98 lines
2.9 KiB
PHP
98 lines
2.9 KiB
PHP
<?php
|
|
namespace nur\v\vp;
|
|
|
|
use nur\A;
|
|
use nur\authz;
|
|
use nur\P;
|
|
use nur\v\al;
|
|
use nur\v\base\TActionSupport;
|
|
use nur\v\base\TBasicPage;
|
|
use nur\v\model\IBasicPage;
|
|
use nur\v\page;
|
|
|
|
/**
|
|
* Class AInitAuthzPage: une page utilisée pour initialiser l'authentification
|
|
*/
|
|
class AInitAuthzPage extends AInitPage implements IBasicPage {
|
|
use TBasicPage, TActionSupport;
|
|
|
|
/**
|
|
* @var string nom du paramètre qui contient l'action à effectuer.
|
|
* retourner null pour désactiver le support des actions
|
|
*/
|
|
const ACTION_PARAM = null;
|
|
|
|
/** @var array liste des actions valides */
|
|
const VALID_ACTIONS = null;
|
|
|
|
/** @var bool faut-il s'assurer que {@link al} charge la session? */
|
|
const AUTORESTORE_ALERTER_SESSION = true;
|
|
|
|
/** @see Html5BasicPageContainer::AUTOCLOSE_SESSION() */
|
|
protected function AUTOCLOSE_SESSION(): ?bool {
|
|
return static::AUTOCLOSE_SESSION;
|
|
} const AUTOCLOSE_SESSION = null;
|
|
|
|
/** la connexion SU est-elle autorisée? */
|
|
protected function SULOGIN_ALLOWED(): bool {
|
|
return static::SULOGIN_ALLOWED;
|
|
} const SULOGIN_ALLOWED = false;
|
|
|
|
function beforeConfig(array &$config): void {
|
|
parent::beforeConfig($config);
|
|
A::merge_nn($config, [
|
|
"autoclose_session" => $this->AUTOCLOSE_SESSION(),
|
|
]);
|
|
}
|
|
|
|
function beforeSetup(): void {
|
|
parent::beforeSetup();
|
|
if ($this->SULOGIN_ALLOWED()) $this->suloginMaybe();
|
|
if (static::AUTORESTORE_ALERTER_SESSION) {
|
|
# s'assurer que la session est chargée
|
|
al::get()->restoreSession();
|
|
}
|
|
}
|
|
|
|
protected function suloginMaybe(): void {
|
|
$username = P::get("su!");
|
|
if ($username) {
|
|
$am = authz::manager();
|
|
$am->setSulogin();
|
|
$am->selectAuthz($username);
|
|
page::redirect();
|
|
}
|
|
}
|
|
|
|
protected function ensureAuthOrRedirect(bool $requireAuth, bool $requireAuthz, $requireRole, $requirePerm): void {
|
|
$am = authz::manager();
|
|
$loginUrl = $this->getLoginUrl();
|
|
$destUrl = page::self(true);
|
|
if (!$am->checkCookie()) {
|
|
if (!$requireAuth) return;
|
|
$am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl);
|
|
} elseif (!$am->checkSession()) {
|
|
if ($am->isNewSession()) {
|
|
$am->redirect($am::REASON_LOGIN, $destUrl, $loginUrl);
|
|
} else {
|
|
$am->redirect($am::REASON_SESSION, $destUrl, $loginUrl);
|
|
}
|
|
} elseif ($requireAuth && !$am->isAuth()) {
|
|
$am->redirect($am::REASON_SESSION, $destUrl, $loginUrl);
|
|
}
|
|
A::ensure_narray($requireRole);
|
|
A::ensure_narray($requirePerm);
|
|
if ($requireAuthz && $am->isAuth() && !$am->checkAuthz($requireRole, $requirePerm)) {
|
|
$am->redirect($am::REASON_UNAUTHORIZED, $destUrl, $loginUrl);
|
|
}
|
|
if ($am->isAuth()) $am->setConnected();
|
|
}
|
|
|
|
protected function ensureFormLoginAndRedirect(?string $username, ?string $password, string $destUrl): void {
|
|
if ($username === null && $password === null) return;
|
|
if (authz::manager()->formLogin($username, $password)) {
|
|
page::redirect($destUrl);
|
|
}
|
|
}
|
|
}
|