summaryrefslogtreecommitdiffstats
path: root/web/lib/credentials.inc.php
blob: 6c70ede1bf31a15bd0c90eab69114da29396104d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php

define("CRED_ACCOUNT_CHANGE_TYPE", 1);
define("CRED_ACCOUNT_EDIT", 2);
define("CRED_ACCOUNT_EDIT_DEV", 3);
define("CRED_ACCOUNT_LAST_LOGIN", 4);
define("CRED_ACCOUNT_SEARCH", 5);
define("CRED_COMMENT_DELETE", 6);
define("CRED_COMMENT_VIEW_DELETED", 22);
define("CRED_PKGBASE_ADOPT", 7);
define("CRED_PKGBASE_CHANGE_CATEGORY", 8);
define("CRED_PKGBASE_DELETE", 9);
define("CRED_PKGBASE_DISOWN", 10);
define("CRED_PKGBASE_FLAG", 11);
define("CRED_PKGBASE_LIST_VOTERS", 12);
define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16);
define("CRED_PKGREQ_FILE", 23);
define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19);
define("CRED_TU_LIST_VOTES", 20);
define("CRED_TU_VOTE", 21);

/**
 * Determine if a user has the permission to perform a given action
 *
 * @param int $credential The type of action to peform
 * @param array $approved_users A user whitelist for this query
 *
 * @return bool Return true if the user has the permission, false if not
 */
function has_credential($credential, $approved_users=array()) {
	if (!isset($_COOKIE['AURSID'])) {
		return false;
	}

	$uid = uid_from_sid($_COOKIE['AURSID']);
	if (in_array($uid, $approved_users)) {
		return true;
	}

	$atype = account_from_sid($_COOKIE['AURSID']);

	switch ($credential) {
	case CRED_PKGBASE_FLAG:
	case CRED_PKGBASE_NOTIFY:
	case CRED_PKGBASE_VOTE:
	case CRED_PKGREQ_FILE:
		return ($atype == 'User' || $atype == 'Trusted User' ||
			$atype == 'Developer' ||
			$atype == 'Trusted User & Developer');
	case CRED_ACCOUNT_CHANGE_TYPE:
	case CRED_ACCOUNT_EDIT:
	case CRED_ACCOUNT_LAST_LOGIN:
	case CRED_ACCOUNT_SEARCH:
	case CRED_COMMENT_DELETE:
	case CRED_COMMENT_VIEW_DELETED:
	case CRED_PKGBASE_ADOPT:
	case CRED_PKGBASE_CHANGE_CATEGORY:
	case CRED_PKGBASE_DELETE:
	case CRED_PKGBASE_DISOWN:
	case CRED_PKGBASE_LIST_VOTERS:
	case CRED_PKGBASE_SUBMIT_BLACKLISTED:
	case CRED_PKGBASE_UNFLAG:
	case CRED_PKGREQ_CLOSE:
	case CRED_PKGREQ_LIST:
		return ($atype == 'Trusted User' || $atype == 'Developer' ||
			$atype == 'Trusted User & Developer');
	case CRED_TU_ADD_VOTE:
	case CRED_TU_LIST_VOTES:
	case CRED_TU_VOTE:
		return ($atype == 'Trusted User' ||
			$atype == 'Trusted User & Developer');
	case CRED_ACCOUNT_EDIT_DEV:
		return ($atype == 'Developer' ||
			$atype == 'Trusted User & Developer');
	}

	return false;
}