mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-04 15:44:07 +01:00
94f9929be0
* [ADD] Delete multiple items at once * [FIX] Some bugfixes * [MOD] Removed deprecated code
217 lines
7.7 KiB
PHP
217 lines
7.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link http://syspass.org
|
|
* @copyright 2012-2017, Rubén Domínguez nuxsmin@$syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace SP\Core\Acl;
|
|
|
|
use SP\Core\Session\Session;
|
|
|
|
defined('APP_ROOT') || die();
|
|
|
|
/**
|
|
* Esta clase es la encargada de calcular las access lists de acceso a usuarios.
|
|
*/
|
|
class Acl implements ActionsInterface
|
|
{
|
|
/**
|
|
* @var Actions
|
|
*/
|
|
protected static $action;
|
|
/**
|
|
* @var Session
|
|
*/
|
|
private $session;
|
|
|
|
/**
|
|
* Acl constructor.
|
|
*
|
|
* @param Session $session
|
|
* @param Actions|null $action
|
|
*/
|
|
public function __construct(Session $session, Actions $action = null)
|
|
{
|
|
$this->session = $session;
|
|
|
|
self::$action = $action;
|
|
}
|
|
|
|
/**
|
|
* Returns action route
|
|
*
|
|
* @param $actionId
|
|
* @return string
|
|
*/
|
|
public static function getActionRoute($actionId)
|
|
{
|
|
try {
|
|
return self::$action->getActionById($actionId)->getRoute();
|
|
} catch (ActionNotFoundException $e) {
|
|
processException($e);
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Obtener el nombre de la acción indicada
|
|
*
|
|
* @param int $actionId El id de la acción
|
|
* @param bool $translate
|
|
* @return string
|
|
* @internal param bool $shortName Si se devuelve el nombre corto de la acción
|
|
*/
|
|
public static function getActionInfo($actionId, $translate = true)
|
|
{
|
|
try {
|
|
$text = self::$action->getActionById($actionId)->getText();
|
|
return $translate ? __($text) : $text;
|
|
} catch (ActionNotFoundException $e) {
|
|
processException($e);
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Comprobar los permisos de acceso del usuario a los módulos de la aplicación.
|
|
* Esta función comprueba los permisos del usuario para realizar una acción.
|
|
* Si los permisos ya han sido obtenidos desde la BBDD, se utiliza el objeto creado
|
|
* en la variable de sesión.
|
|
*
|
|
* @param string $action con el nombre de la acción
|
|
* @param int $userId opcional, con el Id del usuario
|
|
* @return bool
|
|
*/
|
|
public function checkUserAccess($action, $userId = 0)
|
|
{
|
|
$userProfile = $this->session->getUserProfile();
|
|
|
|
// Comprobamos si la cache de permisos está inicializada
|
|
if (!is_object($userProfile)) {
|
|
// error_log('ACL_CACHE_MISS');
|
|
return false;
|
|
}
|
|
|
|
$userData = $this->session->getUserData();
|
|
|
|
if ($userData->getIsAdminApp()) {
|
|
return true;
|
|
}
|
|
|
|
switch ($action) {
|
|
case self::ACCOUNT_VIEW:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccView() || $userProfile->isAccEdit());
|
|
case self::ACCOUNT_VIEW_PASS:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccViewPass());
|
|
case self::ACCOUNT_VIEW_HISTORY:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccViewHistory());
|
|
case self::ACCOUNT_EDIT:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccEdit());
|
|
case self::ACCOUNT_EDIT_PASS:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccEditPass());
|
|
case self::ACCOUNT_CREATE:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccAdd());
|
|
case self::ACCOUNT_COPY:
|
|
return ($userData->getIsAdminAcc() || ($userProfile->isAccAdd() && $userProfile->isAccView()));
|
|
case self::ACCOUNT_DELETE:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccDelete());
|
|
case self::ACCOUNT_FILE:
|
|
return ($userData->getIsAdminAcc() || $userProfile->isAccFiles());
|
|
case self::ITEMS_MANAGE:
|
|
return ($userProfile->isMgmCategories() || $userProfile->isMgmCustomers());
|
|
case self::CONFIG:
|
|
return ($userProfile->isConfigGeneral() || $userProfile->isConfigEncryption() || $userProfile->isConfigBackup() || $userProfile->isConfigImport());
|
|
case self::CONFIG_GENERAL:
|
|
case self::PLUGIN:
|
|
case self::ACCOUNT_CONFIG:
|
|
return $userProfile->isConfigGeneral();
|
|
case self::IMPORT_CONFIG:
|
|
return $userProfile->isConfigImport();
|
|
case self::CATEGORY:
|
|
case self::CATEGORY_SEARCH:
|
|
return $userProfile->isMgmCategories();
|
|
case self::CLIENT:
|
|
case self::CLIENT_SEARCH:
|
|
return $userProfile->isMgmCustomers();
|
|
case self::CUSTOMFIELD:
|
|
case self::CUSTOMFIELD_SEARCH:
|
|
return $userProfile->isMgmCustomFields();
|
|
case self::PUBLICLINK:
|
|
case self::PUBLICLINK_SEARCH:
|
|
return $userProfile->isMgmPublicLinks();
|
|
case self::PUBLICLINK_CREATE:
|
|
return ($userProfile->isMgmPublicLinks() || $userProfile->isAccPublicLinks());
|
|
case self::ACCOUNTMGR:
|
|
case self::ACCOUNTMGR_SEARCH:
|
|
case self::ACCOUNTMGR_HISTORY:
|
|
case self::ACCOUNTMGR_SEARCH_HISTORY:
|
|
return $userProfile->isMgmAccounts();
|
|
case self::FILE:
|
|
case self::FILE_SEARCH:
|
|
return $userProfile->isMgmFiles();
|
|
case self::TAG:
|
|
case self::TAG_SEARCH:
|
|
return $userProfile->isMgmTags();
|
|
case self::ENCRYPTION_CONFIG:
|
|
return $userProfile->isConfigEncryption();
|
|
case self::BACKUP_CONFIG:
|
|
return $userProfile->isConfigBackup();
|
|
case self::ACCESS_MANAGE:
|
|
return ($userProfile->isMgmUsers() || $userProfile->isMgmGroups() || $userProfile->isMgmProfiles());
|
|
case self::USER:
|
|
case self::USER_SEARCH:
|
|
case self::USER_CREATE:
|
|
case self::USER_EDIT:
|
|
return $userProfile->isMgmUsers();
|
|
case self::USER_EDIT_PASS:
|
|
// Comprobar si el usuario es distinto al de la sesión
|
|
return ($userId === $userData->getId() || $userProfile->isMgmUsers());
|
|
case self::GROUP:
|
|
case self::GROUP_SEARCH:
|
|
return $userProfile->isMgmGroups();
|
|
case self::PROFILE:
|
|
case self::PROFILE_SEARCH:
|
|
return $userProfile->isMgmProfiles();
|
|
case self::APITOKEN:
|
|
case self::APITOKEN_SEARCH:
|
|
return $userProfile->isMgmApiTokens();
|
|
case self::EVENTLOG:
|
|
case self::EVENTLOG_SEARCH:
|
|
return $userProfile->isEvl();
|
|
case self::NOTIFICATION:
|
|
case self::NOTIFICATION_SEARCH:
|
|
case self::NOTIFICATION_CHECK:
|
|
return true;
|
|
}
|
|
|
|
// $Log = new Log();
|
|
// $Log->getLogMessage()
|
|
// ->setAction(__FUNCTION__)
|
|
// ->addDetails(__('Acceso denegado', false), self::getActionInfo($action, false));
|
|
// $Log->setLogLevel(Log::NOTICE);
|
|
// $Log->writeLog();
|
|
|
|
return false;
|
|
}
|
|
} |