ts3web/config/ACL.php

<?php

/**
 * Class ACL
 * @desc Do not touch except you know what you are doing
 */
class ACL extends \Zend\Permissions\Acl\Acl
{
    const ACL_DEFAULT_ROLE_ADMIN = 'admin';
    const ACL_DEFAULT_ROLE_MEMBER = 'member';
    const ACL_DEFAULT_ROLE_GUEST = 'guest';
    const ACL_UNDELETABLE_ROLES = [ACL::ACL_DEFAULT_ROLE_ADMIN, ACL::ACL_DEFAULT_ROLE_GUEST, ACL::ACL_DEFAULT_ROLE_MEMBER];
    const ACL_WILDCARD = '*';

    const ACL_DEFAULT_RESOURCES = [
        ACL::ACL_WILDCARD,
        '/401',
        '/403',
        '/404',
        '/500',
        '/',
        '/login',
        '/logout',

        '/profile',
        '/profile/credentials',

        '/instance',
        '/instance/edit',

        '/logs[/{sid}]',

        '/servers',
        '/servers/create',
        '/servers/{sid}',
        '/servers/select/{sid}',
        '/servers/deselect',
        '/servers/delete/{sid}',
        '/servers/start/{sid}',
        '/servers/stop/{sid}',
        '/servers/send/{sid}',
        '/servers/edit/{sid}',

        '/tokens/{sid}',
        '/tokens/add/{sid}',
        '/tokens/delete/{sid}/{token}',

        '/online/{sid}',
        '/online/{sid}/{clid}',
        '/online/poke/{sid}/{clid}',
        '/online/kick/{sid}/{clid}',
        '/online/ban/{sid}/{clid}',
        '/online/send/{sid}/{clid}',

        '/clients/{sid}',
        '/clients/{sid}/{cldbid}',
        '/clients/delete/{sid}/{cldbid}',
        '/clients/ban/{sid}/{cldbid}',
        '/clients/send/{sid}/{cldbid}',

        '/channels/{sid}',
        '/channels/create/{sid}',
        '/channels/{sid}/{cid}',
        '/channels/edit/{sid}/{cid}',
        '/channels/delete/{sid}/{cid}',
        '/channels/send/{sid}/{cid}',

        '/groups/{sid}',

        '/servergroups/{sid}/{sgid}',
        '/servergroups/create/{sid}',
        '/servergroups/delete/{sid}/{sgid}',
        '/servergroups/rename/{sid}/{sgid}',
        '/servergroups/remove/{sid}/{sgid}/{cldbid}',
        '/servergroups/add/{sid}/{sgid}',

        '/channelgroups/{sid}/{cgid}',
        '/channelgroups/create/{sid}',
        '/channelgroups/delete/{sid}/{cgid}',
        '/channelgroups/rename/{sid}/{cgid}',

        '/bans/{sid}',
        '/bans/delete/{sid}/{banId}',

        '/complains/{sid}',
        '/complains/delete/{sid}/{tcldbid}',
    ];

    const ACL_DEFAULT_ALLOWS = [
        ACL::ACL_DEFAULT_ROLE_ADMIN => [ACL::ACL_WILDCARD],
        ACL::ACL_DEFAULT_ROLE_MEMBER => [
            '/logout',
        ],
        ACL::ACL_DEFAULT_ROLE_GUEST  => [
            '/login',
            '/',
            '/401',
            '/403',
            '/404',
            '/500',
        ],
    ];

    const ACL_DEFAULT_DENIES = [
        ACL::ACL_DEFAULT_ROLE_ADMIN => ['/login'],
        ACL::ACL_DEFAULT_ROLE_MEMBER    => ['/login'],
    ];

    public function __construct()
    {
        $res = self::ACL_DEFAULT_RESOURCES;
        $allows = self::ACL_DEFAULT_ALLOWS;
        $denies = self::ACL_DEFAULT_DENIES;

        // roles
        $this->addRole(self::ACL_DEFAULT_ROLE_GUEST);
        $this->addRole(self::ACL_DEFAULT_ROLE_MEMBER, self::ACL_DEFAULT_ROLE_GUEST);
        $this->addRole(self::ACL_DEFAULT_ROLE_ADMIN);

        // resource
        foreach ($res as $resource) {
            $this->addResource($resource);
        }

        // allows
        foreach ($allows as $role => $paths) {

            foreach ($paths as $path) {

                if (empty($path) || $path === '' || $path === ACL::ACL_WILDCARD) {
                    $this->allow($role);
                } else {
                    $this->allow($role, $path);
                }
            }
        }

        // denies
        foreach ($denies as $role => $paths) {

            foreach ($paths as $path) {

                if (empty($path) || $path === '') {
                    $this->deny($role);
                } else {
                    $this->deny($role, $path);
                }
            }
        }
    }

    /**
     * Get all children for a role
     *
     * @param $role
     * @return array
     */
    public function getAllChildrenForRole($role)
    {
        $children = array();
        foreach ($this->getRoles() as $inherit) {
            if($this->inheritsRole($role, $inherit)) {
                $children[] = $inherit;
            }
        }
        return $children;
    }

    /**
     * Can $currentRole access resources for $targetRole
     *
     * @param $currentRole
     * @param $targetRole
     * @return bool
     */
    public function isPermitted($currentRole, $targetRole)
    {
        $children = $this->getAllChildrenForRole($targetRole);

        if ($targetRole == $currentRole || !in_array($currentRole, $children)) {
            return true;
        } else {
            return false;
        }
    }
}
initial commit 2018-04-03 11:56:20 +00:00			`<?php`

			`/**`
			`* Class ACL`
			`* @desc Do not touch except you know what you are doing`
			`*/`
			`class ACL extends \Zend\Permissions\Acl\Acl`
			`{`
			`const ACL_DEFAULT_ROLE_ADMIN = 'admin';`
			`const ACL_DEFAULT_ROLE_MEMBER = 'member';`
			`const ACL_DEFAULT_ROLE_GUEST = 'guest';`
			`const ACL_UNDELETABLE_ROLES = [ACL::ACL_DEFAULT_ROLE_ADMIN, ACL::ACL_DEFAULT_ROLE_GUEST, ACL::ACL_DEFAULT_ROLE_MEMBER];`
			`const ACL_WILDCARD = '*';`

			`const ACL_DEFAULT_RESOURCES = [`
			`ACL::ACL_WILDCARD,`
			`'/401',`
			`'/403',`
			`'/404',`
			`'/500',`
			`'/',`
			`'/login',`
			`'/logout',`

			`'/profile',`
			`'/profile/credentials',`

			`'/instance',`
			`'/instance/edit',`

Use session for selecting a server 2018-04-05 10:30:06 +00:00			`'/logs[/{sid}]',`
initial commit 2018-04-03 11:56:20 +00:00
			`'/servers',`
			`'/servers/create',`
			`'/servers/{sid}',`
Use session for selecting a server 2018-04-05 10:30:06 +00:00			`'/servers/select/{sid}',`
add deselect server 2018-04-05 14:26:12 +00:00			`'/servers/deselect',`
initial commit 2018-04-03 11:56:20 +00:00			`'/servers/delete/{sid}',`
			`'/servers/start/{sid}',`
			`'/servers/stop/{sid}',`
			`'/servers/send/{sid}',`
			`'/servers/edit/{sid}',`

Add tokens 2018-04-05 19:20:29 +00:00			`'/tokens/{sid}',`
			`'/tokens/add/{sid}',`
			`'/tokens/delete/{sid}/{token}',`

initial commit 2018-04-03 11:56:20 +00:00			`'/online/{sid}',`
			`'/online/{sid}/{clid}',`
			`'/online/poke/{sid}/{clid}',`
			`'/online/kick/{sid}/{clid}',`
			`'/online/ban/{sid}/{clid}',`
			`'/online/send/{sid}/{clid}',`

			`'/clients/{sid}',`
			`'/clients/{sid}/{cldbid}',`
			`'/clients/delete/{sid}/{cldbid}',`
			`'/clients/ban/{sid}/{cldbid}',`
			`'/clients/send/{sid}/{cldbid}',`

			`'/channels/{sid}',`
Add channel create 2018-04-06 10:34:10 +00:00			`'/channels/create/{sid}',`
initial commit 2018-04-03 11:56:20 +00:00			`'/channels/{sid}/{cid}',`
allow editing more attributes 2018-04-05 09:31:28 +00:00			`'/channels/edit/{sid}/{cid}',`
initial commit 2018-04-03 11:56:20 +00:00			`'/channels/delete/{sid}/{cid}',`
			`'/channels/send/{sid}/{cid}',`

			`'/groups/{sid}',`
Add groups rename 2018-04-06 08:56:04 +00:00
			`'/servergroups/{sid}/{sgid}',`
Add server groups and channel groups create and copy 2018-04-06 10:09:29 +00:00			`'/servergroups/create/{sid}',`
Add groups rename 2018-04-06 08:56:04 +00:00			`'/servergroups/delete/{sid}/{sgid}',`
			`'/servergroups/rename/{sid}/{sgid}',`
			`'/servergroups/remove/{sid}/{sgid}/{cldbid}',`
			`'/servergroups/add/{sid}/{sgid}',`
initial commit 2018-04-03 11:56:20 +00:00
			`'/channelgroups/{sid}/{cgid}',`
Add server groups and channel groups create and copy 2018-04-06 10:09:29 +00:00			`'/channelgroups/create/{sid}',`
initial commit 2018-04-03 11:56:20 +00:00			`'/channelgroups/delete/{sid}/{cgid}',`
Add groups rename 2018-04-06 08:56:04 +00:00			`'/channelgroups/rename/{sid}/{cgid}',`
initial commit 2018-04-03 11:56:20 +00:00
			`'/bans/{sid}',`
			`'/bans/delete/{sid}/{banId}',`

			`'/complains/{sid}',`
			`'/complains/delete/{sid}/{tcldbid}',`
			`];`

			`const ACL_DEFAULT_ALLOWS = [`
			`ACL::ACL_DEFAULT_ROLE_ADMIN => [ACL::ACL_WILDCARD],`
			`ACL::ACL_DEFAULT_ROLE_MEMBER => [`
			`'/logout',`
			`],`
			`ACL::ACL_DEFAULT_ROLE_GUEST => [`
			`'/login',`
			`'/',`
			`'/401',`
			`'/403',`
			`'/404',`
			`'/500',`
			`],`
			`];`

			`const ACL_DEFAULT_DENIES = [`
			`ACL::ACL_DEFAULT_ROLE_ADMIN => ['/login'],`
			`ACL::ACL_DEFAULT_ROLE_MEMBER => ['/login'],`
			`];`

			`public function __construct()`
			`{`
			`$res = self::ACL_DEFAULT_RESOURCES;`
			`$allows = self::ACL_DEFAULT_ALLOWS;`
			`$denies = self::ACL_DEFAULT_DENIES;`

			`// roles`
			`$this->addRole(self::ACL_DEFAULT_ROLE_GUEST);`
			`$this->addRole(self::ACL_DEFAULT_ROLE_MEMBER, self::ACL_DEFAULT_ROLE_GUEST);`
			`$this->addRole(self::ACL_DEFAULT_ROLE_ADMIN);`

			`// resource`
			`foreach ($res as $resource) {`
			`$this->addResource($resource);`
			`}`

			`// allows`
			`foreach ($allows as $role => $paths) {`

			`foreach ($paths as $path) {`

			`if (empty($path) \|\| $path === '' \|\| $path === ACL::ACL_WILDCARD) {`
			`$this->allow($role);`
			`} else {`
			`$this->allow($role, $path);`
			`}`
			`}`
			`}`

			`// denies`
			`foreach ($denies as $role => $paths) {`

			`foreach ($paths as $path) {`

			`if (empty($path) \|\| $path === '') {`
			`$this->deny($role);`
			`} else {`
			`$this->deny($role, $path);`
			`}`
			`}`
			`}`
			`}`

			`/**`
			`* Get all children for a role`
			`*`
			`* @param $role`
			`* @return array`
			`*/`
			`public function getAllChildrenForRole($role)`
			`{`
			`$children = array();`
			`foreach ($this->getRoles() as $inherit) {`
			`if($this->inheritsRole($role, $inherit)) {`
			`$children[] = $inherit;`
			`}`
			`}`
			`return $children;`
			`}`

			`/**`
			`* Can $currentRole access resources for $targetRole`
			`*`
			`* @param $currentRole`
			`* @param $targetRole`
			`* @return bool`
			`*/`
			`public function isPermitted($currentRole, $targetRole)`
			`{`
			`$children = $this->getAllChildrenForRole($targetRole);`

			`if ($targetRole == $currentRole \|\| !in_array($currentRole, $children)) {`
			`return true;`
			`} else {`
			`return false;`
			`}`
			`}`
			`}`