<?php namespace nur\v\vp; use nur\A; use nur\authz; use nur\P; use nur\v\al; use nur\v\base\TActionSupport; use nur\v\base\TBasicPage; use nur\v\model\IBasicPage; use nur\v\page; /** * Class AInitAuthzPage: une page utilisée pour initialiser l'authentification */ class AInitAuthzPage extends AInitPage implements IBasicPage { use TBasicPage, TActionSupport; /** * @var string nom du paramètre qui contient l'action à effectuer. * retourner null pour désactiver le support des actions */ const ACTION_PARAM = null; /** @var array liste des actions valides */ const VALID_ACTIONS = null; /** @var bool faut-il s'assurer que {@link al} charge la session? */ const AUTORESTORE_ALERTER_SESSION = true; /** @see Html5BasicPageContainer::AUTOCLOSE_SESSION() */ protected function AUTOCLOSE_SESSION(): ?bool { return static::AUTOCLOSE_SESSION; } const AUTOCLOSE_SESSION = null; /** la connexion SU est-elle autorisée? */ protected function SULOGIN_ALLOWED(): bool { return static::SULOGIN_ALLOWED; } const SULOGIN_ALLOWED = false; function beforeConfig(array &$config): void { parent::beforeConfig($config); A::merge_nn($config, [ "autoclose_session" => $this->AUTOCLOSE_SESSION(), ]); } function beforeSetup(): void { parent::beforeSetup(); if ($this->SULOGIN_ALLOWED()) $this->suloginMaybe(); if (static::AUTORESTORE_ALERTER_SESSION) { # s'assurer que la session est chargée al::get()->restoreSession(); } } protected function suloginMaybe(): void { $username = P::get("su!"); if ($username) { $am = authz::manager(); $am->setSulogin(); $am->selectAuthz($username); page::redirect(); } } protected function ensureAuthOrRedirect(bool $requireAuth, bool $requireAuthz, $requireRole, $requirePerm): void { $am = authz::manager(); $loginUrl = $this->getLoginUrl(); $destUrl = page::self(true); if (!$am->checkCookie()) { if (!$requireAuth) return; $am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl); } elseif (!$am->checkSession()) { if ($am->isNewSession()) { $am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl); } else { $am->redirect($am::REASON_SESSION, $destUrl, $loginUrl); } } elseif ($requireAuth && !$am->isAuth()) { $am->redirect($am::REASON_SESSION, $destUrl, $loginUrl); } A::ensure_narray($requireRole); A::ensure_narray($requirePerm); if ($requireAuthz && $am->isAuth() && !$am->checkAuthz($requireRole, $requirePerm)) { $am->redirect($am::REASON_UNAUTHORIZED, $destUrl, $loginUrl); } if ($am->isAuth()) $am->setConnected(); } protected function ensureFormLoginAndRedirect(?string $username, ?string $password, string $destUrl): void { if ($username === null && $password === null) return; if (authz::manager()->formLogin($username, $password)) { page::redirect($destUrl); } } }