diff options
| author | Arnold Daniels <arnold@jasny.net> | 2014-08-27 17:50:21 +0200 |
|---|---|---|
| committer | Arnold Daniels <arnold@jasny.net> | 2014-08-27 17:50:21 +0200 |
| commit | 43b9728c7b37837106957470fb8fed5d1af48006 (patch) | |
| tree | 94004d70f387da3463431ef4a3764602d096b2a0 | |
| parent | 7a453b03fd16b093fc55fffc5e49570e1b5f76e4 (diff) | |
| download | auth-43b9728c7b37837106957470fb8fed5d1af48006.zip auth-43b9728c7b37837106957470fb8fed5d1af48006.tar.gz auth-43b9728c7b37837106957470fb8fed5d1af48006.tar.bz2 | |
Added traits for authorization by level or group
Generalize Auth\User interface
Use PSR-0
| -rw-r--r-- | composer.json | 4 | ||||
| -rw-r--r-- | src/Jasny/Auth.php (renamed from src/Auth.php) | 80 | ||||
| -rw-r--r-- | src/Jasny/Auth/User.php (renamed from src/Auth/User.php) | 14 | ||||
| -rw-r--r-- | src/Jasny/Auth/byGroup.php | 49 | ||||
| -rw-r--r-- | src/Jasny/Auth/byLevel.php | 66 |
5 files changed, 146 insertions, 67 deletions
diff --git a/composer.json b/composer.json index 3af8e97..d152d9d 100644 --- a/composer.json +++ b/composer.json @@ -18,8 +18,8 @@ "require": { }, "autoload": { - "psr-4": { - "Jasny\\": "src/" + "psr-0": { + "Jasny\\Auth": "src/" } } } diff --git a/src/Auth.php b/src/Jasny/Auth.php index f07715e..475ca4f 100644 --- a/src/Auth.php +++ b/src/Jasny/Auth.php @@ -13,11 +13,8 @@ abstract class Auth * Authorization levels * @var array */ - protected static $levels = [ - 1 => 'user', - 1000 => 'admin' - ]; - + protected static $groups; + /** * Secret word for creating a verification hash * @var string @@ -49,58 +46,6 @@ abstract class Auth /** - * Get secret word - * - * @return string - */ - protected static function getSecret() - { - if (!isset(static::$secret)) throw new \Exception("Auth secret isn't set"); - return static::$secret; - } - - - /** - * Get all auth levels - * - * @return array - */ - public static function getLevels() - { - return static::$levels; - } - - /** - * Get auth level - * - * @param string $type - * @return int - */ - public static function getLevel($type) - { - $level = array_search($type, static::$levels); - if ($level === false) throw new \Exception("Authorization level '$type' isn't defined."); - - return $level; - } - - /** - * Check if user has specified auth level or more. - * - * @param int $level - * @return boolean - */ - public static function forLevel($level) - { - if ($level === 0) return true; - if (!self::user()) return false; - - if (is_string($level) && !ctype_digit($level)) $level = static::getLevel($type); - return self::user()->getAuthLevel() >= $level; - } - - - /** * Generate a password * * @param string $password @@ -123,7 +68,7 @@ abstract class Auth $user = static::fetchUserByUsername($username); if (!isset($user) || $user->getPassword() !== self::password($password, $user->getPassword())) return false; - static::setUser($user); + return static::setUser($user); } /** @@ -132,7 +77,7 @@ abstract class Auth public static function logout() { self::$user = null; - unset($_SESSION['auth_user_id']); + unset($_SESSION['auth_uid']); } @@ -147,7 +92,7 @@ abstract class Auth if (!$user->onLogin()) return false; self::$user = $user; - $_SESSION['auth_user_id'] = $user->getId(); + $_SESSION['auth_uid'] = $user->getId(); return true; } @@ -158,8 +103,8 @@ abstract class Auth */ public static function user() { - if (!isset(self::$user) && isset($_SESSION['auth_user_id'])) { - self::$user = static::fetchUserById($_SESSION['auth_user_id']); + if (!isset(self::$user) && isset($_SESSION['auth_uid'])) { + self::$user = static::fetchUserById($_SESSION['auth_uid']); } return self::$user; @@ -167,6 +112,17 @@ abstract class Auth /** + * Get secret word + * + * @return string + */ + protected static function getSecret() + { + if (!isset(static::$secret)) throw new \Exception("Auth secret isn't set"); + return static::$secret; + } + + /** * Generate a confirmation hash * * @param User $user diff --git a/src/Auth/User.php b/src/Jasny/Auth/User.php index 3606f07..8e82072 100644 --- a/src/Auth/User.php +++ b/src/Jasny/Auth/User.php @@ -29,11 +29,14 @@ interface User public function getPassword(); /** - * Get authentication level + * Get authentication level or group(s). * - * @return int + * @internal Return level (int) or level name (string) for level based auth. + * @internal Return group (string) or groups (array) for group base auth. + * + * @return int|string|array */ - public function getAuthLevel(); + public function getRole(); /** @@ -42,4 +45,9 @@ interface User * @return boolean false cancels the login */ public function onLogin(); + + /** + * Event called on logout. + */ + public function onLogout(); } diff --git a/src/Jasny/Auth/byGroup.php b/src/Jasny/Auth/byGroup.php new file mode 100644 index 0000000..998a3ac --- /dev/null +++ b/src/Jasny/Auth/byGroup.php @@ -0,0 +1,49 @@ +<?php + +namespace Jasny\Auth; + +/** + * Authorize by access group. + * Can be used for ACL (Access Control List). + */ +trait byGroup +{ + /** + * Authorization groups + * @var array + */ + protected static $groups; + + + /** + * Get all auth groups + * + * @return array + */ + public static function getGroups() + { + if (!isset(static::$groups)) { + trigger_error("Auth groups aren't set", E_USER_WARNING); + return []; + } + + return static::$groups; + } + + /** + * Check if user has specified auth group or more. + * + * @param int $group + * @return boolean + */ + public static function forGroup($group) + { + if (!self::user()) return false; + + $roles = self::user()->getRole(); + + foreach ($roles as $role) { + $roles[] + } + } +} diff --git a/src/Jasny/Auth/byLevel.php b/src/Jasny/Auth/byLevel.php new file mode 100644 index 0000000..280de43 --- /dev/null +++ b/src/Jasny/Auth/byLevel.php @@ -0,0 +1,66 @@ +<?php + +namespace Jasny\Auth; + +/** + * Authorize by access level. + */ +trait byLevel +{ + /** + * Authorization levels. + * Level names should not contain only digits. + * + * @var array + */ + protected static $levels; + + + /** + * Get all access levels. + * + * @return array + */ + public static function getLevels() + { + if (!isset(static::$levels)) { + trigger_error("Auth levels aren't set", E_USER_WARNING); + return []; + } + + return static::$levels; + } + + /** + * Get access level + * + * @param string $type + * @return int + */ + public static function getLevel($type) + { + $level = array_search($type, static::$levels); + if ($level === false) throw new \Exception("Authorization level '$type' isn't defined."); + + return $level; + } + + /** + * Check if user has specified access level or more. + * + * @param int $level + * @return boolean + */ + public static function forLevel($level) + { + if ($level === 0) return true; + if (!static::user()) return false; + + if (is_string($level) && !ctype_digit($level)) $level = static::getLevel($level); + + $role = static::user()->getRole(); + if (is_string($role) && !ctype_digit($role))$role = static::getLevel($role); + + return $role >= $level; + } +} |