"Fossies" - the Fresh Open Source Software Archive

Member "ampache-5.0.0/src/Module/Authorization/AccessListManager.php" (31 Aug 2021, 5277 Bytes) of package /linux/www/ampache-5.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "AccessListManager.php" see the Fossies "Dox" file reference documentation.

    1 <?php
    2 /*
    3  * vim:set softtabstop=4 shiftwidth=4 expandtab:
    4  *
    5  * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
    6  * Copyright 2001 - 2020 Ampache.org
    7  *
    8  * This program is free software: you can redistribute it and/or modify
    9  * it under the terms of the GNU Affero General Public License as published by
   10  * the Free Software Foundation, either version 3 of the License, or
   11  * (at your option) any later version.
   12  *
   13  * This program is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  * GNU Affero General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU Affero General Public License
   19  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
   20  *
   21  */
   22 
   23 declare(strict_types=1);
   24 
   25 namespace Ampache\Module\Authorization;
   26 
   27 use Ampache\Module\Authorization\Exception\AclItemDuplicationException;
   28 use Ampache\Module\Authorization\Exception\InvalidEndIpException;
   29 use Ampache\Module\Authorization\Exception\InvalidIpRangeException;
   30 use Ampache\Module\Authorization\Exception\InvalidStartIpException;
   31 use Ampache\Repository\AccessRepositoryInterface;
   32 
   33 /**
   34  * Manages the creation and update of acl items
   35  */
   36 final class AccessListManager implements AccessListManagerInterface
   37 {
   38     private AccessRepositoryInterface $accessRepository;
   39 
   40     public function __construct(
   41         AccessRepositoryInterface $accessRepository
   42     ) {
   43         $this->accessRepository = $accessRepository;
   44     }
   45 
   46     /**
   47      * Updates an existing acl item
   48      *
   49      * @throws InvalidEndIpException
   50      * @throws InvalidIpRangeException
   51      * @throws InvalidStartIpException
   52      */
   53     public function update(
   54         int $accessId,
   55         string $startIp,
   56         string $endIp,
   57         string $name,
   58         int $userId,
   59         int $level,
   60         string $type
   61     ): void {
   62         $startIp = @inet_pton($startIp);
   63         $endIp   = @inet_pton($endIp);
   64 
   65         $this->verifyRange($startIp, $endIp);
   66 
   67         $this->accessRepository->update(
   68             $accessId,
   69             $startIp,
   70             $endIp,
   71             $name,
   72             $userId,
   73             $level,
   74             in_array($type, AccessLevelEnum::CONFIGURABLE_TYPE_LIST) ? $type : AccessLevelEnum::TYPE_STREAM
   75         );
   76     }
   77 
   78     /**
   79      * Creates a new acl item
   80      * Also creates further items on special type configs
   81      *
   82      * @throws AclItemDuplicationException
   83      * @throws InvalidEndIpException
   84      * @throws InvalidIpRangeException
   85      * @throws InvalidStartIpException
   86      */
   87     public function create(
   88         string $startIp,
   89         string $endIp,
   90         string $name,
   91         int $userId,
   92         int $level,
   93         string $type,
   94         string $additionalType
   95     ): void {
   96         $startIp = @inet_pton($startIp);
   97         $endIp   = @inet_pton($endIp);
   98         $type    = in_array($type, AccessLevelEnum::CONFIGURABLE_TYPE_LIST) ? $type : AccessLevelEnum::TYPE_STREAM;
   99 
  100         $this->verifyRange($startIp, $endIp);
  101 
  102         // Check existing ACLs to make sure we're not duplicating values here
  103         if ($this->accessRepository->exists($startIp, $endIp, $type, $userId) === true) {
  104             throw new AclItemDuplicationException();
  105         } else {
  106             $this->accessRepository->create(
  107                 $startIp,
  108                 $endIp,
  109                 $name,
  110                 $userId,
  111                 $level,
  112                 $type
  113             );
  114 
  115             // Create Additional stuff based on the type
  116             if (in_array($additionalType, ['stream', 'all'])) {
  117                 if ($this->accessRepository->exists($startIp, $endIp, AccessLevelEnum::TYPE_STREAM, $userId) === false) {
  118                     $this->accessRepository->create(
  119                         $startIp,
  120                         $endIp,
  121                         $name,
  122                         $userId,
  123                         $level,
  124                         AccessLevelEnum::TYPE_STREAM
  125                     );
  126                 }
  127             }
  128             if ($additionalType === 'all') {
  129                 if ($this->accessRepository->exists($startIp, $endIp, AccessLevelEnum::TYPE_INTERFACE, $userId) === false) {
  130                     $this->accessRepository->create(
  131                         $startIp,
  132                         $endIp,
  133                         $name,
  134                         $userId,
  135                         $level,
  136                         AccessLevelEnum::TYPE_INTERFACE
  137                     );
  138                 }
  139             }
  140         }
  141     }
  142 
  143     /**
  144      * Verifies the entered ip addresses
  145      *
  146      * @param string|bool $startIp
  147      * @param string|bool $endIp
  148      *
  149      * @throws InvalidEndIpException
  150      * @throws InvalidIpRangeException
  151      * @throws InvalidStartIpException
  152      */
  153     private function verifyRange($startIp, $endIp): void
  154     {
  155         if (!$startIp && $startIp != '0.0.0.0' && $startIp != '::') {
  156             throw new InvalidStartIpException();
  157         }
  158         if (!$endIp) {
  159             throw new InvalidEndIpException();
  160         }
  161 
  162         if (strlen(bin2hex($startIp)) != strlen(bin2hex($endIp))) {
  163             throw new InvalidIpRangeException();
  164         }
  165     }
  166 }