app/Models/Forum/Authorize.php at master · keii.dev/osu-web

keii.dev / osu-web
the browser-facing portion of osu!
osu-web / app / Models / Forum / Authorize.php
at master 3.1 kB view raw
 1<?php
 2
 3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
 4// See the LICENCE file in the repository root for full licence text.
 5
 6namespace App\Models\Forum;
 7
 8/**
 9 * temporary class until simpler acl is implemented.
10 *
11 * @property int $auth_option_id
12 * @property int $auth_role_id
13 * @property int $auth_setting
14 * @property int $forum_id
15 * @property int $group_id
16 */
17class Authorize extends Model
18{
19    public $incrementing = false;
20    public $timestamps = false;
21
22    protected $primaryKey = ':composite';
23    protected $primaryKeys = ['group_id', 'forum_id', 'auth_option_id', 'auth_role_id', 'auth_setting'];
24    protected $table = 'phpbb_acl_groups';
25
26    public static function aclCheck($user, $authOption, $forum)
27    {
28        $groupIds = $user->groupIds()['active'];
29        $authOptionId = AuthOption::where('auth_option', $authOption)->value('auth_option_id');
30
31        // the group may contain direct acl entry
32        $isAuthorized = static::directAcl($groupIds, $authOptionId)
33            ->where('forum_id', $forum->forum_id)
34            ->exists();
35
36        // the group may also be part of role which may have matching
37        // acl entry
38        if (!$isAuthorized) {
39            $isAuthorized = static::roleAcl($groupIds, $authOptionId)
40                ->where('forum_id', $forum->forum_id)
41                ->exists();
42        }
43
44        // there's actually another one (phpbb_acl_users) but doesn't seem
45        // to contain anything but old-ish banlist?
46        return $isAuthorized;
47    }
48
49    public static function aclGetAllowedForums($user, $authOption)
50    {
51        $groupIds = $user->groupIds()['active'];
52        $authOptionId = AuthOption::where('auth_option', $authOption)->value('auth_option_id');
53
54        $directAclForumIds = model_pluck(static::directAcl($groupIds, $authOptionId), 'forum_id');
55        $roleAclForumIds = model_pluck(static::roleAcl($groupIds, $authOptionId), 'forum_id');
56
57        return array_values(array_unique(array_merge($directAclForumIds, $roleAclForumIds)));
58    }
59
60    public static function increasesPostsCount($user, $forum)
61    {
62        return static::aclCheck($user, 'f_postcount', $forum);
63    }
64
65    public static function postsCountedForums($user)
66    {
67        return static::aclGetAllowedForums($user, 'f_postcount');
68    }
69
70    public function scopeDirectAcl($query, $groupIds, $authOptionId)
71    {
72        return $query
73            ->where([
74                'auth_setting' => 1,
75                'auth_option_id' => $authOptionId,
76            ])
77            ->whereIn('group_id', $groupIds);
78    }
79
80    public function scopeRoleAcl($query, $groupIds, $authOptionId)
81    {
82        $roleIds = model_pluck(AuthRole::where([
83            'auth_setting' => 1,
84            'auth_option_id' => $authOptionId,
85        ]), 'role_id');
86
87        return $query
88            ->where([
89                'auth_setting' => 0,
90            ])
91            ->whereIn('auth_role_id', $roleIds)
92            ->whereIn('group_id', $groupIds);
93    }
94}