-
Notifications
You must be signed in to change notification settings - Fork 475
Expand file tree
/
Copy pathRestrictedSiteAccessPolicy.php
More file actions
83 lines (73 loc) · 2.21 KB
/
RestrictedSiteAccessPolicy.php
File metadata and controls
83 lines (73 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
/**
* @file classes/security/authorization/RestrictedSiteAccessPolicy.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2000-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class RestrictedSiteAccessPolicy
*
* @ingroup security_authorization
*
* @brief Policy enforcing restricted site access when the context
* contains such a setting.
*/
namespace PKP\security\authorization;
use PKP\core\PKPPageRouter;
use PKP\core\PKPRequest;
use PKP\core\PKPRouter;
use PKP\plugins\Hook;
use PKP\security\Validation;
class RestrictedSiteAccessPolicy extends AuthorizationPolicy
{
private ?PKPRouter $_router;
private PKPRequest $_request;
/**
* Constructor
*/
public function __construct(PKPRequest $request)
{
parent::__construct('user.authorization.restrictedSiteAccess');
$this->_request = $request;
$this->_router = $request->getRouter();
}
//
// Implement template methods from AuthorizationPolicy
//
/**
* @see AuthorizationPolicy::applies()
*/
public function applies(): bool
{
$context = $this->_router->getContext($this->_request);
return $context?->getData('restrictSiteAccess') ?? false;
}
/**
* @see AuthorizationPolicy::effect()
*/
public function effect(): int
{
$page = $this->_router instanceof PKPPageRouter
? $this->_router->getRequestedPage($this->_request)
: null;
return Validation::isLoggedIn() || in_array($page, $this->_getLoginExemptions())
? AuthorizationPolicy::AUTHORIZATION_PERMIT
: AuthorizationPolicy::AUTHORIZATION_DENY;
}
//
// Private helper method
//
/**
* Return the pages that can be accessed
* even while in restricted site mode.
*
* @hook RestrictedSiteAccessPolicy::_getLoginExemptions [[[&$exemptions]]]
*/
private function _getLoginExemptions(): array
{
$exemptions = ['user', 'login', 'help', 'header', 'sidebar', 'payment', 'invitation'];
Hook::call('RestrictedSiteAccessPolicy::_getLoginExemptions', [[&$exemptions]]);
return $exemptions;
}
}