Created
February 2, 2012 17:07
-
-
Save Jmayhak/1724598 to your computer and use it in GitHub Desktop.
Permission checks at the handler level example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace EFNEP\Controllers; | |
class UserApi extends Api | |
{ | |
/** | |
* Sets the url and data and tells Walleye what the handlers accept | |
* | |
* @param array $url | |
* @param array $data | |
* @return void | |
*/ | |
public function __construct($url, $data) | |
{ | |
$this->url = $url; | |
$this->data = $data; | |
$this->handlers = array( | |
'/^(\/adult\/[0-9]+)$/' => array( | |
'handler' => 'getUserCreatableInstitutesHandler', | |
'permissions' => array( | |
\EFNEP\Models\Permission::CHANGE_PASSWORD | |
), | |
'check_not_deleted' => array( | |
'class' => '\EFNEP\Models\Adult', | |
'id' => 1 | |
) | |
), | |
'/^(\/api\/user\/institute\/[0-9]+\/regions)$/' => array( | |
'handler' => 'getUserCreatableInstituteRegionsHandler', | |
'permissions' => array( | |
\EFNEP\Models\Permission::CHANGE_PASSWORD | |
) | |
), | |
'/^(\/api\/user\/select\/region\/[0-9]+)$/' => array( | |
'handler' => 'setSelectedRegionHandler', | |
'permissions' => array( | |
\EFNEP\Models\Permission::CHANGE_PASSWORD | |
) | |
), | |
'default' => 'error_404' | |
); | |
} | |
protected function getHandler() | |
{ | |
foreach ($this->handlers as $route => $handler_data) { | |
$handler = $handler_data['handler']; | |
if ($route == 'default') { | |
// don't worry about permissions checks | |
return array($route, $handler); | |
} | |
else { | |
if (preg_match($route, $this->url)) { | |
$permissions = $handler_data['permissions']; | |
// make sure logged user has the required permissions | |
foreach ($permissions as $permission_id) { | |
if (\EFNEP\Models\User::getLoggedUser()->hasPermission(\EFNEP\Models\Permission::withId($permission_id)) == false) { | |
$this->redirect(); // redirect to homepage | |
} | |
} | |
if (isset($handler_data['check_not_deleted']) == true) { | |
$object = $handler_data['check_not_deleted']['class']::withId($this->path[$handler_data['check_not_deleted']['id']]); | |
if ($object->isDeleted() == true) { | |
$this->redirect(); | |
} | |
} | |
return array($route, $handler); | |
} | |
} | |
} | |
return null; | |
} | |
/** | |
* Performs a preg_match() on the handlers given in the constructor to find a match and then | |
* dynamically calls the function given in the handlers array. | |
* | |
* @see Walleye_controller::$handlers | |
* @return void | |
*/ | |
public function doHandler() | |
{ | |
$this->path = $this->getUrlPath($this->url); | |
$this->handler = $handler = $this->getHandler(); | |
if (!\EFNEP\Models\User::getLoggedUser() && $handler[1] != 'loginHandler' && $handler[1] != 'registerHandler') { | |
$this->redirect(\EFNEP\Models\User::getLoginUrl(), array('return_url' => $this->url)); | |
} | |
if (!is_null($handler[1]) && method_exists($this, $handler[1])) { | |
$this->$handler[1](); | |
} | |
return $this->handler; | |
} | |
/** | |
* @return void | |
*/ | |
protected function getUserCreatableInstitutesHandler() | |
{ | |
$values = array(); | |
if ($this->isGet()) { | |
$filter_institutes = function($institute) | |
{ | |
$name = $institute->getFullName(); | |
$id = $institute->getId(); | |
return array( | |
'name' => $name, | |
'id' => $id | |
); | |
}; | |
if (\EFNEP\Models\User::getLoggedUser()->hasPermission(\EFNEP\Models\Permission::withId(\EFNEP\Models\Permission::CREATE_INSTITUTE_USERS))) { | |
// can create users for the institute this user is a part of | |
$values['institutes'] = array_map($filter_institutes, array(\EFNEP\Models\User::getLoggedUser()->getInstitute())); | |
$values['stat'] = Api::STAT_OK; | |
} | |
else if (\EFNEP\Models\User::getLoggedUser()->hasPermission(\EFNEP\Models\Permission::withId(\EFNEP\Models\Permission::CREATE_INSTITUTE_USERS_FOR_ANY_INSTITUTE))) { | |
// can create users for any institute | |
$values['institutes'] = array_map($filter_institutes, \EFNEP\Models\Institute::getAllInstitutes()); | |
$values['stat'] = Api::STAT_OK; | |
} | |
else { | |
// cannot create institute users | |
$values['institutes'] = array(); | |
$values['stat'] = Api::STAT_OK; | |
} | |
$this->useJsonHeader(); | |
echo json_encode($values); | |
} | |
else { | |
$values['stat'] = Api::STAT_BAD_REQUEST; | |
$this->useXmlHeader(); | |
$this->view('api/error.php', $values); | |
} | |
} | |
protected function getUserCreatableInstituteRegionsHandler() | |
{ | |
$values = array(); | |
if ($this->isGet()) { | |
$institute_id = $this->path[3]; | |
$institute = \EFNEP\Models\Institute::withId($institute_id); | |
if (is_null($institute) === FALSE) { | |
$values['stat'] = Api::STAT_OK; | |
$values['regions'] = $institute->getRegions(); | |
} | |
else { | |
$values['stat'] = Api::STAT_BAD_REQUEST; | |
} | |
$this->useXmlHeader(); | |
$this->view('api/user/regions.php', $values); | |
} | |
else { | |
$values['stat'] = Api::STAT_BAD_REQUEST; | |
$this->useXmlHeader(); | |
$this->view('api/error.php', $values); | |
} | |
} | |
protected function setSelectedRegionHandler() | |
{ | |
$this->useXmlHeader(); | |
$values = array(); | |
$values['stat'] = Api::STAT_BAD_REQUEST; | |
if ($this->isPost() == true) { | |
$logged_user = \EFNEP\Models\User::getLoggedUser(); | |
if ($logged_user->isRegion()) { | |
$region_id = $this->path[4]; | |
if ($logged_user->setSelectedRegion($region_id) == true) { | |
$values['stat'] = Api::STAT_OK; | |
} | |
} | |
} | |
$this->view('api/error.php', $values); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment