Merge branch 'master' of https://git.mcnd.ca/mcndave/lean

2022-01-31 00:06:05 +00:00 · 2022-01-31 00:06:05 +00:00 · 80dee6de86
parent 1f0edd88d2 8892edd19e
commit 80dee6de86
8 changed files with 90 additions and 8 deletions
--- a/meta/definitions/security.php
+++ b/meta/definitions/security.php
@ -0,0 +1,22 @@
 <?php
 use function DI\autowire, DI\create, DI\get;
 use Storage\Session;
 use Taxus\{ Privilege, Taxus, PermissionGrantInterface, DefaultPermissionGrant };
 use Psr\Http\Message\ServerRequestInterface;
 return [
    Taxus::class => function ($c) {
        return ( new Taxus( $c->get(PermissionGrantInterface::class) ) )->add(
            [ new Privilege("dev", "Is a developper of this application."), "is_dev" ],
            [ new Privilege("admin", "Can manage mostly everything from this application."), "is_admin" ],
            [ new Privilege("user", "Is an authenticated user."), "is_user" ],
            [ new Privilege("anonymous", "Is an anonymous (unauthenticated) user."), "is_anonymous" ],
        );
    },
    PermissionGrantInterface::class => create(DefaultPermissionGrant::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
 ];
--- a/meta/definitions/software.php
+++ b/meta/definitions/software.php
@ -86,11 +86,11 @@ return [
    JavascriptMiddleware::class => create(JavascriptMiddleware::class),
-    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'samesite' => 'Strict' ], getenv("LEAN_RANDOM")),
+    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'path' => getenv('URL_BASE'),  ], getenv("LEAN_RANDOM")),
-    Session::class => create(Session::class),
+    Session::class => create(Session::class)->constructor(get(Cookie::class), [ 'path' => getenv('URL_BASE'),  ]),
-    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [ 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
+    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [  'path' => getenv('URL_BASE'), 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
    'git.commit' => function($c) {
        if ( getenv("DEBUG") ) {
--- a/skeleton/meta/definitions/auth.php
+++ b/skeleton/meta/definitions/auth.php
@ -17,6 +17,8 @@ use Picea\Picea;
 use TheBugs\Email\{ EmailConfiguration, MailerInterface, SwiftMailer };
 use Taxus\Taxus;
 return [
    Entity\User::class => autowire(Entity\User::class),
@ -24,7 +26,7 @@ return [
    SecurityHandler::class => create(SecurityHandler::class)->constructor(function() {
        return new RedirectResponse(getenv("URL_BASE")."/connexion");
-    }, get('authentication.unauthorize')),
+    }, get('authentication.unauthorize'), get(Taxus::class)),
    'authentication.error' => function($c, Picea $picea) {
        return function($message) use ($picea) {
@ -59,4 +61,6 @@ return [
        return $email;
    },
    PermissionGrantInterface::class => create(%NAMESPACE%\PrivilegeGrantAccess::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
 ];
--- a/skeleton/meta/definitions/storage.php
+++ b/skeleton/meta/definitions/storage.php
@ -5,7 +5,9 @@ use Psr\Container\ContainerInterface;
 use Ulmus\ConnectionAdapter,
    Ulmus\Container\AdapterProxy;
-use LdapRecord\Connection;
+use Storage\Session;
 use function DI\autowire, DI\create, DI\get;
 return [
    ConnectionAdapter::class => function($c) {
@ -21,5 +23,5 @@ return [
        return new AdapterProxy(
            $c->get(ConnectionAdapter::class)
        );
-    }
+    },
 ];
--- a/skeleton/src/Entity/User.php
+++ b/skeleton/src/Entity/User.php
@ -7,7 +7,7 @@ use Ulmus\Entity\Field\Datetime;
 use %NAMESPACE%\Lib;
 /**
- *  # Table('name' => "user")
+ * @Table('name' => "user")
 */
 class User extends \Ulmus\User\Entity\User implements \JsonSerializable
 {
--- a/skeleton/src/Lib/ControllerTrait.php
+++ b/skeleton/src/Lib/ControllerTrait.php
@ -27,7 +27,7 @@ trait ControllerTrait {
        $this->picea = $picea;
        $this->authenticate = $authenticate;
        $this->session = $session;
-        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new User();
+        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new Entity\User();
    }
 }
--- a/skeleton/src/PrivilegeGrantAccess.php
+++ b/skeleton/src/PrivilegeGrantAccess.php
@ -0,0 +1,53 @@
 <?php
 namespace %NAMESPACE%;
 use Psr\Http\Message\ServerRequestInterface;
 use Notes\Security\Annotation\Taxus;
 use Storage\Session;
 use Taxus\PermissionGrantInterface;
 Use Ulmus\User\Entity\User;
 class PrivilegeGrantAccess implements PermissionGrantInterface {
    public Session $session;
    public ServerRequestInterface $request;
    public function __construct(ServerRequestInterface $request, Session $session)
    {
        $this->request = $request;
        $this->session = $session;
    }
    /*
     * --- Reles
     */
    public function is_dev() : bool
    {
        return false;
    }
    public function is_admin(User $user) : bool
    {
        return ! $this->is_anonymous($user) && FALSE; #  <<<<<<<<<<<<<----- ADJUST YOUR ADMIN PRIVILEGE HERE ACCORDINGLY
    }
    public function is_user(User $user) : bool
    {
        return ! $this->is_anonymous($user);
    }
    public function is_anonymous(User $user) : bool
    {
        return ! $user || ! $user->logged;
    }
    /*
     * --- Verifications
     */
    public function default($name) : bool
    {
        return false;
    }
 }
--- a/src/Lean.php
+++ b/src/Lean.php
@ -116,6 +116,7 @@ class Lean
            require($path . "http.php"),
            require($path . "language.php"),
            require($path . "routes.php"),
            require($path . "security.php"),
            require($path . "software.php"),
            require($path . "template.php"),
        );