castopod/app/Filters/PermissionFilter.php

<?php

namespace App\Filters;

use App\Models\PodcastModel;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use Myth\Auth\Exceptions\PermissionException;

class PermissionFilter implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do. By default it should not return anything during normal execution.
     * However, when an abnormal state is found, it should return an instance of CodeIgniter\HTTP\Response. If it does,
     * script execution will end and that Response will be sent back to the client, allowing for error pages, redirects,
     * etc.
     *
     * @param string[]|null                         $params
     * @return void|mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        helper('auth');

        if ($params === null) {
            return;
        }

        $authenticate = Services::authentication();

        // if no user is logged in then send to the login form
        if (! $authenticate->check()) {
            session()->set('redirect_url', current_url());
            return redirect('login');
        }

        helper('misc');
        $authorize = Services::authorization();
        $router = Services::router();
        $routerParams = $router->params();
        $result = false;

        // Check if user has at least one of the permissions
        foreach ($params as $permission) {
            // check if permission is for a specific podcast
            if (
                (str_starts_with($permission, 'podcast-') ||
                    str_starts_with($permission, 'podcast_episodes-')) &&
                count($routerParams) > 0
            ) {
                if (
                    ($groupId = (new PodcastModel())->getContributorGroupId(
                        $authenticate->id(),
                        $routerParams[0],
                    )) &&
                    $authorize->groupHasPermission($permission, $groupId)
                ) {
                    $result = true;
                    break;
                }
            } elseif (
                $authorize->hasPermission($permission, $authenticate->id())
            ) {
                $result = true;
                break;
            }
        }

        if (! $result) {
            if ($authenticate->silent()) {
                $redirectURL = session('redirect_url') ?? '/';
                unset($_SESSION['redirect_url']);
                return redirect()
                    ->to($redirectURL)
                    ->with('error', lang('Auth.notEnoughPrivilege'));
            }
            throw new PermissionException(lang('Auth.notEnoughPrivilege'));
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response object as needed. This method does not allow any way to
     * stop execution of other after filters, short of throwing an Exception or Error.
     *
     * @param string[]|null                          $arguments
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
    }

    //--------------------------------------------------------------------
}
refactor: add php_codesniffer to define castopod's coding style based on psr-1 - add .editorconfig file - format all files to comply with castopod's coding style - switch parsedown dependency with commonmark library to better follow commonmark spec for markdown - add prettier command to format all project files at once closes #16 2020-08-04 13:25:22 +02:00			`<?php`

			`namespace App\Filters;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
			`use App\Models\PodcastModel;`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`use CodeIgniter\Filters\FilterInterface;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`use CodeIgniter\HTTP\RequestInterface;`
			`use CodeIgniter\HTTP\ResponseInterface;`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`use Config\Services;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`use Myth\Auth\Exceptions\PermissionException;`

feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00			`class PermissionFilter implements FilterInterface`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`{`
			`/**`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`* Do whatever processing this filter needs to do. By default it should not return anything during normal execution.`
			`* However, when an abnormal state is found, it should return an instance of CodeIgniter\HTTP\Response. If it does,`
			`* script execution will end and that Response will be sent back to the client, allowing for error pages, redirects,`
			`* etc.`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*`
refactor: update code base to php 8 and set phpstan lvl to 6 2021-05-14 19:59:35 +02:00			`* @param string[]\|null $params`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`* @return void\|mixed`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*/`
			`public function before(RequestInterface $request, $params = null)`
			`{`
refactor: add phpstan and update code to adhere to level 5 - move and refactor Image.php from Libraries to Entities folder - update some database field names / types - update composer packages 2021-05-12 16:00:25 +02:00			`helper('auth');`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00
refactor: remove all empty declarations + add missing type declarations update composer dependencies 2021-05-18 19:16:36 +02:00			`if ($params === null) {`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`return;`
			`}`

			`$authenticate = Services::authentication();`

			`// if no user is logged in then send to the login form`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`if (! $authenticate->check()) {`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`session()->set('redirect_url', current_url());`
			`return redirect('login');`
			`}`

			`helper('misc');`
			`$authorize = Services::authorization();`
			`$router = Services::router();`
			`$routerParams = $router->params();`
			`$result = false;`

			`// Check if user has at least one of the permissions`
			`foreach ($params as $permission) {`
			`// check if permission is for a specific podcast`
			`if (`
refactor: update code base to php 8 and set phpstan lvl to 6 2021-05-14 19:59:35 +02:00			`(str_starts_with($permission, 'podcast-') \|\|`
			`str_starts_with($permission, 'podcast_episodes-')) &&`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`count($routerParams) > 0`
			`) {`
			`if (`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`($groupId = (new PodcastModel())->getContributorGroupId(`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`$authenticate->id(),`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`$routerParams[0],`
			`)) &&`
			`$authorize->groupHasPermission($permission, $groupId)`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`) {`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`$result = true;`
			`break;`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`
			`} elseif (`
			`$authorize->hasPermission($permission, $authenticate->id())`
			`) {`
			`$result = true;`
			`break;`
			`}`
			`}`

style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`if (! $result) {`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`if ($authenticate->silent()) {`
			`$redirectURL = session('redirect_url') ?? '/';`
			`unset($_SESSION['redirect_url']);`
			`return redirect()`
			`->to($redirectURL)`
			`->with('error', lang('Auth.notEnoughPrivilege'));`
			`}`
refactor: add rector to enforce type declarations, code quality + style and remove dead code - update CI process to include quality stage (tests + code review) - add captainhook to install git pre-commit & pre-push hooks - remove .devcontainer Dockerfile to use project's docker-compose services: all services can now be started automatically using vscode - update docs/setup-development.md 2021-05-06 16:00:48 +02:00			`throw new PermissionException(lang('Auth.notEnoughPrivilege'));`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`
			`}`

			`//--------------------------------------------------------------------`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`/**`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`* Allows After filters to inspect and modify the response object as needed. This method does not allow any way to`
			`* stop execution of other after filters, short of throwing an Exception or Error.`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*`
refactor: update code base to php 8 and set phpstan lvl to 6 2021-05-14 19:59:35 +02:00			`* @param string[]\|null $arguments`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`*/`
style(ecs): add easy-coding-standard to enforce coding style rules for php - update .devcontainer settings: remove auto-formatting for php + set intelephense as default formatter - remove prettier php plugin as it lacks php 8 support - add captain hook action for checking style pre-commit - fix style with ecs on all files except views 2021-05-19 18:35:13 +02:00			`public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void`
			`{`
refactor(auth): change contributor's role logic to have it included in the users_podcasts table - update myth-auth and codeigniter to latest develop changes - improve permission check: remove all dynamic permissions per podcast and overwrite myth-auth services and permission filter - remove unnecessary code because of myth-auth upgrade - refactor some controller code for better clarity - add remaining seeders in docs closes #19, #20 2020-07-31 18:05:10 +02:00			`}`

			`//--------------------------------------------------------------------`
			`}`