Archived
1
0
Fork 0
This repository has been archived on 2023-09-27. You can view files and clone it, but cannot push or open issues or pull requests.
ts3web/config/ACL.php

197 lines
5 KiB
PHP
Raw Permalink Normal View History

2018-04-03 11:56:20 +00:00
<?php
/**
* Class ACL
* @desc Do not touch except you know what you are doing
*/
class ACL extends \Zend\Permissions\Acl\Acl
{
const ACL_DEFAULT_ROLE_ADMIN = 'admin';
const ACL_DEFAULT_ROLE_MEMBER = 'member';
const ACL_DEFAULT_ROLE_GUEST = 'guest';
const ACL_UNDELETABLE_ROLES = [ACL::ACL_DEFAULT_ROLE_ADMIN, ACL::ACL_DEFAULT_ROLE_GUEST, ACL::ACL_DEFAULT_ROLE_MEMBER];
const ACL_WILDCARD = '*';
const ACL_DEFAULT_RESOURCES = [
ACL::ACL_WILDCARD,
'/401',
'/403',
'/404',
'/500',
'/',
'/login',
'/logout',
'/profile',
'/profile/credentials',
'/instance',
'/instance/edit',
2018-04-05 10:30:06 +00:00
'/logs[/{sid}]',
2018-04-03 11:56:20 +00:00
'/servers',
'/servers/create',
'/servers/{sid}',
2018-04-05 10:30:06 +00:00
'/servers/select/{sid}',
2018-04-05 14:26:12 +00:00
'/servers/deselect',
2018-04-03 11:56:20 +00:00
'/servers/delete/{sid}',
'/servers/start/{sid}',
'/servers/stop/{sid}',
'/servers/send/{sid}',
'/servers/edit/{sid}',
2018-04-06 11:36:08 +00:00
'/snapshots/{sid}',
'/snapshots/create/{sid}',
'/snapshots/deploy/{sid}/{name}',
'/snapshots/delete/{sid}/{name}',
2018-04-05 19:20:29 +00:00
'/tokens/{sid}',
'/tokens/add/{sid}',
'/tokens/delete/{sid}/{token}',
2018-04-03 11:56:20 +00:00
'/online/{sid}',
'/online/{sid}/{clid}',
'/online/poke/{sid}/{clid}',
'/online/kick/{sid}/{clid}',
'/online/ban/{sid}/{clid}',
'/online/send/{sid}/{clid}',
2018-04-06 13:12:52 +00:00
'/online/move/{sid}/{clid}',
2018-04-03 11:56:20 +00:00
'/clients/{sid}',
'/clients/{sid}/{cldbid}',
'/clients/delete/{sid}/{cldbid}',
'/clients/ban/{sid}/{cldbid}',
'/clients/send/{sid}/{cldbid}',
'/channels/{sid}',
2018-04-06 10:34:10 +00:00
'/channels/create/{sid}',
2018-04-03 11:56:20 +00:00
'/channels/{sid}/{cid}',
2018-04-05 09:31:28 +00:00
'/channels/edit/{sid}/{cid}',
2018-04-03 11:56:20 +00:00
'/channels/delete/{sid}/{cid}',
'/channels/send/{sid}/{cid}',
'/channels/files/delete/{sid}/{cid}',
2018-04-03 11:56:20 +00:00
'/groups/{sid}',
2018-04-06 08:56:04 +00:00
'/servergroups/{sid}/{sgid}',
'/servergroups/create/{sid}',
2018-04-06 08:56:04 +00:00
'/servergroups/delete/{sid}/{sgid}',
'/servergroups/rename/{sid}/{sgid}',
'/servergroups/remove/{sid}/{sgid}/{cldbid}',
'/servergroups/add/{sid}/{sgid}',
2018-04-03 11:56:20 +00:00
'/channelgroups/{sid}/{cgid}',
'/channelgroups/create/{sid}',
2018-04-03 11:56:20 +00:00
'/channelgroups/delete/{sid}/{cgid}',
2018-04-06 08:56:04 +00:00
'/channelgroups/rename/{sid}/{cgid}',
2018-04-03 11:56:20 +00:00
'/bans/{sid}',
'/bans/delete/{sid}/{banId}',
'/complains/{sid}',
'/complains/delete/{sid}/{tcldbid}',
2018-04-06 12:17:03 +00:00
'/passwords/{sid}',
'/passwords/add/{sid}',
'/passwords/delete/{sid}',
2018-04-03 11:56:20 +00:00
];
const ACL_DEFAULT_ALLOWS = [
ACL::ACL_DEFAULT_ROLE_ADMIN => [ACL::ACL_WILDCARD],
ACL::ACL_DEFAULT_ROLE_MEMBER => [
'/logout',
],
ACL::ACL_DEFAULT_ROLE_GUEST => [
'/login',
'/',
'/401',
'/403',
'/404',
'/500',
],
];
const ACL_DEFAULT_DENIES = [
ACL::ACL_DEFAULT_ROLE_ADMIN => ['/login'],
ACL::ACL_DEFAULT_ROLE_MEMBER => ['/login'],
];
public function __construct()
{
$res = self::ACL_DEFAULT_RESOURCES;
$allows = self::ACL_DEFAULT_ALLOWS;
$denies = self::ACL_DEFAULT_DENIES;
// roles
$this->addRole(self::ACL_DEFAULT_ROLE_GUEST);
$this->addRole(self::ACL_DEFAULT_ROLE_MEMBER, self::ACL_DEFAULT_ROLE_GUEST);
$this->addRole(self::ACL_DEFAULT_ROLE_ADMIN);
// resource
foreach ($res as $resource) {
$this->addResource($resource);
}
// allows
foreach ($allows as $role => $paths) {
foreach ($paths as $path) {
if (empty($path) || $path === '' || $path === ACL::ACL_WILDCARD) {
$this->allow($role);
} else {
$this->allow($role, $path);
}
}
}
// denies
foreach ($denies as $role => $paths) {
foreach ($paths as $path) {
if (empty($path) || $path === '') {
$this->deny($role);
} else {
$this->deny($role, $path);
}
}
}
}
/**
* Get all children for a role
*
* @param $role
* @return array
*/
public function getAllChildrenForRole($role)
{
$children = array();
foreach ($this->getRoles() as $inherit) {
if($this->inheritsRole($role, $inherit)) {
$children[] = $inherit;
}
}
return $children;
}
/**
* Can $currentRole access resources for $targetRole
*
* @param $currentRole
* @param $targetRole
* @return bool
*/
public function isPermitted($currentRole, $targetRole)
{
$children = $this->getAllChildrenForRole($targetRole);
if ($targetRole == $currentRole || !in_array($currentRole, $children)) {
return true;
} else {
return false;
}
}
}