diff --git a/src/Filters/GroupFilter.php b/src/Filters/GroupFilter.php index 9654a4f..b9fa5dd 100644 --- a/src/Filters/GroupFilter.php +++ b/src/Filters/GroupFilter.php @@ -8,52 +8,74 @@ use CI4\Auth\Exceptions\PermissionException; class GroupFilter implements FilterInterface { + /** * -------------------------------------------------------------------------- * Before. * -------------------------------------------------------------------------- * - * Do whatever processing this filter needs to do. By default it should not - * return anything during normal execution. However, when an abnormal state - * is found, it should return an instance of CodeIgniter\HTTP\Response. If - * it does, script execution will end and that Response will be sent back - * to the client, allowing for error pages, redirects, etc. + * Handles the logic to be executed before the request is processed. + * + * This method checks if the user is logged in and belongs to the required groups. + * If the user is not logged in, they are redirected to the login page. + * If the user does not belong to the required groups, they are redirected to an + * error page or an exception is thrown. * - * @param RequestInterface $request - * @param array|null $arguments + * @param RequestInterface $request The current request instance. + * @param array|null $arguments The groups required to access the resource. * - * @return \CodeIgniter\HTTP\RedirectResponse|void; + * @return \CodeIgniter\HTTP\RedirectResponse|bool */ - public function before(RequestInterface $request, $arguments = null) { + public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool { + // + // Load the 'auth' helper if the 'logged_in' function does not exist + // if (!function_exists('logged_in')) helper('auth'); - if (empty($arguments)) return; + // + // If no groups are specified, return false + // + if (empty($arguments)) { + return false; + } + // + // Get the authentication service + // $authenticate = service('authentication'); // - // If no user is logged in then send to the login form + // If no user is logged in, redirect to the login form // if (!$authenticate->check()) { session()->set('redirect_url', current_url()); return redirect('login'); } + // + // Get the authorization service + // $authorize = service('authorization'); // // Check each requested group // foreach ($arguments as $group) { - if ($authorize->inGroup($group, $authenticate->id())) return; + if ($authorize->inGroup($group, $authenticate->id())) { + return false; + } } + // + // If the user does not belong to the required groups, handle the response + // if ($authenticate->silent()) { -// $redirectURL = session('redirect_url') ?? '/'; + // Redirect to the error page $redirectURL = '/error'; unset($_SESSION['redirect_url']); return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions')); } else { + // Throw a PermissionException throw new PermissionException(lang('Auth.exception.insufficient_permissions')); } } diff --git a/src/Filters/LoginFilter.php b/src/Filters/LoginFilter.php index fd86264..bb86cdb 100644 --- a/src/Filters/LoginFilter.php +++ b/src/Filters/LoginFilter.php @@ -8,6 +8,7 @@ use Config\App; class LoginFilter implements FilterInterface { + /** * -------------------------------------------------------------------------- * Before. @@ -21,6 +22,9 @@ class LoginFilter implements FilterInterface { * @return \CodeIgniter\HTTP\RedirectResponse|bool */ public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool { + // + // Load the 'auth' helper if the 'logged_in' function does not exist + // if (!function_exists('logged_in')) { helper('auth'); } diff --git a/src/Filters/PermissionFilter.php b/src/Filters/PermissionFilter.php index b63e4d2..3234159 100644 --- a/src/Filters/PermissionFilter.php +++ b/src/Filters/PermissionFilter.php @@ -8,7 +8,7 @@ use CI4\Auth\Exceptions\PermissionException; class PermissionFilter implements FilterInterface { - //--------------------------------------------------------------------------- + /** * -------------------------------------------------------------------------- * Before. @@ -23,43 +23,66 @@ class PermissionFilter implements FilterInterface { * @param RequestInterface $request * @param array|null $arguments * - * @return mixed + * @return \CodeIgniter\HTTP\RedirectResponse|bool */ - public function before(RequestInterface $request, $arguments = null): mixed { - if (!function_exists('logged_in')) helper('auth'); + public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool { + // + // Load the 'auth' helper if the 'logged_in' function does not exist + // + if (!function_exists('logged_in')) { + helper('auth'); + } - if (empty($arguments)) return false; + // + // If no roles are specified, return without doing anything + // + if (empty($arguments)) { + return false; + } + // + // Get the authentication service + // $authenticate = service('authentication'); // - // if no user is logged in then send to the login form + // If no user is logged in, redirect to the login form // if (!$authenticate->check()) { session()->set('redirect_url', current_url()); return redirect('login'); } + // + // Get the authorization service + // $authorize = service('authorization'); - $result = true; + // - // Check each requested permission + // Check if the user has any of the required permissions // + $result = true; foreach ($arguments as $permission) { $result = $result && $authorize->hasPermission($permission, $authenticate->id()); } + // + // If the user does not have the required permissions, handle the response + // if (!$result) { if ($authenticate->silent()) { -// $redirectURL = session('redirect_url') ?? '/'; + // Redirect to the error page $redirectURL = '/error_auth'; unset($_SESSION['redirect_url']); return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions')); } else { -// $redirectURL = session('redirect_url') ?? '/'; + + // Throw a PermissionException +// throw new PermissionException(lang('Auth.exception.insufficient_permissions')); + + // Redirect to the error page $redirectURL = '/error_auth'; unset($_SESSION['redirect_url']); -// throw new PermissionException(lang('Auth.exception.insufficient_permissions')); return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions')); } } diff --git a/src/Filters/RoleFilter.php b/src/Filters/RoleFilter.php index ca4f22b..96d0337 100644 --- a/src/Filters/RoleFilter.php +++ b/src/Filters/RoleFilter.php @@ -8,52 +8,76 @@ use CI4\Auth\Exceptions\PermissionException; class RoleFilter implements FilterInterface { + /** * -------------------------------------------------------------------------- * Before. * -------------------------------------------------------------------------- * - * Do whatever processing this filter needs to do. By default it should not - * return anything during normal execution. However, when an abnormal state - * is found, it should return an instance of CodeIgniter\HTTP\Response. If - * it does, script execution will end and that Response will be sent back - * to the client, allowing for error pages, redirects, etc. + * Handles the logic to be executed before the request is processed. + * + * This method checks if the user is logged in and has the required roles. + * If the user is not logged in, they are redirected to the login page. + * If the user does not have the required roles, they are redirected to an + * error page or an exception is thrown. * - * @param RequestInterface $request - * @param array|null $arguments + * @param RequestInterface $request The current request instance. + * @param array|null $arguments The roles required to access the resource. * - * @return \CodeIgniter\HTTP\RedirectResponse|void + * @return \CodeIgniter\HTTP\RedirectResponse|bool */ - public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse { - if (!function_exists('logged_in')) helper('auth'); + public function before(RequestInterface $request, $arguments = null): \CodeIgniter\HTTP\RedirectResponse|bool { + // + // Load the 'auth' helper if the 'logged_in' function does not exist + // + if (!function_exists('logged_in')) { + helper('auth'); + } - if (empty($arguments)) return; + // + // If no roles are specified, return without doing anything + // + if (empty($arguments)) { + return false; + } + // + // Get the authentication service + // $authenticate = service('authentication'); // - // If no user is logged in then send to the login form + // If no user is logged in, redirect to the login form // if (!$authenticate->check()) { session()->set('redirect_url', current_url()); return redirect('login'); } + // + // Get the authorization service + // $authorize = service('authorization'); // - // Check each requested role + // Check if the user has any of the required roles // foreach ($arguments as $role) { - if ($authorize->inRole($role, $authenticate->id())) return; + if ($authorize->inRole($role, $authenticate->id())) { + return false; + } } + // + // If the user does not have the required roles, handle the response + // if ($authenticate->silent()) { -// $redirectURL = session('redirect_url') ?? '/'; + // Redirect to the error page $redirectURL = '/error'; unset($_SESSION['redirect_url']); return redirect()->to($redirectURL)->with('error', lang('Auth.exception.insufficient_permissions')); } else { + // Throw a PermissionException throw new PermissionException(lang('Auth.exception.insufficient_permissions')); } }