- A lot of small important bugfixes
This commit is contained in:
parent
f72115aab4
commit
8892edd19e
22
meta/definitions/security.php
Normal file
22
meta/definitions/security.php
Normal file
@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
use function DI\autowire, DI\create, DI\get;
|
||||
|
||||
use Storage\Session;
|
||||
|
||||
use Taxus\{ Privilege, Taxus, PermissionGrantInterface, DefaultPermissionGrant };
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
return [
|
||||
Taxus::class => function ($c) {
|
||||
return ( new Taxus( $c->get(PermissionGrantInterface::class) ) )->add(
|
||||
[ new Privilege("dev", "Is a developper of this application."), "is_dev" ],
|
||||
[ new Privilege("admin", "Can manage mostly everything from this application."), "is_admin" ],
|
||||
[ new Privilege("user", "Is an authenticated user."), "is_user" ],
|
||||
[ new Privilege("anonymous", "Is an anonymous (unauthenticated) user."), "is_anonymous" ],
|
||||
);
|
||||
},
|
||||
|
||||
PermissionGrantInterface::class => create(DefaultPermissionGrant::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
|
||||
];
|
||||
@ -86,11 +86,11 @@ return [
|
||||
|
||||
JavascriptMiddleware::class => create(JavascriptMiddleware::class),
|
||||
|
||||
Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'samesite' => 'Strict' ], getenv("LEAN_RANDOM")),
|
||||
Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'path' => getenv('URL_BASE'), ], getenv("LEAN_RANDOM")),
|
||||
|
||||
Session::class => create(Session::class),
|
||||
Session::class => create(Session::class)->constructor(get(Cookie::class), [ 'path' => getenv('URL_BASE'), ]),
|
||||
|
||||
SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [ 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
|
||||
SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [ 'path' => getenv('URL_BASE'), 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
|
||||
|
||||
'git.commit' => function($c) {
|
||||
if ( getenv("DEBUG") ) {
|
||||
|
||||
@ -17,6 +17,8 @@ use Picea\Picea;
|
||||
|
||||
use TheBugs\Email\{ EmailConfiguration, MailerInterface, SwiftMailer };
|
||||
|
||||
use Taxus\Taxus;
|
||||
|
||||
return [
|
||||
Entity\User::class => autowire(Entity\User::class),
|
||||
|
||||
@ -24,7 +26,7 @@ return [
|
||||
|
||||
SecurityHandler::class => create(SecurityHandler::class)->constructor(function() {
|
||||
return new RedirectResponse(getenv("URL_BASE")."/connexion");
|
||||
}, get('authentication.unauthorize')),
|
||||
}, get('authentication.unauthorize'), get(Taxus::class)),
|
||||
|
||||
'authentication.error' => function($c, Picea $picea) {
|
||||
return function($message) use ($picea) {
|
||||
@ -59,4 +61,6 @@ return [
|
||||
|
||||
return $email;
|
||||
},
|
||||
|
||||
PermissionGrantInterface::class => create(%NAMESPACE%\PrivilegeGrantAccess::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
|
||||
];
|
||||
|
||||
@ -5,7 +5,9 @@ use Psr\Container\ContainerInterface;
|
||||
use Ulmus\ConnectionAdapter,
|
||||
Ulmus\Container\AdapterProxy;
|
||||
|
||||
use LdapRecord\Connection;
|
||||
use Storage\Session;
|
||||
|
||||
use function DI\autowire, DI\create, DI\get;
|
||||
|
||||
return [
|
||||
ConnectionAdapter::class => function($c) {
|
||||
@ -21,5 +23,5 @@ return [
|
||||
return new AdapterProxy(
|
||||
$c->get(ConnectionAdapter::class)
|
||||
);
|
||||
}
|
||||
},
|
||||
];
|
||||
|
||||
@ -7,7 +7,7 @@ use Ulmus\Entity\Field\Datetime;
|
||||
use %NAMESPACE%\Lib;
|
||||
|
||||
/**
|
||||
* # Table('name' => "user")
|
||||
* @Table('name' => "user")
|
||||
*/
|
||||
class User extends \Ulmus\User\Entity\User implements \JsonSerializable
|
||||
{
|
||||
|
||||
@ -27,7 +27,7 @@ trait ControllerTrait {
|
||||
$this->picea = $picea;
|
||||
$this->authenticate = $authenticate;
|
||||
$this->session = $session;
|
||||
$this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new User();
|
||||
$this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new Entity\User();
|
||||
}
|
||||
|
||||
}
|
||||
53
skeleton/src/PrivilegeGrantAccess.php
Normal file
53
skeleton/src/PrivilegeGrantAccess.php
Normal file
@ -0,0 +1,53 @@
|
||||
<?php
|
||||
|
||||
namespace %NAMESPACE%;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Notes\Security\Annotation\Taxus;
|
||||
use Storage\Session;
|
||||
use Taxus\PermissionGrantInterface;
|
||||
Use Ulmus\User\Entity\User;
|
||||
|
||||
class PrivilegeGrantAccess implements PermissionGrantInterface {
|
||||
|
||||
public Session $session;
|
||||
|
||||
public ServerRequestInterface $request;
|
||||
|
||||
public function __construct(ServerRequestInterface $request, Session $session)
|
||||
{
|
||||
$this->request = $request;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/*
|
||||
* --- Reles
|
||||
*/
|
||||
public function is_dev() : bool
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
public function is_admin(User $user) : bool
|
||||
{
|
||||
return ! $this->is_anonymous($user) && FALSE; # <<<<<<<<<<<<<----- ADJUST YOUR ADMIN PRIVILEGE HERE ACCORDINGLY
|
||||
}
|
||||
|
||||
public function is_user(User $user) : bool
|
||||
{
|
||||
return ! $this->is_anonymous($user);
|
||||
}
|
||||
|
||||
public function is_anonymous(User $user) : bool
|
||||
{
|
||||
return ! $user || ! $user->logged;
|
||||
}
|
||||
|
||||
/*
|
||||
* --- Verifications
|
||||
*/
|
||||
public function default($name) : bool
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -116,6 +116,7 @@ class Lean
|
||||
require($path . "http.php"),
|
||||
require($path . "language.php"),
|
||||
require($path . "routes.php"),
|
||||
require($path . "security.php"),
|
||||
require($path . "software.php"),
|
||||
require($path . "template.php"),
|
||||
);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user