Simplified methods for checking access rights

2020-06-10 12:04:47 +02:00 · 2020-06-10 12:04:47 +02:00 · 21746f2f2d
commit 21746f2f2d
parent 1f1d731e84
5 changed files with 37 additions and 24 deletions
--- a/helpers/auth.php
+++ b/helpers/auth.php
@ -118,20 +118,18 @@
    /**
     * Check valid pass for given login
     *
-     * @param $login
-     * @param $pass
+     * @param string $login
+     * @param string $pass
     * @return boolean True if valid
     */
    public function checkLogin($login, $pass) {
-      if (!is_null($login) && !is_null($pass)) {
-        if (!empty($login) && !empty($pass)) {
-          $user = new uUser($login);
-          if ($user->isValid && $user->validPassword($pass)) {
-            $this->setAuthenticated($user);
-            $this->sessionCleanup();
-            $user->storeInSession();
-            return true;
-          }
+      if (!empty($login) && !empty($pass)) {
+        $user = new uUser($login);
+        if ($user->isValid && $user->validPassword($pass)) {
+          $this->setAuthenticated($user);
+          $this->sessionCleanup();
+          $user->storeInSession();
+          return true;
        }
      }
      return false;
@ -179,4 +177,25 @@
      header("Location: $location");
      exit();
    }
+
+    /**
+     * Check session user has RW access to resource owned by given user
+     *
+     * @param int $ownerId
+     * @return bool True if has access
+     */
+    public function hasReadWriteAccess($ownerId) {
+      return $this->isAuthenticated() && ($this->isAdmin() || $this->user->id === $ownerId);
+    }
+
+    /**
+     * Check session user has RO access to resource owned by given user
+     *
+     * @param int $ownerId
+     * @return bool True if has access
+     */
+    public function hasReadAccess($ownerId) {
+      return $this->hasReadWriteAccess($ownerId) || uConfig::getInstance()->publicTracks;
+    }
+
  }
--- a/utils/export.php
+++ b/utils/export.php
@ -63,8 +63,7 @@ $type = uUtils::getString('type', 'kml');
 $userId = uUtils::getInt('userid');
 $trackId = uUtils::getInt('trackid');

-if (!$config->publicTracks &&
-    (!$auth->isAuthenticated() || (!$auth->isAdmin() && $auth->user->id !== $userId))) {
+if (!$auth->hasReadAccess($userId)) {
  // unauthorized
  exit();
 }
--- a/utils/getpositions.php
+++ b/utils/getpositions.php
@ -32,8 +32,7 @@ $last = uUtils::getBool('last');

 $positionsArr = [];
 if ($userId) {
-  if ($config->publicTracks ||
-      ($auth->isAuthenticated() && ($auth->isAdmin() || $auth->user->id === $userId))) {
+  if ($auth->hasReadAccess($userId)) {
    if ($trackId) {
      // get all track data
      $positionsArr = uPosition::getAll($userId, $trackId, $afterId);
@ -46,7 +45,7 @@ if ($userId) {
    }
  }
 } else if ($last) {
-  if ($config->publicTracks || ($auth->isAuthenticated() && ($auth->isAdmin()))) {
+  if ($config->publicTracks || ($auth->isAuthenticated() && $auth->isAdmin())) {
    $positionsArr = uPosition::getLastAllUsers();
  }
 }
--- a/utils/gettracks.php
+++ b/utils/gettracks.php
@ -27,11 +27,8 @@ $config = uConfig::getInstance();
 $userId = uUtils::getInt('userid');

 $tracksArr = [];
-if ($userId) {
-  if ($config->publicTracks ||
-      ($auth->isAuthenticated() && ($auth->isAdmin() || $auth->user->id === $userId))) {
-    $tracksArr = uTrack::getAll($userId);
-  }
+if ($userId && $auth->hasReadAccess($userId)) {
+  $tracksArr = uTrack::getAll($userId);
 }

 $result = [];
--- a/utils/handleposition.php
+++ b/utils/handleposition.php
@ -36,9 +36,8 @@ if (empty($action) || empty($positionId)) {
  uUtils::exitWithError($lang["servererror"]);
 }
 $position = new uPosition($positionId);
-if (!$position->isValid ||
-  (!$auth->isAuthenticated() || (!$auth->isAdmin() && $auth->user->id !== $position->userId))) {
-  uUtils::exitWithError($lang["servererror"]);
+if (!$position->isValid || !$auth->hasReadWriteAccess($position->userId)) {
+  uUtils::exitWithError($lang["notauthorized"]);
 }

 $data = null;