User.php

Go to the documentation of this file.

<?php

namespace Rsi\Fred;

class User extends Component{

  const RIGHT_LEVEL_READ = 'r';
  const RIGHT_LEVEL_WRITE = 'w';
  const RIGHT_LEVEL_EXECUTE = 'x';
  const RIGHT_LEVEL_SEPARATOR = ':'; //!< Separator between right and level in a single string notation.

  const EVENT_RIGHT_LEVEL = 'user:rightLevel';
  const EVENT_INVALIDATE = 'user:invalidate';
  const EVENT_NAME = 'user:name';
  const EVENT_RECORD = 'user:record';
  const EVENT_ID = 'user:id';
  const EVENT_SET = 'user:set';

  public $authorative = true;
  public $authenticationControllerName = null; //!< Set if the user has to provide more information for authentication.
  public $filesClassName = __CLASS__ . '\\Files'; //!< Class name for the file manager.

  protected $_id = null;
  protected $_authenticators = null; //!< Available authentication checks.
  protected $_record = null; //!< User data.
  protected $_files = null;

  /**
   * Check if a user is authenticated.
   * @param array $auth_sets  Possible sets of authentication checks (array of arrays).
   * @return bool  Null if the user has to provide some more information. The $authenticationControllerName can be used for
   *   this purpose.
   */
  public function authenticated($auth_sets){
    $this->authenticationControllerName = null;
    if(!$auth_sets) return true;
    $best = null;
    foreach($auth_sets as $set){
      $missing = 0;
      $controller_name = null;
      foreach($set as $name){
        $authenticated = $this->authenticators[$name]->authenticated;
        if($authenticated === false){ //not possible with this set
          $this->component('log')->debug('Negative authentication for ' . $name,__FILE__,__LINE__);
          continue 2;
        }
        elseif(!$authenticated){
          $missing++;
          if(!$controller_name) $controller_name = $this->authenticators[$name]->controllerName;
        }
      }
      if(!$missing) return true;
      if(!$best || ($missing < $best)){
        $best = $missing;
        $this->authenticationControllerName = $controller_name;
      }
    }
    return $best ? null : false;
  }
  /**
   * Get the current user's right level.
   * @param string $right  Right to check
   * @return string  Level
   */
  public function level($right){
    return $this->component('event')->trigger(self::EVENT_RIGHT_LEVEL,$this,$right);
  }
  /**
   * Check if the authenticated user has a certain right.
   * @param string $right  Right to check, optionally completed with the minimal level the user must have.
   * @param string $level  Different level (overrules optional level in the right).
   * @return bool
   */
  public function authorized($right,$level = null){
    if(!$level) $level = \Rsi\Str::part($right,self::RIGHT_LEVEL_SEPARATOR,1) ?: self::RIGHT_LEVEL_READ;
    $right = \Rsi\Str::part($right,self::RIGHT_LEVEL_SEPARATOR);
    return $right ? $this->level($right) >= $level : true; //no right = always OK
  }
  /**
   * Invalidate the current user.
   */
  public function invalidate(){
    if($this->id){
      $this->component('event')->trigger(self::EVENT_INVALIDATE,$this);
      foreach($this->authenticators as $authenticator) $authenticator->invalidate();
      $this->_id = $this->_record = null;
      if($this->authorative) $this->session->id = null;
    }
  }
  /**
   * Returns a user friendly name for an user ID.
   * @param mixed $id  User ID.
   * @return string
   */
  public function name($id){
    return $this->component('event')->trigger(self::EVENT_NAME,$this,$id);
  }
  /**
   * Get the record (data) for a user.
   * @param mixed $id  User ID.
   * @return array  Assoc.array (false when not found).
   */
  public function record($id){
    return $this->component('event')->trigger(self::EVENT_RECORD,$this,$id);
  }
  /**
   * Translate a user code (external ID) to a user ID (internal ID).
   * @param string $code  User code.
   * @return string  User ID.
   */
  public function id($code){
    return $this->component('event')->trigger(self::EVENT_ID,$this,$code);
  }

  protected function getAuthenticators(){
    if($this->_authenticators === null){
      $this->_authenticators = [];
      foreach($this->config('authenticators',[]) as $name => $config){
        $class_name = \Rsi\Record::get($config,'className',__CLASS__ . '\\Authenticator\\' . ucfirst($name));
        $this->_authenticators[$name] = new $class_name($this->_fred,$config);
      }
    }
    return $this->_authenticators;
  }

  protected function setId($value){
    if($value != $this->id){
      $this->invalidate();
      $this->_id = $value;
      if($this->authorative) $this->session->id = $value;
    }
  }

  protected function getId(){
    return $this->authorative ? $this->session->id : $this->_id;
  }

  protected function getRecord(){
    if($this->_record === null) $this->_record = $this->record($this->id);
    return $this->_record;
  }

  protected function getFiles(){
    if(!$this->_files){
      $class_name = $this->filesClassName;
      $this->_files = new $class_name($this->_fred,$this->config('files',[]) + ['user' => $this]);
    }
    return $this->_files;
  }

  protected function _get($key){
    return \Rsi\Record::get($this->record,$key);
  }

  protected function _set($key,$value){
    $this->component('event')->trigger(self::EVENT_SET,$this,$key,$value);
  }

  public function __clone(){
    $this->authorative = false;
    $this->_authenticators = null;
  }

}