1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (https://nette.org)
  5:  * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
  6:  */
  7: 
  8: namespace Nette\Security;
  9: 
 10: use Nette;
 11: 
 12: 
 13: /**
 14:  * User authentication and authorization.
 15:  *
 16:  * @property-read bool $loggedIn
 17:  * @property-read IIdentity $identity
 18:  * @property-read mixed $id
 19:  * @property-read array $roles
 20:  * @property-read int $logoutReason
 21:  * @property   IAuthenticator $authenticator
 22:  * @property   IAuthorizator $authorizator
 23:  */
 24: class User extends Nette\Object
 25: {
 26:     /** @deprecated */
 27:     const MANUAL = IUserStorage::MANUAL,
 28:         INACTIVITY = IUserStorage::INACTIVITY,
 29:         BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED;
 30: 
 31:     /** @var string  default role for unauthenticated user */
 32:     public $guestRole = 'guest';
 33: 
 34:     /** @var string  default role for authenticated user without own identity */
 35:     public $authenticatedRole = 'authenticated';
 36: 
 37:     /** @var callable[]  function (User $sender); Occurs when the user is successfully logged in */
 38:     public $onLoggedIn;
 39: 
 40:     /** @var callable[]  function (User $sender); Occurs when the user is logged out */
 41:     public $onLoggedOut;
 42: 
 43:     /** @var IUserStorage Session storage for current user */
 44:     private $storage;
 45: 
 46:     /** @var IAuthenticator */
 47:     private $authenticator;
 48: 
 49:     /** @var IAuthorizator */
 50:     private $authorizator;
 51: 
 52: 
 53:     public function __construct(IUserStorage $storage, IAuthenticator $authenticator = NULL, IAuthorizator $authorizator = NULL)
 54:     {
 55:         $this->storage = $storage;
 56:         $this->authenticator = $authenticator;
 57:         $this->authorizator = $authorizator;
 58:     }
 59: 
 60: 
 61:     /**
 62:      * @return IUserStorage
 63:      */
 64:     public function getStorage()
 65:     {
 66:         return $this->storage;
 67:     }
 68: 
 69: 
 70:     /********************* Authentication ****************d*g**/
 71: 
 72: 
 73:     /**
 74:      * Conducts the authentication process. Parameters are optional.
 75:      * @param  mixed optional parameter (e.g. username or IIdentity)
 76:      * @param  mixed optional parameter (e.g. password)
 77:      * @return void
 78:      * @throws AuthenticationException if authentication was not successful
 79:      */
 80:     public function login($id = NULL, $password = NULL)
 81:     {
 82:         $this->logout(TRUE);
 83:         if (!$id instanceof IIdentity) {
 84:             $id = $this->getAuthenticator()->authenticate(func_get_args());
 85:         }
 86:         $this->storage->setIdentity($id);
 87:         $this->storage->setAuthenticated(TRUE);
 88:         $this->onLoggedIn($this);
 89:     }
 90: 
 91: 
 92:     /**
 93:      * Logs out the user from the current session.
 94:      * @param  bool  clear the identity from persistent storage?
 95:      * @return void
 96:      */
 97:     public function logout($clearIdentity = FALSE)
 98:     {
 99:         if ($this->isLoggedIn()) {
100:             $this->onLoggedOut($this);
101:             $this->storage->setAuthenticated(FALSE);
102:         }
103:         if ($clearIdentity) {
104:             $this->storage->setIdentity(NULL);
105:         }
106:     }
107: 
108: 
109:     /**
110:      * Is this user authenticated?
111:      * @return bool
112:      */
113:     public function isLoggedIn()
114:     {
115:         return $this->storage->isAuthenticated();
116:     }
117: 
118: 
119:     /**
120:      * Returns current user identity, if any.
121:      * @return IIdentity|NULL
122:      */
123:     public function getIdentity()
124:     {
125:         return $this->storage->getIdentity();
126:     }
127: 
128: 
129:     /**
130:      * Returns current user ID, if any.
131:      * @return mixed
132:      */
133:     public function getId()
134:     {
135:         $identity = $this->getIdentity();
136:         return $identity ? $identity->getId() : NULL;
137:     }
138: 
139: 
140:     /**
141:      * Sets authentication handler.
142:      * @return self
143:      */
144:     public function setAuthenticator(IAuthenticator $handler)
145:     {
146:         $this->authenticator = $handler;
147:         return $this;
148:     }
149: 
150: 
151:     /**
152:      * Returns authentication handler.
153:      * @return IAuthenticator
154:      */
155:     public function getAuthenticator($need = TRUE)
156:     {
157:         if ($need && !$this->authenticator) {
158:             throw new Nette\InvalidStateException('Authenticator has not been set.');
159:         }
160:         return $this->authenticator;
161:     }
162: 
163: 
164:     /**
165:      * Enables log out after inactivity.
166:      * @param  string|int|\DateTime number of seconds or timestamp
167:      * @param  bool  log out when the browser is closed?
168:      * @param  bool  clear the identity from persistent storage?
169:      * @return self
170:      */
171:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
172:     {
173:         $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
174:         $this->storage->setExpiration($time, $flags);
175:         return $this;
176:     }
177: 
178: 
179:     /**
180:      * Why was user logged out?
181:      * @return int
182:      */
183:     public function getLogoutReason()
184:     {
185:         return $this->storage->getLogoutReason();
186:     }
187: 
188: 
189:     /********************* Authorization ****************d*g**/
190: 
191: 
192:     /**
193:      * Returns a list of effective roles that a user has been granted.
194:      * @return array
195:      */
196:     public function getRoles()
197:     {
198:         if (!$this->isLoggedIn()) {
199:             return array($this->guestRole);
200:         }
201: 
202:         $identity = $this->getIdentity();
203:         return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole);
204:     }
205: 
206: 
207:     /**
208:      * Is a user in the specified effective role?
209:      * @param  string
210:      * @return bool
211:      */
212:     public function isInRole($role)
213:     {
214:         return in_array($role, $this->getRoles(), TRUE);
215:     }
216: 
217: 
218:     /**
219:      * Has a user effective access to the Resource?
220:      * If $resource is NULL, then the query applies to all resources.
221:      * @param  string  resource
222:      * @param  string  privilege
223:      * @return bool
224:      */
225:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
226:     {
227:         foreach ($this->getRoles() as $role) {
228:             if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) {
229:                 return TRUE;
230:             }
231:         }
232: 
233:         return FALSE;
234:     }
235: 
236: 
237:     /**
238:      * Sets authorization handler.
239:      * @return self
240:      */
241:     public function setAuthorizator(IAuthorizator $handler)
242:     {
243:         $this->authorizator = $handler;
244:         return $this;
245:     }
246: 
247: 
248:     /**
249:      * Returns current authorization handler.
250:      * @return IAuthorizator
251:      */
252:     public function getAuthorizator($need = TRUE)
253:     {
254:         if ($need && !$this->authorizator) {
255:             throw new Nette\InvalidStateException('Authorizator has not been set.');
256:         }
257:         return $this->authorizator;
258:     }
259: 
260: }
261: