Skip to content

Commit

Permalink
Code maintenance filter classes (#25)
Browse files Browse the repository at this point in the history
  • Loading branch information
@glewe
glewe committed Nov 27, 2024
1 parent 0cb9f83 commit 0ae6e99
Show file tree
Hide file tree
Showing 4 changed files with 112 additions and 39 deletions.
48 changes: 35 additions & 13 deletions src/Filters/GroupFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,52 +8,74 @@
use CI4\Auth\Exceptions\PermissionException;

class GroupFilter implements FilterInterface {

/**
* --------------------------------------------------------------------------
* Before.
* --------------------------------------------------------------------------
*
* Do whatever processing this filter needs to do. By default it should not
* return anything during normal execution. However, when an abnormal state
* is found, it should return an instance of CodeIgniter\HTTP\Response. If
* it does, script execution will end and that Response will be sent back
* to the client, allowing for error pages, redirects, etc.
* Handles the logic to be executed before the request is processed.
*
* This method checks if the user is logged in and belongs to the required groups.
* If the user is not logged in, they are redirected to the login page.
* If the user does not belong to the required groups, they are redirected to an
* error page or an exception is thrown.
*
* @param RequestInterface $request
* @param array|null $arguments
* @param RequestInterface $request The current request instance.
* @param array|null $arguments The groups required to access the resource.
*
* @return \CodeIgniter\HTTP\RedirectResponse|void;
* @return \CodeIgniter\HTTP\RedirectResponse|bool
*/
public function before(RequestInterface $request, $arguments = null) {
public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool {
//
// Load the 'auth' helper if the 'logged_in' function does not exist
//
if (!function_exists('logged_in')) helper('auth');

if (empty($arguments)) return;
//
// If no groups are specified, return false
//
if (empty($arguments)) {
return false;
}

//
// Get the authentication service
//
$authenticate = service('authentication');

//
// If no user is logged in then send to the login form
// If no user is logged in, redirect to the login form
//
if (!$authenticate->check()) {
session()->set('redirect_url', current_url());
return redirect('login');
}

//
// Get the authorization service
//
$authorize = service('authorization');

//
// Check each requested group
//
foreach ($arguments as $group) {
if ($authorize->inGroup($group, $authenticate->id())) return;
if ($authorize->inGroup($group, $authenticate->id())) {
return false;
}
}

//
// If the user does not belong to the required groups, handle the response
//
if ($authenticate->silent()) {
// $redirectURL = session('redirect_url') ?? '/';
// Redirect to the error page
$redirectURL = '/error';
unset($_SESSION['redirect_url']);
return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions'));
} else {
// Throw a PermissionException
throw new PermissionException(lang('Auth.exception.insufficient_permissions'));
}
}
Expand Down
4 changes: 4 additions & 0 deletions src/Filters/LoginFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Config\App;

class LoginFilter implements FilterInterface {

/**
* --------------------------------------------------------------------------
* Before.
Expand All @@ -21,6 +22,9 @@ class LoginFilter implements FilterInterface {
* @return \CodeIgniter\HTTP\RedirectResponse|bool
*/
public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool {
//
// Load the 'auth' helper if the 'logged_in' function does not exist
//
if (!function_exists('logged_in')) {
helper('auth');
}
Expand Down
45 changes: 34 additions & 11 deletions src/Filters/PermissionFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
use CI4\Auth\Exceptions\PermissionException;

class PermissionFilter implements FilterInterface {
//---------------------------------------------------------------------------

/**
* --------------------------------------------------------------------------
* Before.
Expand All @@ -23,43 +23,66 @@ class PermissionFilter implements FilterInterface {
* @param RequestInterface $request
* @param array|null $arguments
*
* @return mixed
* @return \CodeIgniter\HTTP\RedirectResponse|bool
*/
public function before(RequestInterface $request, $arguments = null): mixed {
if (!function_exists('logged_in')) helper('auth');
public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool {
//
// Load the 'auth' helper if the 'logged_in' function does not exist
//
if (!function_exists('logged_in')) {
helper('auth');
}

if (empty($arguments)) return false;
//
// If no roles are specified, return without doing anything
//
if (empty($arguments)) {
return false;
}

//
// Get the authentication service
//
$authenticate = service('authentication');

//
// if no user is logged in then send to the login form
// If no user is logged in, redirect to the login form
//
if (!$authenticate->check()) {
session()->set('redirect_url', current_url());
return redirect('login');
}

//
// Get the authorization service
//
$authorize = service('authorization');
$result = true;

//
// Check each requested permission
// Check if the user has any of the required permissions
//
$result = true;
foreach ($arguments as $permission) {
$result = $result && $authorize->hasPermission($permission, $authenticate->id());
}

//
// If the user does not have the required permissions, handle the response
//
if (!$result) {
if ($authenticate->silent()) {
// $redirectURL = session('redirect_url') ?? '/';
// Redirect to the error page
$redirectURL = '/error_auth';
unset($_SESSION['redirect_url']);
return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions'));
} else {
// $redirectURL = session('redirect_url') ?? '/';

// Throw a PermissionException
// throw new PermissionException(lang('Auth.exception.insufficient_permissions'));

// Redirect to the error page
$redirectURL = '/error_auth';
unset($_SESSION['redirect_url']);
// throw new PermissionException(lang('Auth.exception.insufficient_permissions'));
return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions'));
}
}
Expand Down
54 changes: 39 additions & 15 deletions src/Filters/RoleFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,52 +8,76 @@
use CI4\Auth\Exceptions\PermissionException;

class RoleFilter implements FilterInterface {

/**
* --------------------------------------------------------------------------
* Before.
* --------------------------------------------------------------------------
*
* Do whatever processing this filter needs to do. By default it should not
* return anything during normal execution. However, when an abnormal state
* is found, it should return an instance of CodeIgniter\HTTP\Response. If
* it does, script execution will end and that Response will be sent back
* to the client, allowing for error pages, redirects, etc.
* Handles the logic to be executed before the request is processed.
*
* This method checks if the user is logged in and has the required roles.
* If the user is not logged in, they are redirected to the login page.
* If the user does not have the required roles, they are redirected to an
* error page or an exception is thrown.
*
* @param RequestInterface $request
* @param array|null $arguments
* @param RequestInterface $request The current request instance.
* @param array|null $arguments The roles required to access the resource.
*
* @return \CodeIgniter\HTTP\RedirectResponse|void
* @return \CodeIgniter\HTTP\RedirectResponse|bool
*/
public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse {
if (!function_exists('logged_in')) helper('auth');
public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool {
//
// Load the 'auth' helper if the 'logged_in' function does not exist
//
if (!function_exists('logged_in')) {
helper('auth');
}

if (empty($arguments)) return;
//
// If no roles are specified, return without doing anything
//
if (empty($arguments)) {
return false;
}

//
// Get the authentication service
//
$authenticate = service('authentication');

//
// If no user is logged in then send to the login form
// If no user is logged in, redirect to the login form
//
if (!$authenticate->check()) {
session()->set('redirect_url', current_url());
return redirect('login');
}

//
// Get the authorization service
//
$authorize = service('authorization');

//
// Check each requested role
// Check if the user has any of the required roles
//
foreach ($arguments as $role) {
if ($authorize->inRole($role, $authenticate->id())) return;
if ($authorize->inRole($role, $authenticate->id())) {
return false;
}
}

//
// If the user does not have the required roles, handle the response
//
if ($authenticate->silent()) {
// $redirectURL = session('redirect_url') ?? '/';
// Redirect to the error page
$redirectURL = '/error';
unset($_SESSION['redirect_url']);
return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions'));
} else {
// Throw a PermissionException
throw new PermissionException(lang('Auth.exception.insufficient_permissions'));
}
}
Expand Down

0 comments on commit 0ae6e99

Please sign in to comment.