Merge branch 'master' of https://git.mcnd.ca/mcndave/lean

2022-01-31 00:06:05 +00:00 · 2022-01-31 00:06:05 +00:00 · 80dee6de86
parent 1f0edd88d2 8892edd19e
commit 80dee6de86
8 changed files with 90 additions and 8 deletions
--- a/meta/definitions/security.php
+++ b/meta/definitions/security.php
@ -0,0 +1,22 @@
+<?php
+
+use function DI\autowire, DI\create, DI\get;
+
+use Storage\Session;
+
+use Taxus\{ Privilege, Taxus, PermissionGrantInterface, DefaultPermissionGrant };
+
+use Psr\Http\Message\ServerRequestInterface;
+
+return [
+    Taxus::class => function ($c) {
+        return ( new Taxus( $c->get(PermissionGrantInterface::class) ) )->add(
+            [ new Privilege("dev", "Is a developper of this application."), "is_dev" ],
+            [ new Privilege("admin", "Can manage mostly everything from this application."), "is_admin" ],
+            [ new Privilege("user", "Is an authenticated user."), "is_user" ],
+            [ new Privilege("anonymous", "Is an anonymous (unauthenticated) user."), "is_anonymous" ],
+        );
+    },
+
+    PermissionGrantInterface::class => create(DefaultPermissionGrant::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
+];
--- a/meta/definitions/software.php
+++ b/meta/definitions/software.php
@ -86,11 +86,11 @@ return [

    JavascriptMiddleware::class => create(JavascriptMiddleware::class),

-    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'samesite' => 'Strict' ], getenv("LEAN_RANDOM")),
+    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'path' => getenv('URL_BASE'),  ], getenv("LEAN_RANDOM")),

-    Session::class => create(Session::class),
+    Session::class => create(Session::class)->constructor(get(Cookie::class), [ 'path' => getenv('URL_BASE'),  ]),

-    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [ 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
+    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [  'path' => getenv('URL_BASE'), 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),

    'git.commit' => function($c) {
        if ( getenv("DEBUG") ) {
--- a/skeleton/meta/definitions/auth.php
+++ b/skeleton/meta/definitions/auth.php
@ -17,6 +17,8 @@ use Picea\Picea;

 use TheBugs\Email\{ EmailConfiguration, MailerInterface, SwiftMailer };

+use Taxus\Taxus;
+
 return [
    Entity\User::class => autowire(Entity\User::class),

@ -24,7 +26,7 @@ return [

    SecurityHandler::class => create(SecurityHandler::class)->constructor(function() {
        return new RedirectResponse(getenv("URL_BASE")."/connexion");
-    }, get('authentication.unauthorize')),
+    }, get('authentication.unauthorize'), get(Taxus::class)),

    'authentication.error' => function($c, Picea $picea) {
        return function($message) use ($picea) {
@ -59,4 +61,6 @@ return [

        return $email;
    },
+
+    PermissionGrantInterface::class => create(%NAMESPACE%\PrivilegeGrantAccess::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
 ];
--- a/skeleton/meta/definitions/storage.php
+++ b/skeleton/meta/definitions/storage.php
@ -5,7 +5,9 @@ use Psr\Container\ContainerInterface;
 use Ulmus\ConnectionAdapter,
    Ulmus\Container\AdapterProxy;

-use LdapRecord\Connection;
+use Storage\Session;
+
+use function DI\autowire, DI\create, DI\get;

 return [
    ConnectionAdapter::class => function($c) {
@ -21,5 +23,5 @@ return [
        return new AdapterProxy(
            $c->get(ConnectionAdapter::class)
        );
-    }
+    },
 ];
--- a/skeleton/src/Entity/User.php
+++ b/skeleton/src/Entity/User.php
@ -7,7 +7,7 @@ use Ulmus\Entity\Field\Datetime;
 use %NAMESPACE%\Lib;

 /**
- *  # Table('name' => "user")
+ * @Table('name' => "user")
 */
 class User extends \Ulmus\User\Entity\User implements \JsonSerializable
 {
--- a/skeleton/src/Lib/ControllerTrait.php
+++ b/skeleton/src/Lib/ControllerTrait.php
@ -27,7 +27,7 @@ trait ControllerTrait {
        $this->picea = $picea;
        $this->authenticate = $authenticate;
        $this->session = $session;
-        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new User();
+        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new Entity\User();
    }

 }
--- a/skeleton/src/PrivilegeGrantAccess.php
+++ b/skeleton/src/PrivilegeGrantAccess.php
@ -0,0 +1,53 @@
+<?php
+
+namespace %NAMESPACE%;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Notes\Security\Annotation\Taxus;
+use Storage\Session;
+use Taxus\PermissionGrantInterface;
+Use Ulmus\User\Entity\User;
+
+class PrivilegeGrantAccess implements PermissionGrantInterface {
+
+    public Session $session;
+
+    public ServerRequestInterface $request;
+
+    public function __construct(ServerRequestInterface $request, Session $session)
+    {
+        $this->request = $request;
+        $this->session = $session;
+    }
+
+    /*
+     * --- Reles
+     */
+    public function is_dev() : bool
+    {
+        return false;
+    }
+
+    public function is_admin(User $user) : bool
+    {
+        return ! $this->is_anonymous($user) && FALSE; #  <<<<<<<<<<<<<----- ADJUST YOUR ADMIN PRIVILEGE HERE ACCORDINGLY
+    }
+
+    public function is_user(User $user) : bool
+    {
+        return ! $this->is_anonymous($user);
+    }
+
+    public function is_anonymous(User $user) : bool
+    {
+        return ! $user || ! $user->logged;
+    }
+
+    /*
+     * --- Verifications
+     */
+    public function default($name) : bool
+    {
+        return false;
+    }
+}
--- a/src/Lean.php
+++ b/src/Lean.php
@ -116,6 +116,7 @@ class Lean
            require($path . "http.php"),
            require($path . "language.php"),
            require($path . "routes.php"),
+            require($path . "security.php"),
            require($path . "software.php"),
            require($path . "template.php"),
        );