streams/Code/Access/AccessControl.php

<?php

namespace Code\Access;

/**
 * @brief AccessControl class which represents individual content ACLs.
 *
 * A class to hold an AccessControl object with allowed and denied contacts and
 * groups.
 *
 * After evaluating @ref ::Code::Access::PermissionLimits "PermissionLimits"
 * and @ref ::Code::Lib::Permcat "Permcat"s individual content ACLs are evaluated.
 * These answer the question "Can Joe view *this* album/photo?".
 */
class AccessControl
{
    /**
     * @brief Allow contacts
     * @var string
     */
    protected string $allow_cid;
    /**
     * @brief Allow groups
     * @var string
     */
    protected string $allow_gid;
    /**
     * @brief Deny contacts
     * @var string
     */
    protected string $deny_cid;
    /**
     * @brief Deny groups
     * @var string
     */
    protected string $deny_gid;
    /**
     * @brief Indicates if we are using the default constructor values or
     * values that have been set explicitly.
     * @var bool
     */
    protected bool $explicit;


    /**
     * @brief Constructor for AccessList class.
     *
     * @note The array to pass to the constructor is different from the array
     * that you provide to the set() or set_from_array() functions.
     *
     * @param array $channel A channel array, where these entries are evaluated:
     *   * \e string \b channel_allow_cid => string of allowed xchan_hash
     *   * \e string \b channel_allow_gid => string of allowed group_id
     *   * \e string \b channel_deny_cid => string of denied xchan_hash
     *   * \e string \b channel_deny_gid => string of denied group_id
     */
    public function __construct(mixed $channel)
    {
        if ($channel) {
            $this->allow_cid = $channel['channel_allow_cid'];
            $this->allow_gid = $channel['channel_allow_gid'];
            $this->deny_cid = $channel['channel_deny_cid'];
            $this->deny_gid = $channel['channel_deny_gid'];
        } else {
            $this->allow_cid = '';
            $this->allow_gid = '';
            $this->deny_cid = '';
            $this->deny_gid = '';
        }

        $this->explicit = false;
    }

    /**
     * @brief Determine if we are using the default constructor values
     * or values that have been set explicitly.
     *
     * @return bool
     * @noinspection PhpUnused
     */
    public function get_explicit(): bool
    {
        return $this->explicit;
    }

    /**
     * @brief Set access list from strings such as those in already
     * existing stored data items.
     *
     * @note The array to pass to this set function is different from the array
     * that you provide to the constructor or set_from_array().
     *
     * @param array $arr
     *   * \e string \b allow_cid => string of allowed xchan_hash
     *   * \e string \b allow_gid => string of allowed group_id
     *   * \e string \b deny_cid  => string of denied xchan_hash
     *   * \e string \b deny_gid  => string of denied group_id
     * @param bool $explicit (optional) default true
     */
    public function set(array $arr, bool $explicit = true): void
    {
        $this->allow_cid = (array_key_exists('allow_cid', $arr)) ? $arr['allow_cid'] : '';
        $this->allow_gid = (array_key_exists('allow_gid', $arr)) ? $arr['allow_gid'] : '';
        $this->deny_cid = (array_key_exists('deny_cid', $arr)) ? $arr['deny_cid'] : '';
        $this->deny_gid = (array_key_exists('deny_gid', $arr)) ? $arr['deny_gid'] : '';

        $this->explicit = $explicit;
    }

    /**
     * @brief Return an array consisting of the current access list components
     * where the elements are directly storable.
     *
     * @return array An associative array with:
     *   * \e string \b allow_cid => string of allowed xchan_hash
     *   * \e string \b allow_gid => string of allowed group_id
     *   * \e string \b deny_cid  => string of denied xchan_hash
     *   * \e string \b deny_gid  => string of denied group_id
     */
    public function get(): array
    {
        return [
            'allow_cid' => $this->allow_cid,
            'allow_gid' => $this->allow_gid,
            'deny_cid' => $this->deny_cid,
            'deny_gid' => $this->deny_gid,
        ];
    }

    /**
     * @brief Set access list components from arrays, such as those provided by
     * acl_selector().
     *
     * For convenience, a string (or non-array) input is assumed to be a
     * comma-separated list and auto-converted into an array.
     *
     * @note The array to pass to this set function is different from the array
     * that you provide to the constructor or set().
     *
     * @param array $arr An associative array with:
     *   * \e array|string \b contact_allow => array of xchan_hash or comma-seperated string
     *   * \e array|string \b group_allow   => array of group_id or comma-seperated string
     *   * \e array|string \b contact_deny  => array of xchan_hash or comma-seperated string
     *   * \e array|string \b group_deny    => array of group_id or comma-seperated string
     * @param bool $explicit (optional) default true
     */
    public function set_from_array(array $arr, bool $explicit = true): void
    {
        $this->allow_cid = perms2str((is_array($arr['contact_allow']))
            ? $arr['contact_allow'] : explode(',', $arr['contact_allow']));
        $this->allow_gid = perms2str((is_array($arr['group_allow']))
            ? $arr['group_allow'] : explode(',', $arr['group_allow']));
        $this->deny_cid = perms2str((is_array($arr['contact_deny']))
            ? $arr['contact_deny'] : explode(',', $arr['contact_deny']));
        $this->deny_gid = perms2str((is_array($arr['group_deny']))
            ? $arr['group_deny'] : explode(',', $arr['group_deny']));

        $this->explicit = $explicit;
    }

    /**
     * @brief Returns true if any access lists component is set.
     *
     * @return bool Return true if any of allow_* deny_* values is set.
     */
    public function is_private(): bool
    {
        return $this->allow_cid || $this->allow_gid || $this->deny_cid || $this->deny_gid;
    }
}
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00			`<?php`
Revert "move accesslist class to namespace" This reverts commit a9711895cf254a0ca34b1e3f7c8e75bb832e6973. 2016-02-20 08:49:37 +00:00
it's done 2022-02-16 04:08:28 +00:00			`namespace Code\Access;`
retry the move of AccessList to composer format (one or more third-party plugins will likely break as a result) 2016-02-22 00:49:49 +00:00
:white_check_mark::bulb: Add Unit Tests for AccessList class. Also some Doxygen docu for this class. 2017-04-25 21:33:44 +00:00			`/**`
accesscontrol rename 2019-02-15 00:01:40 +00:00			`* @brief AccessControl class which represents individual content ACLs.`
:white_check_mark::bulb: Add Unit Tests for AccessList class. Also some Doxygen docu for this class. 2017-04-25 21:33:44 +00:00			`*`
accesscontrol rename 2019-02-15 00:01:40 +00:00			`* A class to hold an AccessControl object with allowed and denied contacts and`
:white_check_mark::bulb: Add Unit Tests for AccessList class. Also some Doxygen docu for this class. 2017-04-25 21:33:44 +00:00			`* groups.`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`*`
it's done 2022-02-16 04:08:28 +00:00			`* After evaluating @ref ::Code::Access::PermissionLimits "PermissionLimits"`
			`* and @ref ::Code::Lib::Permcat "Permcat"s individual content ACLs are evaluated.`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* These answer the question "Can Joe view this album/photo?".`
:white_check_mark::bulb: Add Unit Tests for AccessList class. Also some Doxygen docu for this class. 2017-04-25 21:33:44 +00:00			`*/`
psr12 updates 2021-12-02 23:02:31 +00:00			`class AccessControl`
			`{`
			`/**`
			`* @brief Allow contacts`
			`* @var string`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`protected string $allow_cid;`
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Allow groups`
			`* @var string`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`protected string $allow_gid;`
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Deny contacts`
			`* @var string`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`protected string $deny_cid;`
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Deny groups`
			`* @var string`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`protected string $deny_gid;`
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Indicates if we are using the default constructor values or`
			`* values that have been set explicitly.`
			`* @var bool`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`protected bool $explicit;`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00

psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Constructor for AccessList class.`
			`*`
			`* @note The array to pass to the constructor is different from the array`
			`* that you provide to the set() or set_from_array() functions.`
			`*`
			`* @param array $channel A channel array, where these entries are evaluated:`
cleanup 2022-08-27 22:54:42 +00:00			`* * \e string \b channel_allow_cid => string of allowed xchan_hash`
			`* * \e string \b channel_allow_gid => string of allowed group_id`
			`* * \e string \b channel_deny_cid => string of denied xchan_hash`
			`* * \e string \b channel_deny_gid => string of denied group_id`
psr12 updates 2021-12-02 23:02:31 +00:00			`*/`
change constructor type to match current usage 2022-09-12 20:39:41 +00:00			`public function __construct(mixed $channel)`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
			`if ($channel) {`
			`$this->allow_cid = $channel['channel_allow_cid'];`
			`$this->allow_gid = $channel['channel_allow_gid'];`
			`$this->deny_cid = $channel['channel_deny_cid'];`
			`$this->deny_gid = $channel['channel_deny_gid'];`
			`} else {`
			`$this->allow_cid = '';`
			`$this->allow_gid = '';`
			`$this->deny_cid = '';`
			`$this->deny_gid = '';`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`$this->explicit = false;`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
cleanup 2022-09-04 22:39:58 +00:00			`* @brief Determine if we are using the default constructor values`
psr12 updates 2021-12-02 23:02:31 +00:00			`* or values that have been set explicitly.`
			`*`
			`* @return bool`
cleanup 2022-10-23 05:00:42 +00:00			`* @noinspection PhpUnused`
psr12 updates 2021-12-02 23:02:31 +00:00			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`public function get_explicit(): bool`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
			`return $this->explicit;`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Set access list from strings such as those in already`
			`* existing stored data items.`
			`*`
			`* @note The array to pass to this set function is different from the array`
			`* that you provide to the constructor or set_from_array().`
			`*`
			`* @param array $arr`
cleanup 2022-08-27 22:54:42 +00:00			`* * \e string \b allow_cid => string of allowed xchan_hash`
			`* * \e string \b allow_gid => string of allowed group_id`
			`* * \e string \b deny_cid => string of denied xchan_hash`
			`* * \e string \b deny_gid => string of denied group_id`
psr12 updates 2021-12-02 23:02:31 +00:00			`* @param bool $explicit (optional) default true`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`public function set(array $arr, bool $explicit = true): void`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
code\access\accesscontrol regression 2022-09-04 02:29:05 +00:00			`$this->allow_cid = (array_key_exists('allow_cid', $arr)) ? $arr['allow_cid'] : '';`
			`$this->allow_gid = (array_key_exists('allow_gid', $arr)) ? $arr['allow_gid'] : '';`
			`$this->deny_cid = (array_key_exists('deny_cid', $arr)) ? $arr['deny_cid'] : '';`
			`$this->deny_gid = (array_key_exists('deny_gid', $arr)) ? $arr['deny_gid'] : '';`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`$this->explicit = $explicit;`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Return an array consisting of the current access list components`
			`* where the elements are directly storable.`
			`*`
			`* @return array An associative array with:`
cleanup 2022-08-27 22:54:42 +00:00			`* * \e string \b allow_cid => string of allowed xchan_hash`
			`* * \e string \b allow_gid => string of allowed group_id`
			`* * \e string \b deny_cid => string of denied xchan_hash`
			`* * \e string \b deny_gid => string of denied group_id`
psr12 updates 2021-12-02 23:02:31 +00:00			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`public function get(): array`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
			`return [`
			`'allow_cid' => $this->allow_cid,`
			`'allow_gid' => $this->allow_gid,`
			`'deny_cid' => $this->deny_cid,`
			`'deny_gid' => $this->deny_gid,`
			`];`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Set access list components from arrays, such as those provided by`
			`* acl_selector().`
			`*`
			`* For convenience, a string (or non-array) input is assumed to be a`
			`* comma-separated list and auto-converted into an array.`
			`*`
			`* @note The array to pass to this set function is different from the array`
			`* that you provide to the constructor or set().`
			`*`
			`* @param array $arr An associative array with:`
cleanup 2022-08-27 22:54:42 +00:00			`* * \e array\|string \b contact_allow => array of xchan_hash or comma-seperated string`
			`* * \e array\|string \b group_allow => array of group_id or comma-seperated string`
			`* * \e array\|string \b contact_deny => array of xchan_hash or comma-seperated string`
			`* * \e array\|string \b group_deny => array of group_id or comma-seperated string`
psr12 updates 2021-12-02 23:02:31 +00:00			`* @param bool $explicit (optional) default true`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`public function set_from_array(array $arr, bool $explicit = true): void`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
			`$this->allow_cid = perms2str((is_array($arr['contact_allow']))`
			`? $arr['contact_allow'] : explode(',', $arr['contact_allow']));`
			`$this->allow_gid = perms2str((is_array($arr['group_allow']))`
			`? $arr['group_allow'] : explode(',', $arr['group_allow']));`
			`$this->deny_cid = perms2str((is_array($arr['contact_deny']))`
			`? $arr['contact_deny'] : explode(',', $arr['contact_deny']));`
			`$this->deny_gid = perms2str((is_array($arr['group_deny']))`
			`? $arr['group_deny'] : explode(',', $arr['group_deny']));`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`$this->explicit = $explicit;`
			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00
psr12 updates 2021-12-02 23:02:31 +00:00			`/**`
			`* @brief Returns true if any access lists component is set.`
			`*`
			`* @return bool Return true if any of allow_* deny_* values is set.`
			`*/`
cleanup 2022-08-27 22:54:42 +00:00			`public function is_private(): bool`
psr12 updates 2021-12-02 23:02:31 +00:00			`{`
cleanup 2022-08-15 10:33:19 +00:00			`return $this->allow_cid \|\| $this->allow_gid \|\| $this->deny_cid \|\| $this->deny_gid;`
psr12 updates 2021-12-02 23:02:31 +00:00			`}`
First attempt to turn access control into an object class. The access control manipulation is getting too complex and this will help keep it manageable and reduce a lot of code duplication. 2015-08-28 01:55:30 +00:00			`}`