
-
-	return false;
+	$uid = uid_from_sid($_COOKIE['AURSID']);
+	return has_credential(CRED_ACCOUNT_EDIT, array($uid));
 }
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 7fa792bb..82730bb5 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -16,6 +16,7 @@ include_once("routing.inc.php");
 include_once("version.inc.php");
 include_once("acctfuncs.inc.php");
 include_once("cachefuncs.inc.php");
+include_once("credentials.inc.php");
 
 /**
  * Check if a visitor is logged in
@@ -406,16 +407,6 @@ function uid_from_email($email) {
 	return $row[0];
 }
 
-/**
- * Determine if a user has TU or Developer privileges
- *
- * @return bool Return true if the user is a TU or developer, otherwise false
- */
-function check_user_privileges() {
-	$type = account_from_sid($_COOKIE['AURSID']);
-	return ($type == 'Trusted User' || $type == 'Developer');
-}
-
 /**
  * Generate clean url with edited/added user values
  *
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
new file mode 100644
index 00000000..22068e4c
--- /dev/null
+++ b/web/lib/credentials.inc.php
@@ -0,0 +1,76 @@
+<?php
+include_once("config.inc.php");
+
+define("CRED_ACCOUNT_CHANGE_TYPE", 1);
+define("CRED_ACCOUNT_EDIT", 2);
+define("CRED_ACCOUNT_EDIT_DEV", 3);
+define("CRED_ACCOUNT_LAST_LOGIN", 4);
+define("CRED_ACCOUNT_SEARCH", 5);
+define("CRED_COMMENT_DELETE", 6);
+define("CRED_PKGBASE_ADOPT", 7);
+define("CRED_PKGBASE_CHANGE_CATEGORY", 8);
+define("CRED_PKGBASE_DELETE", 9);
+define("CRED_PKGBASE_DISOWN", 10);
+define("CRED_PKGBASE_FLAG", 11);
+define("CRED_PKGBASE_LIST_VOTERS", 12);
+define("CRED_PKGBASE_NOTIFY", 13);
+define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
+define("CRED_PKGBASE_UNFLAG", 15);
+define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_CLOSE", 17);
+define("CRED_PKGREQ_LIST", 18);
+define("CRED_TU_ADD_VOTE", 19);
+define("CRED_TU_LIST_VOTES", 20);
+define("CRED_TU_VOTE", 21);
+
+/**
+ * Determine if a user has the permission to perform a given action
+ *
+ * @param int $credential The type of action to peform
+ * @param array $approved_users A user whitelist for this query
+ *
+ * @return bool Return true if the user has the permission, false if not
+ */
+function has_credential($credential, $approved_users=array()) {
+	if (!isset($_COOKIE['AURSID'])) {
+		return false;
+	}
+
+	$uid = uid_from_sid($_COOKIE['AURSID']);
+	if (in_array($uid, $approved_users)) {
+		return true;
+	}
+
+	$atype = account_from_sid($_COOKIE['AURSID']);
+
+	switch ($credential) {
+	case CRED_PKGBASE_FLAG:
+	case CRED_PKGBASE_NOTIFY:
+	case CRED_PKGBASE_VOTE:
+		return ($atype == 'User' || $atype == 'Trusted User' ||
+			$atype == 'Developer');
+	case CRED_ACCOUNT_CHANGE_TYPE:
+	case CRED_ACCOUNT_EDIT:
+	case CRED_ACCOUNT_LAST_LOGIN:
+	case CRED_ACCOUNT_SEARCH:
+	case CRED_COMMENT_DELETE:
+	case CRED_PKGBASE_ADOPT:
+	case CRED_PKGBASE_CHANGE_CATEGORY:
+	case CRED_PKGBASE_DELETE:
+	case CRED_PKGBASE_DISOWN:
+	case CRED_PKGBASE_LIST_VOTERS:
+	case CRED_PKGBASE_SUBMIT_BLACKLISTED:
+	case CRED_PKGBASE_UNFLAG:
+	case CRED_PKGREQ_CLOSE:
+	case CRED_PKGREQ_LIST:
+		return ($atype == 'Trusted User' || $atype == 'Developer');
+	case CRED_TU_ADD_VOTE:
+	case CRED_TU_LIST_VOTES:
+	case CRED_TU_VOTE:
+		return ($atype == 'Trusted User');
+	case CRED_ACCOUNT_EDIT_DEV:
+		return ($atype == 'Developer');
+	}
+
+	return false;
+}
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index b357dff3..176b1448 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -346,15 +346,14 @@ function pkgbase_maintainer_uid($base_id) {
  * Flag package(s) as out-of-date
  *
  * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to flag/unflag
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_flag($atype, $base_ids) {
+function pkgbase_flag($base_ids) {
 	global $AUR_LOCATION;
 
-	if (!$atype) {
+	if (!has_credential(CRED_PKGBASE_FLAG)) {
 		return array(false, __("You must be logged in before you can flag packages."));
 	}
 
@@ -404,13 +403,13 @@ function pkgbase_flag($atype, $base_ids) {
 /**
  * Unflag package(s) as out-of-date
  *
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to flag/unflag
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_unflag($atype, $base_ids) {
-	if (!$atype) {
+function pkgbase_unflag($base_ids) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
 		return array(false, __("You must be logged in before you can unflag packages."));
 	}
 
@@ -425,8 +424,8 @@ function pkgbase_unflag($atype, $base_ids) {
 	$q.= "OutOfDateTS = NULL ";
 	$q.= "WHERE ID IN (" . implode(",", $base_ids) . ") ";
 
-	if ($atype != "Trusted User" && $atype != "Developer") {
-		$q.= "AND MaintainerUID = " . uid_from_sid($_COOKIE["AURSID"]);
+	if (!has_credential(CRED_PKGBASE_UNFLAG)) {
+		$q.= "AND MaintainerUID = " . $uid;
 	}
 
 	$result = $dbh->exec($q);
@@ -439,19 +438,14 @@ function pkgbase_unflag($atype, $base_ids) {
 /**
  * Delete package bases
  *
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to delete
  * @param int $merge_base_id Package base to merge the deleted ones into
  * @param int $via Package request to close upon deletion
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_delete ($atype, $base_ids, $merge_base_id, $via) {
-	if (!$atype) {
-		return array(false, __("You must be logged in before you can delete packages."));
-	}
-
-	if ($atype != "Trusted User" && $atype != "Developer") {
+function pkgbase_delete ($base_ids, $merge_base_id, $via) {
+	if (!has_credential(CRED_PKGBASE_DELETE)) {
 		return array(false, __("You do not have permission to delete packages."));
 	}
 
@@ -552,15 +546,15 @@ function pkgbase_delete ($atype, $base_ids, $merge_base_id, $via) {
 /**
  * Adopt or disown packages
  *
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to adopt/disown
  * @param bool $action Adopts if true, disowns if false. Adopts by default
  * @param int $via Package request to close upon adoption
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_adopt ($atype, $base_ids, $action=true, $via) {
-	if (!$atype) {
+function pkgbase_adopt ($base_ids, $action=true, $via) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
 		if ($action) {
 			return array(false, __("You must be logged in before you can adopt packages."));
 		} else {
@@ -579,23 +573,21 @@ function pkgbase_adopt ($atype, $base_ids, $action=true, $via) {
 
 	$dbh = DB::connect();
 
-	$field = "MaintainerUID";
 	$q = "UPDATE PackageBases ";
-
 	if ($action) {
-		$user = uid_from_sid($_COOKIE["AURSID"]);
+		$q.= "SET MaintainerUID = $uid ";
 	} else {
-		$user = 'NULL';
+		$q.= "SET MaintainerUID = NULL ";
 	}
-
-	$q.= "SET $field = $user ";
 	$q.= "WHERE ID IN (" . implode(",", $base_ids) . ") ";
 
-	if ($action && $atype == "User") {
+	if ($action && !has_credential(CRED_PKGBASE_ADOPT)) {
 		/* Regular users may only adopt orphan packages. */
-		$q.= "AND $field IS NULL ";
-	} else if ($atype == "User") {
-		$q.= "AND $field = " . uid_from_sid($_COOKIE["AURSID"]);
+		$q.= "AND MaintainerUID IS NULL";
+	}
+	if (!$action && !has_credential(CRED_PKGBASE_DISOWN)) {
+		/* Regular users may only disown their own packages. */
+		$q.= "AND MaintainerUID = " . $uid;
 	}
 
 	$dbh->exec($q);
@@ -615,14 +607,13 @@ function pkgbase_adopt ($atype, $base_ids, $action=true, $via) {
 /**
  * Vote and un-vote for packages
  *
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to vote/un-vote
  * @param bool $action Votes if true, un-votes if false. Votes by default
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_vote ($atype, $base_ids, $action=true) {
-	if (!$atype) {
+function pkgbase_vote ($base_ids, $action=true) {
+	if (!has_credential(CRED_PKGBASE_VOTE)) {
 		if ($action) {
 			return array(false, __("You must be logged in before you can vote for packages."));
 		} else {
@@ -767,13 +758,12 @@ function pkgbase_user_notify($uid, $base_id) {
 /**
  * Toggle notification of packages
  *
- * @param string $atype Account type, output of account_from_sid
  * @param array $base_ids Array of package base IDs to toggle
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_notify ($atype, $base_ids, $action=true) {
-	if (!$atype) {
+function pkgbase_notify ($base_ids, $action=true) {
+	if (!has_credential(CRED_PKGBASE_NOTIFY)) {
 		return;
 	}
 
@@ -845,12 +835,11 @@ function pkgbase_notify ($atype, $base_ids, $action=true) {
 /**
  * Delete a package comment
  *
- * @param string $atype Account type, output of account_from_sid
- *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_delete_comment($atype) {
-	if (!$atype) {
+function pkgbase_delete_comment() {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
 		return array(false, __("You must be logged in before you can edit package information."));
 	}
 
@@ -861,8 +850,7 @@ function pkgbase_delete_comment($atype) {
 	}
 
 	$dbh = DB::connect();
-	$uid = uid_from_sid($_COOKIE["AURSID"]);
-	if (can_delete_comment($comment_id, $atype, $uid)) {
+	if (can_delete_comment($comment_id)) {
 		$q = "UPDATE PackageComments ";
 		$q.= "SET DelUsersID = ".$uid." ";
 		$q.= "WHERE ID = ".intval($comment_id);
@@ -877,12 +865,12 @@ function pkgbase_delete_comment($atype) {
  * Change package base category
  *
  * @param int Package base ID of the package base to modify
- * @param string $atype Account type, output of account_from_sid
  *
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_change_category($base_id, $atype) {
-	if (!$atype)  {
+function pkgbase_change_category($base_id) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
 		return array(false, __("You must be logged in before you can edit package information."));
 	}
 
@@ -906,21 +894,16 @@ function pkgbase_change_category($base_id, $atype) {
 	if ($result) {
 		$row = $result->fetch(PDO::FETCH_ASSOC);
 	}
-	else {
-		return array(false, __("You are not allowed to change this package category."));
-	}
 
-	$uid = uid_from_sid($_COOKIE["AURSID"]);
-	if ($uid == $row["MaintainerUID"] ||
-	($atype == "Developer" || $atype == "Trusted User")) {
-		$q = "UPDATE PackageBases ";
-		$q.= "SET CategoryID = ".intval($category_id)." ";
-		$q.= "WHERE ID = ".intval($base_id);
-		$dbh->exec($q);
-		return array(true, __("Package category changed."));
-	} else {
+	if (!$result || !has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))) {
 		return array(false, __("You are not allowed to change this package category."));
 	}
+
+	$q = "UPDATE PackageBases ";
+	$q.= "SET CategoryID = ".intval($category_id)." ";
+	$q.= "WHERE ID = ".intval($base_id);
+	$dbh->exec($q);
+	return array(true, __("Package category changed."));
 }
 
 /**
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index a2b8a0d2..29da97b2 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -9,17 +9,15 @@ include_once("pkgbasefuncs.inc.php");
  * comments. This function is used for the backend side of comment deletion.
  *
  * @param string $comment_id The comment ID in the database
- * @param string $atype The account type of the user trying to delete a comment
- * @param string|int $uid The user ID of the individual trying to delete a comment
  *
  * @return bool True if the user can delete the comment, otherwise false
  */
-function can_delete_comment($comment_id=0, $atype="", $uid=0) {
-	if (!$uid) {
+function can_delete_comment($comment_id=0) {
+	if (!uid_from_sid($_COOKIE["AURSID"])) {
 		/* Unauthenticated users cannot delete anything. */
 		return false;
 	}
-	if ($atype == "Trusted User" || $atype == "Developer") {
+	if (has_credential(CRED_COMMENT_DELETE)) {
 		/* TUs and developers can delete any comment. */
 		return true;
 	}
@@ -45,23 +43,11 @@ function can_delete_comment($comment_id=0, $atype="", $uid=0) {
  * comments. This function is used for the frontend side of comment deletion.
  *
  * @param array $comment All database information relating a specific comment
- * @param string $atype The account type of the user trying to delete a comment
- * @param string|int $uid The user ID of the individual trying to delete a comment
  *
  * @return bool True if the user can delete the comment, otherwise false
  */
-function can_delete_comment_array($comment, $atype="", $uid=0) {
-	if (!$uid) {
-		/* Unauthenticated users cannot delete anything. */
-		return false;
-	} elseif ($atype == "Trusted User" || $atype == "Developer") {
-		/* TUs and developers can delete any comment. */
-		return true;
-	} else if ($comment['UsersID'] == $uid) {
-		/* Users can delete their own comments. */
-		return true;
-	}
-	return false;
+function can_delete_comment_array($comment) {
+	return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID']));
 }
 
 /**
@@ -70,18 +56,10 @@ function can_delete_comment_array($comment, $atype="", $uid=0) {
  * Only Trusted Users and Developers can delete blacklisted packages. Packages
  * are blacklisted if they are include in the official repositories.
  *
- * @param string $atype The account type of the user
- *
  * @return bool True if the user can submit blacklisted packages, otherwise false
  */
-function can_submit_blacklisted($atype = "") {
-	if ($atype == "Trusted User" || $atype == "Developer") {
-		/* Only TUs and developers can submit blacklisted packages. */
-		return true;
-	}
-	else {
-		return false;
-	}
+function can_submit_blacklisted() {
+	return has_credential(CRED_PKGBASE_SUBMIT_BLACKLISTED);
 }
 
 /**
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 76780fe1..09047eb7 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -182,7 +182,7 @@ function pkgreq_close($id, $reason, $comments) {
 	$dbh = DB::connect();
 	$id = intval($id);
 
-	if (!check_user_privileges()) {
+	if (!has_credential(CRED_PKGREQ_CLOSE)) {
 		return array(false, __("Only TUs and developers can close requests."));
 	}
 
-- 
cgit v1.2.3-24-g4f1b