Skip to content

Commit

Permalink
pkp#5504 Optimize/clean up UserRolesRequiredPolicy
Browse files Browse the repository at this point in the history
  • Loading branch information
asmecher committed Sep 13, 2024
1 parent fea2ea1 commit 983c9ff
Showing 1 changed file with 9 additions and 42 deletions.
51 changes: 9 additions & 42 deletions classes/security/authorization/UserRolesRequiredPolicy.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,7 @@

use APP\core\Application;
use APP\core\Request;
use PKP\db\DAORegistry;
use PKP\security\Role;
use PKP\security\RoleDAO;
use APP\facades\Repo;

class UserRolesRequiredPolicy extends AuthorizationPolicy
{
Expand Down Expand Up @@ -50,51 +48,20 @@ public function effect()
$request = $this->_request;
$user = $request->getUser();

if (!$user instanceof \PKP\user\User) {
if (!$user) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}

// Get all user roles.
$roleDao = DAORegistry::getDAO('RoleDAO'); /** @var RoleDAO $roleDao */
$userRoles = $roleDao->getByUserIdGroupedByContext($user->getId());

$context = $request->getRouter()->getContext($request);
$roleContext = $context?->getId() ?? Application::SITE_CONTEXT_ID;

$contextRoles = $this->_getContextRoles($roleContext, $userRoles);
$userGroups = Repo::userGroup()->getCollector()
->filterByUserIds([$user->getId()])
->filterByContextIds($context ? [$context->getId(), Application::SITE_CONTEXT_ID] : [Application::SITE_CONTEXT_ID])
->getMany()->toArray();

$this->addAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES, $contextRoles);
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
$roleIds = array_map(fn ($userGroup) => $userGroup->getRoleId(), $userGroups);
$this->addAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES, $roleIds);

/**
* Get the current context roles from all user roles.
*
* @param array<int,Role[]> $userRoles List of roles grouped by contextId
*/
protected function _getContextRoles(?int $contextId, array $userRoles): array
{
// Adapt the role context based on the passed role id.
$contextRoles = [];

// Check if user has site level or manager roles.
if (array_key_exists((int) Application::SITE_CONTEXT_ID, $userRoles) &&
array_key_exists(Role::ROLE_ID_SITE_ADMIN, $userRoles[(int) Application::SITE_CONTEXT_ID])) {
// site level role
$contextRoles[] = Role::ROLE_ID_SITE_ADMIN;
}

// Get the user roles related to the passed context.
if ($contextId !== Application::SITE_CONTEXT_ID && isset($userRoles[$contextId])) {
// Filter the user roles to the found context id.
return array_merge(
$contextRoles,
array_map(fn ($role) => $role->getRoleId(), $userRoles[$contextId])
);
} else {
// Context id not present in user roles array.
return $contextRoles;
}
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
}

Expand Down

0 comments on commit 983c9ff

Please sign in to comment.