Rename hasAccess() to canAccessDeployment() in Authorizers

`hasAccess` was confusing and provided little context for when reading the code. `canAccessDeployment` makes it clear we're checking auth for the entire deployment. It also now accepts the user as a parameter so its clear its checking access for that user.
ushahidi · Jul 10, 2017 · 10501e8 · 10501e8
1 parent 2835ae3
commit 10501e8
Show file tree

Hide file tree

Showing 12 changed files with 18 additions and 16 deletions.
diff --git a/src/Core/Tool/Authorizer/ContactAuthorizer.php b/src/Core/Tool/Authorizer/ContactAuthorizer.php
@@ -42,7 +42,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/FormAuthorizer.php b/src/Core/Tool/Authorizer/FormAuthorizer.php
@@ -66,7 +66,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/LayerAuthorizer.php b/src/Core/Tool/Authorizer/LayerAuthorizer.php
@@ -42,10 +42,10 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
-		
+
 		// Then we check if a user has the 'admin' role. If they do they're
 		// allowed access to everything (all entities and all privileges)
 		if ($this->isUserAdmin($user)) {

diff --git a/src/Core/Tool/Authorizer/MediaAuthorizer.php b/src/Core/Tool/Authorizer/MediaAuthorizer.php
@@ -47,7 +47,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/MessageAuthorizer.php b/src/Core/Tool/Authorizer/MessageAuthorizer.php
@@ -43,7 +43,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/NotificationAuthorizer.php b/src/Core/Tool/Authorizer/NotificationAuthorizer.php
@@ -35,7 +35,7 @@ class NotificationAuthorizer implements Authorizer
 
 	// It uses `PrivateDeployment` to check whether a deployment is private
 	use PrivateDeployment;
-	
+
 
 	/* Authorizer */
 	public function isAllowed(Entity $entity, $privilege)
@@ -44,15 +44,15 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 
 		// Admin is allowed access to everything
 		if ($this->isUserAdmin($user)) {
 			return true;
 		}
-		
+
 		// Allow create, read, update and delete if owner.
 		if ($this->isUserOwner($entity, $user)
 			and in_array($privilege, ['create', 'read', 'update', 'delete'])) {

diff --git a/src/Core/Tool/Authorizer/PostAuthorizer.php b/src/Core/Tool/Authorizer/PostAuthorizer.php
@@ -87,7 +87,7 @@ public function isAllowed(Entity $entity, $privilege)
         $user = $this->getUser();
 
         // Only logged in users have access if the deployment is private
-        if (!$this->hasAccess()) {
+        if (!$this->canAccessDeployment($user)) {
             return false;
         }
 

diff --git a/src/Core/Tool/Authorizer/SetAuthorizer.php b/src/Core/Tool/Authorizer/SetAuthorizer.php
@@ -66,7 +66,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/TagAuthorizer.php b/src/Core/Tool/Authorizer/TagAuthorizer.php
@@ -63,7 +63,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/UserAuthorizer.php b/src/Core/Tool/Authorizer/UserAuthorizer.php
@@ -61,7 +61,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Tool/Authorizer/WebhookAuthorizer.php b/src/Core/Tool/Authorizer/WebhookAuthorizer.php
@@ -54,7 +54,7 @@ public function isAllowed(Entity $entity, $privilege)
 		$user = $this->getUser();
 
 		// Only logged in users have access if the deployment is private
-		if (!$this->hasAccess()) {
+		if (!$this->canAccessDeployment($user)) {
 			return false;
 		}
 

diff --git a/src/Core/Traits/PrivateDeployment.php b/src/Core/Traits/PrivateDeployment.php
@@ -13,6 +13,8 @@
 
 namespace Ushahidi\Core\Traits;
 
+use Ushahidi\Core\Entity\User;
+
 trait PrivateDeployment
 {
 	protected $private;
@@ -35,10 +37,10 @@ public function isPrivate()
 	 * Check if user can access deployment
 	 * @return boolean
 	 */
-	public function hasAccess()
+	public function canAccessDeployment(User $user)
 	{
 		// Only logged in users have access if the deployment is private
-		if ($this->isPrivate() and !$this->getUserId()) {
+		if ($this->isPrivate() and !$this->user->id) {
 			return false;
 		}