override getNamedRoute for Router

9ca24517 · Vassilis Kanellopoulos · 49906f02 · 9ca24517 · 9ca24517 · 9ca24517
Commit 9ca24517 authored Mar 01, 2016 by Vassilis Kanellopoulos
9 changed files
--- a/module/application/bootstrap.php
+++ b/module/application/bootstrap.php
@@ -17,7 +17,7 @@ return function (Slim\App $app) {
        $autoloader->addPsr4('GrEduLabs\\Application\\', __DIR__ . '/src');
    });

-    $events('on', 'app.services', function ($stop, $container) {
+    $events('on', 'app.services', function ($stop, Slim\Container $container) {
        session_name('GrEduLabs');
        session_start();

@@ -30,6 +30,11 @@ return function (Slim\App $app) {
            isset($container['settings']['db']['freeze']) ? $container['settings']['db']['freeze'] : true
        );

+        // override default router
+        $container['router'] = $container->extend('router', function () {
+            return new GrEduLabs\Application\Router();
+        });
+
        $container['view'] = function ($c) {
            $settings = $c['settings'];
            $view     = new Slim\Views\Twig(
@@ -94,14 +99,11 @@ return function (Slim\App $app) {
    });

    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
-        foreach ($container['router']->getRoutes() as $route) {
-            if ('user.login' === $route->getName()) {
-                $route->add('csrf');
-                break;
-            }
-        }
-
        $app->get('/', GrEduLabs\Application\Action\Index::class)->setName('index');
        $app->get('/about', GrEduLabs\Application\Action\About::class)->setName('about');
    });
+
+    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
+        $container['router']->getNamedRoute('user.login')->add('csrf');
+    }, -10);
 };
--- a/module/application/src/Router.php
+++ b/module/application/src/Router.php
+<?php
+
+/**
+ * gredu_labs.
+ * 
+ * @link https://github.com/eellak/gredu_labs for the canonical source repository
+ *
+ * @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
+ * @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
+ */
+
+namespace GrEduLabs\Application;
+
+use RuntimeException;
+use Slim\Router as BaseRouter;
+
+class Router extends BaseRouter
+{
+    public function getNamedRoute($name)
+    {
+        if (is_null($this->namedRoutes)) {
+            $this->buildNameIndex();
+        }
+
+        foreach ($this->routes as $route) {
+            $routeName = $route->getName();
+            if ($routeName && $name === $routeName) {
+                return $route;
+            }
+        }
+
+        throw new RuntimeException('Named route does not exist for name: ' . $name);
+    }
+}
--- a/module/authentication/src/Adapter/RedBeanPHP.php
+++ b/module/authentication/src/Adapter/RedBeanPHP.php
@@ -21,7 +21,8 @@ class RedBeanPHP extends AbstractAdapter
     * @var string
     */

-    private static $failMessage = 'Failed to login. Please check your email and password and try again';
+    private static $failMessage = 'Δεν ήταν δυνατή η σύνδεση. Παρακαλώ ελέγξτε το ' .
+                                  'email και το συνθηματικό σας και δοκιμάστε ξανά.';
    /**
     * @var callable
     */

--- a/module/authorization/bootstrap.php
+++ b/module/authorization/bootstrap.php
@@ -43,9 +43,16 @@ return function (Slim\App $app) {
        });

        $container[GrEduLabs\Authorization\RouteGuard::class] = function ($c) {
+            $settings = $c['settings'];
            $role = call_user_func($c['current_role']);
+            $defaultRole = $settings['acl']['default_role'];

-            return new GrEduLabs\Authorization\RouteGuard($c[GrEduLabs\Authorization\Acl::class], $role);
+            return new GrEduLabs\Authorization\RouteGuard(
+                $c[GrEduLabs\Authorization\Acl::class],
+                $role,
+                $defaultRole,
+                $c['router']->pathFor('user.login')
+            );
        };

        $container[GrEduLabs\Authorization\Middleware\RoleProvider::class] = function ($c) {
@@ -78,12 +85,8 @@ return function (Slim\App $app) {
    }, -10);

    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
-        foreach ($container['router']->getRoutes() as $route) {
-            if ('user.login' === $route->getName()) {
-                $route->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
-                break;
-            }
-        }
+        $container['router']->getNamedRoute('user.login')
+            ->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);

        $app->add(GrEduLabs\Authorization\RouteGuard::class);
    });

--- a/module/authorization/src/RouteGuard.php
+++ b/module/authorization/src/RouteGuard.php
@@ -12,48 +12,83 @@ namespace GrEduLabs\Authorization;

 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
+use Slim\Http\Request;
+use Slim\Http\Response;
 use Zend\Permissions\Acl\AclInterface;

 class RouteGuard
 {
+    /**
+     *
+     * @var AclInterface
+     */
+    private $acl;
+
+    /**
+     *
+     * @var string
+     */
+    private $currentUserRole;
+
+    /**
+     *
+     * @var string
+     */
+    private $defaultRole;
+
+    /**
+     *
+     * @var string
+     */
+    private $loginUrl;
+
    /**
     * @param AclInterface $acl             The preconfigured ACL service
     * @param string       $currentUserRole
     */
-    public function __construct(AclInterface $acl, $currentUserRole)
+    public function __construct(AclInterface $acl, $currentUserRole, $defaultRole, $loginUrl)
    {
        $this->acl             = $acl;
        $this->currentUserRole = $currentUserRole;
+        $this->defaultRole     = $defaultRole;
+        $this->loginUrl        = $loginUrl;
    }

    /**
     * Invoke middleware.
     *
-     * @param RequestInterface  $request  PSR7 request object
-     * @param ResponseInterface $response PSR7 response object
+     * @param RequestInterface  $req  PSR7 request object
+     * @param ResponseInterface $res PSR7 response object
     * @param callable          $next     Next middleware callable
     *
     * @return ResponseInterface PSR7 response object
     */
-    public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
+    public function __invoke(Request $req, Response $res, callable $next)
    {
-        if (!$request->getAttribute('route')) {
-            return $response->withStatus(404);
+        if (!$req->getAttribute('route')) {
+            return $res->withStatus(404);
        }
        $isAllowed = false;
-        if ($this->acl->hasResource('route' . $request->getAttribute('route')->getPattern())) {
-            $isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'route' . $request->getAttribute('route')->getPattern(), strtolower($request->getMethod()));
+        if ($this->acl->hasResource('route' . $req->getAttribute('route')->getPattern())) {
+            $isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'route' . $req->getAttribute('route')->getPattern(), strtolower($req->getMethod()));
+        }
+
+        if (is_string($req->getAttribute('route')->getCallable()) &&
+            $this->acl->hasResource('callable/' . $req->getAttribute('route')->getCallable())) {
+            $isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'callable/' . $req->getAttribute('route')->getCallable());
        }

-        if (is_string($request->getAttribute('route')->getCallable()) &&
-            $this->acl->hasResource('callable/' . $request->getAttribute('route')->getCallable())) {
-            $isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'callable/' . $request->getAttribute('route')->getCallable());
+        if (!$isAllowed && $this->currentUserRole === $this->defaultRole) {
+            return $res->withRedirect($this->loginUrl);
        }

        if (!$isAllowed) {
-            return $response->withStatus(403, $this->currentUserRole . ' is not allowed access to this location.');
+            $res = $res->withStatus(403, $this->currentUserRole . ' is not allowed access to this location.');
+            $res->getBody()->write('Forbidden');
+
+            return $res;
        }

-        return $next($request, $response);
+        return $next($req, $res);
    }
 }
--- a/module/sch_sso/bootstrap.php
+++ b/module/sch_sso/bootstrap.php
@@ -98,19 +98,15 @@ return function (Slim\App $app) {
    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
        $container['view']->getEnvironment()->getLoader()->prependPath(__DIR__ . '/templates');
        $app->get('/user/login/sso', SchSSO\Action\Login::class)
-
            ->setName('user.login.sso');
+
        $app->get('/user/logout/sso', SchSSO\Action\Logout::class)
            ->setName('user.logout.sso');
    });

    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
-        foreach ($container['router']->getRoutes() as $route) {
-            if ('user.login.sso' === $route->getName()) {
-                $route->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
-                break;
-            }
-        }
+        $container['router']->getNamedRoute('user.login.sso')
+            ->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
    }, -100);

    $events('on', 'logout', function (

--- a/module/sch_sso/src/Adapter/Cas.php
+++ b/module/sch_sso/src/Adapter/Cas.php
@@ -71,7 +71,8 @@ class Cas implements AdapterInterface
        $isAllowed = call_user_func($this->isAllowed, $attributes);
        if (!$isAllowed) {
            return new Result(Result::FAILURE, null, [sprintf(
-                'Your account type is not accepted. <a href="%s" title="SSO logout">SSO Logout</a>',
+                'Η πρόσβαση επιτρέπεται μόνο για τους επίσημους λογαριασμούς σχολείων. ' .
+                '<a href="%s" title="SSO logout">SSO Logout</a>',
                $this->ssoLogoutUrl
            )]);
        }

--- a/module/sch_sso/templates/user/login.twig
+++ b/module/sch_sso/templates/user/login.twig
@@ -4,7 +4,10 @@
    <h1>Σύνδεση</h1>
    <div class="row">
        <div class="col-sm-12 col-md-6">
-            <p>Για την σύνδεση των <strong>σχολικών μονάδων</strong>, η σύνδεση πραγματοποιείται μέσω του Κεντρικής Υπηρεσίας Πιστοποίησης χρηστών του Πανελλήνιου Σχολικού Δικτύου.</p>
+            <p>Για την σύνδεση των <strong>σχολικών μονάδων</strong>, η σύνδεση 
+                πραγματοποιείται μέσω του Κεντρικής Υπηρεσίας Πιστοποίησης χρηστών 
+                του Πανελλήνιου Σχολικού Δικτύου, χρησιμοποιώντας τον <strong>επίσημο λογαριασμό</strong>
+                του σχολείου.</p>
            <hr>
            <form method="get" action="{{ path_for('user.login.sso') }}" id="user-login-form" class="form-horizontal" value="1">
                <p class="text-center">

--- a/module/sch_sync/bootstrap.php
+++ b/module/sch_sync/bootstrap.php
@@ -63,13 +63,9 @@ return function (App $app) {
    });

    $events('on', 'app.bootstrap', function ($stop, $app, $container) {
-        foreach ($container->get('router')->getRoutes() as $route) {
-            if ('user.login.sso' === $route->getName()) {
-                $route->add(CreateUser::class)
-                    ->add(CreateSchool::class)
-                    ->add(CreateLabs::class);
-                break;
-            }
-        }
+        $container['router']->getNamedRoute('user.login.sso')
+            ->add(CreateUser::class)
+            ->add(CreateSchool::class)
+            ->add(CreateLabs::class);
    }, -10);
 };