first commit
This commit is contained in:
CHIEFSOFT\ameye
@@ -0,0 +1,95 @@
|
||||
<?php
|
||||
/**
|
||||
* @file classes/security/authorization/HandlerOperationPolicy.php
|
||||
*
|
||||
* Copyright (c) 2014-2021 Simon Fraser University
|
||||
* Copyright (c) 2000-2021 John Willinsky
|
||||
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
||||
*
|
||||
* @class HandlerOperationPolicy
|
||||
*
|
||||
* @ingroup security_authorization
|
||||
*
|
||||
* @brief Abstract base class that provides infrastructure
|
||||
* to control access to handler operations.
|
||||
*/
|
||||
|
||||
namespace PKP\security\authorization;
|
||||
|
||||
class HandlerOperationPolicy extends AuthorizationPolicy
|
||||
{
|
||||
/** @var \PKP\core\PKPRequest */
|
||||
public $_request;
|
||||
|
||||
/** @var array the target operations */
|
||||
public $_operations = [];
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param \PKP\core\PKPRequest $request
|
||||
* @param array|string $operations either a single operation or a list of operations that
|
||||
* this policy is targeting.
|
||||
* @param string $message a message to be displayed if the authorization fails
|
||||
*/
|
||||
public function __construct($request, $operations, $message = null)
|
||||
{
|
||||
parent::__construct($message);
|
||||
$this->_request = & $request;
|
||||
|
||||
// Make sure a single operation doesn't have to
|
||||
// be passed in as an array.
|
||||
assert(is_string($operations) || is_array($operations));
|
||||
if (!is_array($operations)) {
|
||||
$operations = [$operations];
|
||||
}
|
||||
$this->_operations = $operations;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Setters and Getters
|
||||
//
|
||||
/**
|
||||
* Return the request.
|
||||
*
|
||||
* @return \PKP\core\PKPRequest
|
||||
*/
|
||||
public function &getRequest()
|
||||
{
|
||||
return $this->_request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the operations whitelist.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getOperations()
|
||||
{
|
||||
return $this->_operations;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Private helper methods
|
||||
//
|
||||
/**
|
||||
* Check whether the requested operation is on
|
||||
* the list of permitted operations.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function _checkOperationWhitelist()
|
||||
{
|
||||
// Only permit if the requested operation has been whitelisted.
|
||||
$router = $this->_request->getRouter();
|
||||
$requestedOperation = $router->getRequestedOp($this->_request);
|
||||
assert(!empty($requestedOperation));
|
||||
return in_array($requestedOperation, $this->_operations);
|
||||
}
|
||||
}
|
||||
|
||||
if (!PKP_STRICT_MODE) {
|
||||
class_alias('\PKP\security\authorization\HandlerOperationPolicy', '\HandlerOperationPolicy');
|
||||
}
|
||||
Reference in New Issue
Block a user