override getNamedRoute for Router

parent 49906f02
......@@ -17,7 +17,7 @@ return function (Slim\App $app) {
$autoloader->addPsr4('GrEduLabs\\Application\\', __DIR__ . '/src');
});
$events('on', 'app.services', function ($stop, $container) {
$events('on', 'app.services', function ($stop, Slim\Container $container) {
session_name('GrEduLabs');
session_start();
......@@ -30,6 +30,11 @@ return function (Slim\App $app) {
isset($container['settings']['db']['freeze']) ? $container['settings']['db']['freeze'] : true
);
// override default router
$container['router'] = $container->extend('router', function () {
return new GrEduLabs\Application\Router();
});
$container['view'] = function ($c) {
$settings = $c['settings'];
$view = new Slim\Views\Twig(
......@@ -94,14 +99,11 @@ return function (Slim\App $app) {
});
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
foreach ($container['router']->getRoutes() as $route) {
if ('user.login' === $route->getName()) {
$route->add('csrf');
break;
}
}
$app->get('/', GrEduLabs\Application\Action\Index::class)->setName('index');
$app->get('/about', GrEduLabs\Application\Action\About::class)->setName('about');
});
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
$container['router']->getNamedRoute('user.login')->add('csrf');
}, -10);
};
<?php
/**
* gredu_labs.
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
*
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace GrEduLabs\Application;
use RuntimeException;
use Slim\Router as BaseRouter;
class Router extends BaseRouter
{
public function getNamedRoute($name)
{
if (is_null($this->namedRoutes)) {
$this->buildNameIndex();
}
foreach ($this->routes as $route) {
$routeName = $route->getName();
if ($routeName && $name === $routeName) {
return $route;
}
}
throw new RuntimeException('Named route does not exist for name: ' . $name);
}
}
......@@ -21,7 +21,8 @@ class RedBeanPHP extends AbstractAdapter
* @var string
*/
private static $failMessage = 'Failed to login. Please check your email and password and try again';
private static $failMessage = 'Δεν ήταν δυνατή η σύνδεση. Παρακαλώ ελέγξτε το ' .
'email και το συνθηματικό σας και δοκιμάστε ξανά.';
/**
* @var callable
*/
......
......@@ -43,9 +43,16 @@ return function (Slim\App $app) {
});
$container[GrEduLabs\Authorization\RouteGuard::class] = function ($c) {
$settings = $c['settings'];
$role = call_user_func($c['current_role']);
$defaultRole = $settings['acl']['default_role'];
return new GrEduLabs\Authorization\RouteGuard($c[GrEduLabs\Authorization\Acl::class], $role);
return new GrEduLabs\Authorization\RouteGuard(
$c[GrEduLabs\Authorization\Acl::class],
$role,
$defaultRole,
$c['router']->pathFor('user.login')
);
};
$container[GrEduLabs\Authorization\Middleware\RoleProvider::class] = function ($c) {
......@@ -78,12 +85,8 @@ return function (Slim\App $app) {
}, -10);
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
foreach ($container['router']->getRoutes() as $route) {
if ('user.login' === $route->getName()) {
$route->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
break;
}
}
$container['router']->getNamedRoute('user.login')
->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
$app->add(GrEduLabs\Authorization\RouteGuard::class);
});
......
......@@ -12,48 +12,83 @@ namespace GrEduLabs\Authorization;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
use Slim\Http\Request;
use Slim\Http\Response;
use Zend\Permissions\Acl\AclInterface;
class RouteGuard
{
/**
*
* @var AclInterface
*/
private $acl;
/**
*
* @var string
*/
private $currentUserRole;
/**
*
* @var string
*/
private $defaultRole;
/**
*
* @var string
*/
private $loginUrl;
/**
* @param AclInterface $acl The preconfigured ACL service
* @param string $currentUserRole
*/
public function __construct(AclInterface $acl, $currentUserRole)
public function __construct(AclInterface $acl, $currentUserRole, $defaultRole, $loginUrl)
{
$this->acl = $acl;
$this->currentUserRole = $currentUserRole;
$this->defaultRole = $defaultRole;
$this->loginUrl = $loginUrl;
}
/**
* Invoke middleware.
*
* @param RequestInterface $request PSR7 request object
* @param ResponseInterface $response PSR7 response object
* @param RequestInterface $req PSR7 request object
* @param ResponseInterface $res PSR7 response object
* @param callable $next Next middleware callable
*
* @return ResponseInterface PSR7 response object
*/
public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
public function __invoke(Request $req, Response $res, callable $next)
{
if (!$request->getAttribute('route')) {
return $response->withStatus(404);
if (!$req->getAttribute('route')) {
return $res->withStatus(404);
}
$isAllowed = false;
if ($this->acl->hasResource('route' . $request->getAttribute('route')->getPattern())) {
$isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'route' . $request->getAttribute('route')->getPattern(), strtolower($request->getMethod()));
if ($this->acl->hasResource('route' . $req->getAttribute('route')->getPattern())) {
$isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'route' . $req->getAttribute('route')->getPattern(), strtolower($req->getMethod()));
}
if (is_string($req->getAttribute('route')->getCallable()) &&
$this->acl->hasResource('callable/' . $req->getAttribute('route')->getCallable())) {
$isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'callable/' . $req->getAttribute('route')->getCallable());
}
if (is_string($request->getAttribute('route')->getCallable()) &&
$this->acl->hasResource('callable/' . $request->getAttribute('route')->getCallable())) {
$isAllowed = $isAllowed || $this->acl->isAllowed($this->currentUserRole, 'callable/' . $request->getAttribute('route')->getCallable());
if (!$isAllowed && $this->currentUserRole === $this->defaultRole) {
return $res->withRedirect($this->loginUrl);
}
if (!$isAllowed) {
return $response->withStatus(403, $this->currentUserRole . ' is not allowed access to this location.');
$res = $res->withStatus(403, $this->currentUserRole . ' is not allowed access to this location.');
$res->getBody()->write('Forbidden');
return $res;
}
return $next($request, $response);
return $next($req, $res);
}
}
......@@ -98,19 +98,15 @@ return function (Slim\App $app) {
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
$container['view']->getEnvironment()->getLoader()->prependPath(__DIR__ . '/templates');
$app->get('/user/login/sso', SchSSO\Action\Login::class)
->setName('user.login.sso');
$app->get('/user/logout/sso', SchSSO\Action\Logout::class)
->setName('user.logout.sso');
});
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
foreach ($container['router']->getRoutes() as $route) {
if ('user.login.sso' === $route->getName()) {
$route->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
break;
}
}
$container['router']->getNamedRoute('user.login.sso')
->add(GrEduLabs\Authorization\Middleware\RoleProvider::class);
}, -100);
$events('on', 'logout', function (
......
......@@ -71,7 +71,8 @@ class Cas implements AdapterInterface
$isAllowed = call_user_func($this->isAllowed, $attributes);
if (!$isAllowed) {
return new Result(Result::FAILURE, null, [sprintf(
'Your account type is not accepted. <a href="%s" title="SSO logout">SSO Logout</a>',
'Η πρόσβαση επιτρέπεται μόνο για τους επίσημους λογαριασμούς σχολείων. ' .
'<a href="%s" title="SSO logout">SSO Logout</a>',
$this->ssoLogoutUrl
)]);
}
......
......@@ -4,7 +4,10 @@
<h1>Σύνδεση</h1>
<div class="row">
<div class="col-sm-12 col-md-6">
<p>Για την σύνδεση των <strong>σχολικών μονάδων</strong>, η σύνδεση πραγματοποιείται μέσω του Κεντρικής Υπηρεσίας Πιστοποίησης χρηστών του Πανελλήνιου Σχολικού Δικτύου.</p>
<p>Για την σύνδεση των <strong>σχολικών μονάδων</strong>, η σύνδεση
πραγματοποιείται μέσω του Κεντρικής Υπηρεσίας Πιστοποίησης χρηστών
του Πανελλήνιου Σχολικού Δικτύου, χρησιμοποιώντας τον <strong>επίσημο λογαριασμό</strong>
του σχολείου.</p>
<hr>
<form method="get" action="{{ path_for('user.login.sso') }}" id="user-login-form" class="form-horizontal" value="1">
<p class="text-center">
......
......@@ -63,13 +63,9 @@ return function (App $app) {
});
$events('on', 'app.bootstrap', function ($stop, $app, $container) {
foreach ($container->get('router')->getRoutes() as $route) {
if ('user.login.sso' === $route->getName()) {
$route->add(CreateUser::class)
->add(CreateSchool::class)
->add(CreateLabs::class);
break;
}
}
$container['router']->getNamedRoute('user.login.sso')
->add(CreateUser::class)
->add(CreateSchool::class)
->add(CreateLabs::class);
}, -10);
};
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment