summaryrefslogtreecommitdiffstats
path: root/web/lib/credentials.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 20:52:54 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:56:57 +0200
commit03c6304e19d5d3ecd276dd3f42220db301ab511d (patch)
tree25f58ac23290a9e57f6bd93f6b5c8986bd9fcbef /web/lib/credentials.inc.php
parent9e6b861b6f40a90363c402b4d26602f33964cf41 (diff)
downloadaurweb-03c6304e19d5d3ecd276dd3f42220db301ab511d.tar.xz
Rework permission handling
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/credentials.inc.php')
-rw-r--r--web/lib/credentials.inc.php76
1 files changed, 76 insertions, 0 deletions
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
new file mode 100644
index 0000000..22068e4
--- /dev/null
+++ b/web/lib/credentials.inc.php
@@ -0,0 +1,76 @@
+<?php
+include_once("config.inc.php");
+
+define("CRED_ACCOUNT_CHANGE_TYPE", 1);
+define("CRED_ACCOUNT_EDIT", 2);
+define("CRED_ACCOUNT_EDIT_DEV", 3);
+define("CRED_ACCOUNT_LAST_LOGIN", 4);
+define("CRED_ACCOUNT_SEARCH", 5);
+define("CRED_COMMENT_DELETE", 6);
+define("CRED_PKGBASE_ADOPT", 7);
+define("CRED_PKGBASE_CHANGE_CATEGORY", 8);
+define("CRED_PKGBASE_DELETE", 9);
+define("CRED_PKGBASE_DISOWN", 10);
+define("CRED_PKGBASE_FLAG", 11);
+define("CRED_PKGBASE_LIST_VOTERS", 12);
+define("CRED_PKGBASE_NOTIFY", 13);
+define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
+define("CRED_PKGBASE_UNFLAG", 15);
+define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_CLOSE", 17);
+define("CRED_PKGREQ_LIST", 18);
+define("CRED_TU_ADD_VOTE", 19);
+define("CRED_TU_LIST_VOTES", 20);
+define("CRED_TU_VOTE", 21);
+
+/**
+ * Determine if a user has the permission to perform a given action
+ *
+ * @param int $credential The type of action to peform
+ * @param array $approved_users A user whitelist for this query
+ *
+ * @return bool Return true if the user has the permission, false if not
+ */
+function has_credential($credential, $approved_users=array()) {
+ if (!isset($_COOKIE['AURSID'])) {
+ return false;
+ }
+
+ $uid = uid_from_sid($_COOKIE['AURSID']);
+ if (in_array($uid, $approved_users)) {
+ return true;
+ }
+
+ $atype = account_from_sid($_COOKIE['AURSID']);
+
+ switch ($credential) {
+ case CRED_PKGBASE_FLAG:
+ case CRED_PKGBASE_NOTIFY:
+ case CRED_PKGBASE_VOTE:
+ return ($atype == 'User' || $atype == 'Trusted User' ||
+ $atype == 'Developer');
+ case CRED_ACCOUNT_CHANGE_TYPE:
+ case CRED_ACCOUNT_EDIT:
+ case CRED_ACCOUNT_LAST_LOGIN:
+ case CRED_ACCOUNT_SEARCH:
+ case CRED_COMMENT_DELETE:
+ case CRED_PKGBASE_ADOPT:
+ case CRED_PKGBASE_CHANGE_CATEGORY:
+ case CRED_PKGBASE_DELETE:
+ case CRED_PKGBASE_DISOWN:
+ case CRED_PKGBASE_LIST_VOTERS:
+ case CRED_PKGBASE_SUBMIT_BLACKLISTED:
+ case CRED_PKGBASE_UNFLAG:
+ case CRED_PKGREQ_CLOSE:
+ case CRED_PKGREQ_LIST:
+ return ($atype == 'Trusted User' || $atype == 'Developer');
+ case CRED_TU_ADD_VOTE:
+ case CRED_TU_LIST_VOTES:
+ case CRED_TU_VOTE:
+ return ($atype == 'Trusted User');
+ case CRED_ACCOUNT_EDIT_DEV:
+ return ($atype == 'Developer');
+ }
+
+ return false;
+}