Bristol SU Support Package
CheckAdditionalCredentialsOwnedByUser.php
Go to the documentation of this file.
1 <?php
2 
3 namespace BristolSU\Support\Authorization\Middleware;
4 
5 use BristolSU\ControlDB\Contracts\Models\Group;
6 use BristolSU\ControlDB\Contracts\Models\Role;
7 use BristolSU\ControlDB\Contracts\Models\User;
8 use BristolSU\Support\Authentication\Contracts\Authentication;
9 use BristolSU\Support\Authorization\Exception\IncorrectLogin;
10 use Illuminate\Http\Request;
11 
12 class CheckAdditionalCredentialsOwnedByUser
13 {
14 
18  private $authentication;
19 
20  public function __construct(Authentication $authentication)
21  {
22  $this->authentication = $authentication;
23  }
24 
33  public function handle(Request $request, \Closure $next)
34  {
35  if($user = $this->authentication->getUser()) {
36  if($role = $this->authentication->getRole()) {
37  $this->checkUserIsInRole($user, $role);
38  $group = $this->checkGroupIsLoggedIn();
39  $this->checkGroupBelongsToRole($group, $role);
40  } elseif($group = $this->authentication->getGroup()) {
41  $this->checkUserHasMembershipToGroup($user, $group);
42  }
43  }
44 
45  return $next($request);
46  }
47 
55  private function checkUserIsInRole(User $user, Role $role): void
56  {
57  if(!in_array($role->id(), $user->roles()->map(function(Role $role) {
58  return $role->id();
59  })->toArray())) {
60  throw new IncorrectLogin('The user must own the current role');
61  }
62  }
63 
71  private function checkGroupBelongsToRole(Group $group, Role $role): void
72  {
73  if($group->id() !== $role->groupId()) {
74  throw new IncorrectLogin('The group must belong to the current role');
75  }
76  }
77 
85  private function checkUserHasMembershipToGroup(User $user, Group $group): void
86  {
87  if(!in_array($group->id(), $user->groups()->map(function(Group $group) {
88  return $group->id();
89  })->toArray())) {
90  throw new IncorrectLogin('The user must have a membership to the group');
91  }
92  }
93 
99  private function checkGroupIsLoggedIn(): Group
100  {
101  if($group = $this->authentication->getGroup()) {
102  return $group;
103  }
104  throw new IncorrectLogin('The group must belong to the current role');
105  }
106 
107 }
Generated by   doxygen 1.8.13