117 lines
3.4 KiB
PHP
117 lines
3.4 KiB
PHP
<?php
|
|
/**
|
|
* Copyright 2026, Dreytac <dreytac@hobbyhome.net>
|
|
*
|
|
* This file is part of Kirby Permissions.
|
|
*
|
|
* Kirby Permissions is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License version 3 as published by the Free Software Foundation.
|
|
*
|
|
* Kirby Permissions is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with Kirby Permissions. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
Kirby::plugin(
|
|
name: "hobbyhome/permissions",
|
|
extends: [
|
|
"options" => [
|
|
"excludeAdmin" => true,
|
|
"inherit" => true,
|
|
],
|
|
"blueprints" => [
|
|
"fields/permission-user" => __DIR__ . "/blueprints/fields/permission-user.yml",
|
|
"fields/permission-access" => __DIR__ . "/blueprints/fields/permission-access.yml",
|
|
],
|
|
"hooks" => [
|
|
"page.render:before" => function ($contentType, $data, $page) {
|
|
if (!$page->hasPerm()) {
|
|
go(site()->errorPage(), 403);
|
|
}
|
|
|
|
return $data;
|
|
},
|
|
"permissions.page:check" => function ($permission, $page, $field = "permissionAccess", $inherit = null) {
|
|
$permission = hasPerm($page, $field);
|
|
|
|
if ($permission) {
|
|
if (is_null($inherit)) {
|
|
$inherit = option("hobbyhome.permissions.inherit");
|
|
}
|
|
|
|
if ($inherit) {
|
|
// We're inheriting permissions.
|
|
// Ensure user has access to parent pages.
|
|
foreach ($page->parents() as $parent) {
|
|
if (!hasPerm($parent, $field)) {
|
|
$permission = false;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return $permission;
|
|
}
|
|
],
|
|
"pageMethods" => [
|
|
"hasPerm" => function ($field = "permissionAccess", $inherit = null) {
|
|
$permission = false;
|
|
|
|
return kirby()->apply("permissions.page:check", ["permission" => $permission, "page" => $this, "field" => $field, "inherit" => $inherit], "permission");
|
|
},
|
|
],
|
|
"siteMethods" => [
|
|
"getPermissionTags" => function() {
|
|
$userPermissions = kirby()->users()->pluck("permissionUser", ",", true);
|
|
$accessPermissions = $this->index(true)->pluck("permissionAccess", ",", true);
|
|
|
|
$availablePermissions = A::merge($userPermissions, $accessPermissions);
|
|
|
|
return $availablePermissions;
|
|
},
|
|
],
|
|
],
|
|
info: [
|
|
"authors" => [[
|
|
"name" => "Dreytac",
|
|
"email" => "dreytac@hobbyhome.net",
|
|
"homepage" => "https://hobbyhome.net",
|
|
]],
|
|
"license" => "AGPL-3.0-only",
|
|
"version" => "0.0.0",
|
|
],
|
|
);
|
|
|
|
/**
|
|
* Check if a user has the permission set on $object->$field().
|
|
*/
|
|
function hasPerm($object, $field = "permissionAccess") {
|
|
$hasPerm = false;
|
|
|
|
if ($object->$field()->isEmpty()) {
|
|
// Permission is not restricted.
|
|
$hasPerm = true;
|
|
} elseif ($user = kirby()->user()) {
|
|
if (option("hobbyhome.permissions.excludeAdmin") and $user->role()->isAdmin()) {
|
|
// User is an admin and excluded from permission checks.
|
|
$hasPerm = true;
|
|
} else {
|
|
// Get user permissions.
|
|
$userPermissions = $user->permissionUser()->split();
|
|
|
|
// Get object permissions.
|
|
$objectPermissions = $object->$field()->split();
|
|
|
|
// Check if at least one object permission is in the list of user permissions.
|
|
foreach ($objectPermissions as $permission) {
|
|
if (A::has($userPermissions, $permission, true)) {
|
|
$hasPerm = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return $hasPerm;
|
|
}
|