castopod/modules/Auth/Filters/PermissionFilter.php

<?php

declare(strict_types=1);

namespace Modules\Auth\Filters;

use App\Entities\Podcast;
use App\Models\PodcastModel;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Shield\Exceptions\RuntimeException;
use Config\Services;

class PermissionFilter implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do. By default it should not return anything during normal execution.
     * However, when an abnormal state is found, it should return an instance of CodeIgniter\HTTP\Response. If it does,
     * script execution will end and that Response will be sent back to the client, allowing for error pages, redirects,
     * etc.
     *
     * @param string[]|null                         $params
     * @return void|mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        if (empty($params)) {
            return;
        }

        if (! function_exists('auth')) {
            helper('auth');
        }

        if (! auth()->loggedIn()) {
            return redirect()->to('login');
        }

        $result = true;

        foreach ($params as $permission) {
            // does permission is specific to a podcast?
            if (str_contains($permission, '#')) {
                $router = Services::router();
                $routerParams = $router->params();

                // get podcast id
                $podcastId = null;
                if (is_numeric($routerParams[0])) {
                    $podcastId = (int) $routerParams[0];
                } else {
                    $podcast = (new PodcastModel())->getPodcastByHandle($routerParams[0]);
                    if ($podcast instanceof Podcast) {
                        $podcastId = $podcast->id;
                    }
                }

                if ($podcastId !== null) {
                    $permission = str_replace('#', '#' . $podcastId, $permission);
                }
            }

            $result = $result && auth()
                ->user()
                ->can($permission);
        }

        if (! $result) {
            throw new RuntimeException(lang('Auth.notEnoughPrivilege'), 403);
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response object as needed. This method does not allow any way to
     * stop execution of other after filters, short of throwing an Exception or Error.
     *
     * @param string[]|null                          $arguments
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
    }

    //--------------------------------------------------------------------
}
refactor: add php_codesniffer to define castopod's coding style based on psr-1 - add .editorconfig file - format all files to comply with castopod's coding style - switch parsedown dependency with commonmark library to better follow commonmark spec for markdown - add prettier command to format all project files at once closes #16 2020-08-04 13:25:22 +02:00			`<?php`

refactor: add strict types declaration before each file and fix activitypub issues fix some style issues 2021-06-08 11:52:11 +02:00			`declare(strict_types=1);`

refactor(modules): extract castopod parts into a modules/ folder for a scalable HMVC structure - create Admin, Analytics, Auth, Fediverse and Install modules in the root modules/ folder - rename ActivityPub to Fediverse 2021-08-23 13:05:16 +02:00			`namespace Modules\Auth\Filters;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
build: update js and php dependencies to latest 2023-04-14 13:11:53 +02:00			`use App\Entities\Podcast;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`use App\Models\PodcastModel;`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`use CodeIgniter\Filters\FilterInterface;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`use CodeIgniter\HTTP\RequestInterface;`
			`use CodeIgniter\HTTP\ResponseInterface;`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`use CodeIgniter\Shield\Exceptions\RuntimeException;`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`use Config\Services;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00			`class PermissionFilter implements FilterInterface`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`{`
			`/**`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`* Do whatever processing this filter needs to do. By default it should not return anything during normal execution.`
			`* However, when an abnormal state is found, it should return an instance of CodeIgniter\HTTP\Response. If it does,`
			`* script execution will end and that Response will be sent back to the client, allowing for error pages, redirects,`
			`* etc.`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*`
refactor: update code base to php 8 and set phpstan lvl to 6 2021-05-14 19:59:35 +02:00			`* @param string[]\|null $params`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`* @return void\|mixed`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*/`
			`public function before(RequestInterface $request, $params = null)`
			`{`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`if (empty($params)) {`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`return;`
			`}`

refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`if (! function_exists('auth')) {`
			`helper('auth');`
			`}`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`if (! auth()->loggedIn()) {`
			`return redirect()->to('login');`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`

refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`$result = true;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
			`foreach ($params as $permission) {`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`// does permission is specific to a podcast?`
			`if (str_contains($permission, '#')) {`
			`$router = Services::router();`
			`$routerParams = $router->params();`

			`// get podcast id`
			`$podcastId = null;`
			`if (is_numeric($routerParams[0])) {`
			`$podcastId = (int) $routerParams[0];`
			`} else {`
			`$podcast = (new PodcastModel())->getPodcastByHandle($routerParams[0]);`
build: update js and php dependencies to latest 2023-04-14 13:11:53 +02:00			`if ($podcast instanceof Podcast) {`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`$podcastId = $podcast->id;`
			`}`
			`}`

			`if ($podcastId !== null) {`
			`$permission = str_replace('#', '#' . $podcastId, $permission);`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`
			`}`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00
			`$result = $result && auth()`
			`->user()`
			`->can($permission);`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`

style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`if (! $result) {`
refactor(auth): replace myth/auth with codeigniter/shield + define new roles closes #222 2022-10-15 13:22:08 +02:00			`throw new RuntimeException(lang('Auth.notEnoughPrivilege'), 403);`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`
			`}`

			`//--------------------------------------------------------------------`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`/**`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`* Allows After filters to inspect and modify the response object as needed. This method does not allow any way to`
			`* stop execution of other after filters, short of throwing an Exception or Error.`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*`
refactor: update code base to php 8 and set phpstan lvl to 6 2021-05-14 19:59:35 +02:00			`* @param string[]\|null $arguments`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*/`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void`
			`{`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`

			`//--------------------------------------------------------------------`
			`}`