nur-sery/nur_src/v/vp/AInitAuthzPage.php

98 lines
2.9 KiB
PHP
Raw Normal View History

2023-12-03 22:10:18 +04:00
<?php
namespace nur\v\vp;
use nur\A;
use nur\authz;
use nur\P;
use nur\v\al;
use nur\v\base\TActionSupport;
use nur\v\base\TBasicPage;
use nur\v\model\IBasicPage;
use nur\v\page;
/**
* Class AInitAuthzPage: une page utilisée pour initialiser l'authentification
*/
class AInitAuthzPage extends AInitPage implements IBasicPage {
use TBasicPage, TActionSupport;
/**
* @var string nom du paramètre qui contient l'action à effectuer.
* retourner null pour désactiver le support des actions
*/
const ACTION_PARAM = null;
/** @var array liste des actions valides */
const VALID_ACTIONS = null;
/** @var bool faut-il s'assurer que {@link al} charge la session? */
const AUTORESTORE_ALERTER_SESSION = true;
/** @see Html5BasicPageContainer::AUTOCLOSE_SESSION() */
protected function AUTOCLOSE_SESSION(): ?bool {
return static::AUTOCLOSE_SESSION;
} const AUTOCLOSE_SESSION = null;
/** la connexion SU est-elle autorisée? */
protected function SULOGIN_ALLOWED(): bool {
return static::SULOGIN_ALLOWED;
} const SULOGIN_ALLOWED = false;
function beforeConfig(array &$config): void {
parent::beforeConfig($config);
A::merge_nn($config, [
"autoclose_session" => $this->AUTOCLOSE_SESSION(),
]);
}
function beforeSetup(): void {
parent::beforeSetup();
if ($this->SULOGIN_ALLOWED()) $this->suloginMaybe();
if (static::AUTORESTORE_ALERTER_SESSION) {
# s'assurer que la session est chargée
al::get()->restoreSession();
}
}
protected function suloginMaybe(): void {
$username = P::get("su!");
if ($username) {
$am = authz::manager();
$am->setSulogin();
$am->selectAuthz($username);
page::redirect();
}
}
protected function ensureAuthOrRedirect(bool $requireAuth, bool $requireAuthz, $requireRole, $requirePerm): void {
$am = authz::manager();
$loginUrl = $this->getLoginUrl();
$destUrl = page::self(true);
if (!$am->checkCookie()) {
if (!$requireAuth) return;
$am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl);
} elseif (!$am->checkSession()) {
if ($am->isNewSession()) {
$am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl);
} else {
$am->redirect($am::REASON_SESSION, $destUrl, $loginUrl);
}
} elseif ($requireAuth && !$am->isAuth()) {
$am->redirect($am::REASON_SESSION, $destUrl, $loginUrl);
}
A::ensure_narray($requireRole);
A::ensure_narray($requirePerm);
if ($requireAuthz && $am->isAuth() && !$am->checkAuthz($requireRole, $requirePerm)) {
$am->redirect($am::REASON_UNAUTHORIZED, $destUrl, $loginUrl);
}
if ($am->isAuth()) $am->setConnected();
}
protected function ensureFormLoginAndRedirect(?string $username, ?string $password, string $destUrl): void {
if ($username === null && $password === null) return;
if (authz::manager()->formLogin($username, $password)) {
page::redirect($destUrl);
}
}
}