Skip to content
Snippets Groups Projects
Commit 1bf1faa4 authored by Dorian Merz's avatar Dorian Merz
Browse files

refs #16361 [fid] bugfix in authorize method

* introduces new Exception types
* uses those Exceptions to authorize user
parent 7dee7054
No related merge requests found
...@@ -452,10 +452,14 @@ class Client ...@@ -452,10 +452,14 @@ class Client
* @param String $permission Name of the permission * @param String $permission Name of the permission
* @param User|null $user user object or null if we want to validate the currently logged in user * @param User|null $user user object or null if we want to validate the currently logged in user
* @throws ClientException * @throws ClientException
* @throws UserNotLoggedinException
* @throws UserNotAuthorizedException * @throws UserNotAuthorizedException
*/ */
protected function authorize(String $permission,User $user = null) { protected function authorize(String $permission,User $user = null) {
if (!$this->isLoggedOn()) {
throw new UserNotLoggedinException();
}
$user = $this->requestUserDetails(); $user = $this->requestUserDetails();
if (!$user->hasPermission($permission)) { if (!$user->hasPermission($permission)) {
throw new UserNotAuthorizedException(); throw new UserNotAuthorizedException();
...@@ -472,7 +476,7 @@ class Client ...@@ -472,7 +476,7 @@ class Client
try { try {
$this->authorize($permission); $this->authorize($permission);
} catch (UserNotAuthorizedException $exception) { } catch (UserAuthorizationException $exception) {
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
......
<?php
/**
* Copyright (C) 2019 Leipzig University Library
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* @author Sebastian Kehr <kehr@ub.uni-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
*/
namespace fid\Service;
class UserAuthorizationException extends \Exception
{
}
...@@ -21,6 +21,6 @@ ...@@ -21,6 +21,6 @@
namespace fid\Service; namespace fid\Service;
class UserNotAuthorizedException extends \Exception class UserNotAuthorizedException extends UserAuthorizationException
{ {
} }
<?php
/**
* Copyright (C) 2019 Leipzig University Library
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* @author Sebastian Kehr <kehr@ub.uni-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
*/
namespace fid\Service;
class UserNotLoggedinException extends UserAuthorizationException
{
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment