542 lines
17 KiB
PHP
542 lines
17 KiB
PHP
<?php
|
|
|
|
namespace ManiaControl\Admin;
|
|
|
|
use ManiaControl\Callbacks\CallbackListener;
|
|
use ManiaControl\Callbacks\Callbacks;
|
|
use ManiaControl\Callbacks\EchoListener;
|
|
use ManiaControl\Communication\CommunicationAnswer;
|
|
use ManiaControl\Communication\CommunicationListener;
|
|
use ManiaControl\Communication\CommunicationMethods;
|
|
use ManiaControl\General\UsageInformationAble;
|
|
use ManiaControl\General\UsageInformationTrait;
|
|
use ManiaControl\Logger;
|
|
use ManiaControl\ManiaControl;
|
|
use ManiaControl\Players\Player;
|
|
use ManiaControl\Players\PlayerManager;
|
|
use ManiaControl\Plugins\Plugin;
|
|
use ManiaControl\Settings\Setting;
|
|
|
|
/**
|
|
* Class managing Authentication Levels
|
|
*
|
|
* @api
|
|
* @author ManiaControl Team <mail@maniacontrol.com>
|
|
* @copyright 2014-2020 ManiaControl Team
|
|
* @license http://www.gnu.org/licenses/ GNU General Public License, Version 3
|
|
*/
|
|
class AuthenticationManager implements CallbackListener, EchoListener, CommunicationListener, UsageInformationAble {
|
|
use UsageInformationTrait;
|
|
|
|
/*
|
|
* Constants
|
|
*/
|
|
const AUTH_LEVEL_PLAYER = 0;
|
|
const AUTH_LEVEL_MODERATOR = 1;
|
|
const AUTH_LEVEL_ADMIN = 2;
|
|
const AUTH_LEVEL_SUPERADMIN = 3;
|
|
const AUTH_LEVEL_MASTERADMIN = 4;
|
|
const AUTH_NAME_PLAYER = 'Player';
|
|
const AUTH_NAME_MODERATOR = 'Moderator';
|
|
const AUTH_NAME_ADMIN = 'Admin';
|
|
const AUTH_NAME_SUPERADMIN = 'SuperAdmin';
|
|
const AUTH_NAME_MASTERADMIN = 'MasterAdmin';
|
|
const CB_AUTH_LEVEL_CHANGED = 'AuthenticationManager.AuthLevelChanged';
|
|
|
|
const ECHO_GRANT_LEVEL = 'ManiaControl.AuthenticationManager.GrandLevel';
|
|
const ECHO_REVOKE_LEVEL = 'ManiaControl.AuthenticationManager.RevokeLevel';
|
|
/*
|
|
* Private properties
|
|
*/
|
|
/** @var ManiaControl $maniaControl */
|
|
private $maniaControl = null;
|
|
/** @var AuthCommands $authCommands */
|
|
private $authCommands = null;
|
|
|
|
/**
|
|
* Construct a new Authentication Manager instance
|
|
*
|
|
* @param ManiaControl $maniaControl
|
|
*/
|
|
public function __construct(ManiaControl $maniaControl) {
|
|
$this->maniaControl = $maniaControl;
|
|
$this->authCommands = new AuthCommands($maniaControl);
|
|
|
|
// Callbacks
|
|
$this->maniaControl->getCallbackManager()->registerCallbackListener(Callbacks::ONINIT, $this, 'handleOnInit');
|
|
|
|
// Echo Grant Level Command (Usage: sendEcho json_encode("player" => "loginName", "level" => "AUTH_LEVEL_NUMBER")
|
|
$this->maniaControl->getEchoManager()->registerEchoListener(self::ECHO_GRANT_LEVEL, $this, function ($params) {
|
|
if (property_exists($params, 'level') && property_exists($params, 'player')) {
|
|
$player = $this->maniaControl->getPlayerManager()->getPlayer($params->player);
|
|
if ($player) {
|
|
$this->grantAuthLevel($player, $params->level);
|
|
}
|
|
}
|
|
});
|
|
|
|
// Echo Revoke Level Command (Usage: sendEcho json_encode("player" => "loginName")
|
|
$this->maniaControl->getEchoManager()->registerEchoListener(self::ECHO_REVOKE_LEVEL, $this, function ($params) {
|
|
if (property_exists($params, 'player')) {
|
|
$player = $this->maniaControl->getPlayerManager()->getPlayer($params->player);
|
|
if ($player) {
|
|
$this->maniaControl->getAuthenticationManager()->grantAuthLevel($player, self::AUTH_LEVEL_PLAYER);
|
|
}
|
|
}
|
|
});
|
|
|
|
|
|
//Communication Listenings
|
|
$this->maniaControl->getCommunicationManager()->registerCommunicationListener(CommunicationMethods::GRANT_AUTH_LEVEL, $this, function ($data) {
|
|
if (!is_object($data) || !property_exists($data, 'level') || !property_exists($data, 'login')) {
|
|
return new CommunicationAnswer("No valid level or player login provided!", true);
|
|
}
|
|
|
|
$player = $this->maniaControl->getPlayerManager()->getPlayer($data->login);
|
|
if ($player) {
|
|
$success = $this->grantAuthLevel($player, $data->level);
|
|
return new CommunicationAnswer(array("success" => $success));
|
|
} else {
|
|
return new CommunicationAnswer("Player not found!", true);
|
|
}
|
|
});
|
|
|
|
$this->maniaControl->getCommunicationManager()->registerCommunicationListener(CommunicationMethods::REVOKE_AUTH_LEVEL, $this, function ($data) {
|
|
if (!is_object($data) || !property_exists($data, 'login')) {
|
|
return new CommunicationAnswer("No valid player login provided!", true);
|
|
}
|
|
|
|
$player = $this->maniaControl->getPlayerManager()->getPlayer($data->login);
|
|
if ($player) {
|
|
$success = $this->maniaControl->getAuthenticationManager()->grantAuthLevel($player, self::AUTH_LEVEL_PLAYER);
|
|
return new CommunicationAnswer(array("success" => $success));
|
|
} else {
|
|
return new CommunicationAnswer("Player not found!", true);
|
|
}
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Get Name of the Authentication Level from Level Int
|
|
*
|
|
* @api
|
|
* @param mixed $authLevelInt
|
|
* @return string
|
|
*/
|
|
public static function getAuthLevelName($authLevelInt) {
|
|
$authLevelInt = self::getAuthLevelInt($authLevelInt);
|
|
switch ($authLevelInt) {
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return self::AUTH_NAME_MASTERADMIN;
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return self::AUTH_NAME_SUPERADMIN;
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
return self::AUTH_NAME_ADMIN;
|
|
case self::AUTH_LEVEL_MODERATOR:
|
|
return self::AUTH_NAME_MODERATOR;
|
|
case self::AUTH_LEVEL_PLAYER:
|
|
return self::AUTH_NAME_PLAYER;
|
|
}
|
|
return '-';
|
|
}
|
|
|
|
/**
|
|
* Get the Authentication Level Int from the given Param
|
|
*
|
|
* @api
|
|
* @param mixed $authLevelParam
|
|
* @return int
|
|
*/
|
|
public static function getAuthLevelInt($authLevelParam) {
|
|
if (is_object($authLevelParam) && property_exists($authLevelParam, 'authLevel')) {
|
|
return (int) $authLevelParam->authLevel;
|
|
}
|
|
if (is_string($authLevelParam)) {
|
|
return self::getAuthLevel($authLevelParam);
|
|
}
|
|
return (int) $authLevelParam;
|
|
}
|
|
|
|
/**
|
|
* Get Authentication Level Int from Level Name
|
|
*
|
|
* @api
|
|
* @param string $authLevelName
|
|
* @return int
|
|
*/
|
|
public static function getAuthLevel($authLevelName) {
|
|
$authLevelName = (string) $authLevelName;
|
|
switch ($authLevelName) {
|
|
case self::AUTH_NAME_MASTERADMIN:
|
|
return self::AUTH_LEVEL_MASTERADMIN;
|
|
case self::AUTH_NAME_SUPERADMIN:
|
|
return self::AUTH_LEVEL_SUPERADMIN;
|
|
case self::AUTH_NAME_ADMIN:
|
|
return self::AUTH_LEVEL_ADMIN;
|
|
case self::AUTH_NAME_MODERATOR:
|
|
return self::AUTH_LEVEL_MODERATOR;
|
|
case self::AUTH_NAME_PLAYER:
|
|
return self::AUTH_LEVEL_PLAYER;
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* Get the Abbreviation of the Authentication Level from Level Int
|
|
*
|
|
* @api
|
|
* @param mixed $authLevelInt
|
|
* @return string
|
|
*/
|
|
public static function getAuthLevelAbbreviation($authLevelInt) {
|
|
$authLevelInt = self::getAuthLevelInt($authLevelInt);
|
|
switch ($authLevelInt) {
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return 'MA';
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return 'SA';
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
return 'AD';
|
|
case self::AUTH_LEVEL_MODERATOR:
|
|
return 'MOD';
|
|
}
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Handle ManiaControl OnInit Callback
|
|
*
|
|
* @internal
|
|
*/
|
|
public function handleOnInit() {
|
|
$this->updateMasterAdmins();
|
|
}
|
|
|
|
/**
|
|
* Update MasterAdmins based on Config
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function updateMasterAdmins() {
|
|
$masterAdminsElements = $this->maniaControl->getConfig()->xpath('masteradmins');
|
|
if (!$masterAdminsElements) {
|
|
Logger::logError('Missing MasterAdmins configuration!');
|
|
return false;
|
|
}
|
|
$masterAdminsElement = $masterAdminsElements[0];
|
|
|
|
$mysqli = $this->maniaControl->getDatabase()->getMysqli();
|
|
|
|
// Remove all MasterAdmins
|
|
$adminQuery = "UPDATE `" . PlayerManager::TABLE_PLAYERS . "`
|
|
SET `authLevel` = ?
|
|
WHERE `authLevel` = ?;";
|
|
$adminStatement = $mysqli->prepare($adminQuery);
|
|
if ($mysqli->error) {
|
|
trigger_error($mysqli->error, E_USER_ERROR);
|
|
return false;
|
|
}
|
|
$adminLevel = self::AUTH_LEVEL_SUPERADMIN;
|
|
$masterAdminLevel = self::AUTH_LEVEL_MASTERADMIN;
|
|
$adminStatement->bind_param('ii', $adminLevel, $masterAdminLevel);
|
|
$adminStatement->execute();
|
|
if ($adminStatement->error) {
|
|
trigger_error($adminStatement->error);
|
|
}
|
|
$adminStatement->close();
|
|
|
|
// Set configured MasterAdmins
|
|
$loginElements = $masterAdminsElement->xpath('login');
|
|
$adminQuery = "INSERT INTO `" . PlayerManager::TABLE_PLAYERS . "` (
|
|
`login`,
|
|
`authLevel`
|
|
) VALUES (
|
|
?, ?
|
|
) ON DUPLICATE KEY UPDATE
|
|
`authLevel` = VALUES(`authLevel`);";
|
|
$adminStatement = $mysqli->prepare($adminQuery);
|
|
if ($mysqli->error) {
|
|
trigger_error($mysqli->error, E_USER_ERROR);
|
|
return false;
|
|
}
|
|
$success = true;
|
|
foreach ($loginElements as $loginElement) {
|
|
$login = (string) $loginElement;
|
|
$adminStatement->bind_param('si', $login, $masterAdminLevel);
|
|
$adminStatement->execute();
|
|
if ($adminStatement->error) {
|
|
trigger_error($adminStatement->error);
|
|
$success = false;
|
|
}
|
|
}
|
|
$adminStatement->close();
|
|
|
|
return $success;
|
|
}
|
|
|
|
/**
|
|
* Get all connected Players with at least the given Auth Level
|
|
*
|
|
* @api
|
|
* @param int $authLevel
|
|
* @return Player[]
|
|
*/
|
|
public function getConnectedAdmins($authLevel = self::AUTH_LEVEL_MODERATOR) {
|
|
$players = $this->maniaControl->getPlayerManager()->getPlayers();
|
|
$admins = array();
|
|
foreach ($players as $player) {
|
|
if (self::checkRight($player, $authLevel)) {
|
|
array_push($admins, $player);
|
|
}
|
|
}
|
|
return $admins;
|
|
}
|
|
|
|
/**
|
|
* Get all connected Players with less permission than the given Auth Level
|
|
*
|
|
* @api
|
|
* @param int $authLevel
|
|
* @return Player[]
|
|
*/
|
|
public function getConnectedPlayers($authLevel = self::AUTH_LEVEL_MODERATOR) {
|
|
$players = $this->maniaControl->getPlayerManager()->getPlayers();
|
|
$playerArray = array();
|
|
foreach ($players as $player) {
|
|
if (!self::checkRight($player, $authLevel)) {
|
|
array_push($playerArray, $player);
|
|
}
|
|
}
|
|
return $playerArray;
|
|
}
|
|
|
|
/**
|
|
* Check whether the Player has enough Rights
|
|
*
|
|
* @api
|
|
* @param Player $player
|
|
* @param int|Setting $neededAuthLevel
|
|
* @return bool
|
|
*/
|
|
public static function checkRight(Player $player, $neededAuthLevel) {
|
|
if ($neededAuthLevel instanceof Setting) {
|
|
$neededAuthLevel = $neededAuthLevel->value;
|
|
}
|
|
return ($player->authLevel >= $neededAuthLevel);
|
|
}
|
|
|
|
/**
|
|
* Get a List of all Admins
|
|
*
|
|
* @api
|
|
* @param int $authLevel
|
|
* @return Player[]
|
|
*/
|
|
public function getAdmins($authLevel = self::AUTH_LEVEL_MODERATOR) {
|
|
$mysqli = $this->maniaControl->getDatabase()->getMysqli();
|
|
$query = "SELECT `login` FROM `" . PlayerManager::TABLE_PLAYERS . "`
|
|
WHERE `authLevel` >= " . $authLevel . "
|
|
ORDER BY `authLevel` DESC;";
|
|
$result = $mysqli->query($query);
|
|
if (!$result) {
|
|
trigger_error($mysqli->error);
|
|
return null;
|
|
}
|
|
$admins = array();
|
|
while ($row = $result->fetch_object()) {
|
|
$player = $this->maniaControl->getPlayerManager()->getPlayer($row->login, false);
|
|
if ($player) {
|
|
array_push($admins, $player);
|
|
}
|
|
}
|
|
$result->free();
|
|
return $admins;
|
|
}
|
|
|
|
/**
|
|
* Grant the Auth Level to the Player
|
|
*
|
|
* @api
|
|
* @param Player $player
|
|
* @param int $authLevel
|
|
* @return bool
|
|
*/
|
|
public function grantAuthLevel(Player &$player, $authLevel) {
|
|
if (!$player || !is_numeric($authLevel)) {
|
|
return false;
|
|
}
|
|
$authLevel = (int) $authLevel;
|
|
if ($authLevel >= self::AUTH_LEVEL_MASTERADMIN) {
|
|
return false;
|
|
}
|
|
|
|
$mysqli = $this->maniaControl->getDatabase()->getMysqli();
|
|
$authQuery = "INSERT INTO `" . PlayerManager::TABLE_PLAYERS . "` (
|
|
`login`,
|
|
`nickname`,
|
|
`authLevel`
|
|
) VALUES (
|
|
?, ?, ?
|
|
) ON DUPLICATE KEY UPDATE
|
|
`authLevel` = VALUES(`authLevel`);";
|
|
$authStatement = $mysqli->prepare($authQuery);
|
|
if ($mysqli->error) {
|
|
trigger_error($mysqli->error, E_USER_ERROR);
|
|
return false;
|
|
}
|
|
$authStatement->bind_param('ssi', $player->login, $player->nickname, $authLevel);
|
|
$authStatement->execute();
|
|
if ($authStatement->error) {
|
|
trigger_error($authStatement->error);
|
|
$authStatement->close();
|
|
return false;
|
|
}
|
|
$authStatement->close();
|
|
|
|
$player->authLevel = $authLevel;
|
|
$this->maniaControl->getCallbackManager()->triggerCallback(self::CB_AUTH_LEVEL_CHANGED, $player);
|
|
|
|
$this->maniaControl->getActionsMenu()->rebuildAndShowAdminMenu();
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Send an Error Message to the Player
|
|
*
|
|
* @api
|
|
* @param Player $player
|
|
* @return bool
|
|
*/
|
|
public function sendNotAllowed(Player $player) {
|
|
if (!$player) {
|
|
return false;
|
|
}
|
|
return $this->maniaControl->getChat()->sendError('You do not have the required Rights to perform this Action!', $player);
|
|
}
|
|
|
|
/**
|
|
* Checks the permission by a right name
|
|
*
|
|
* @api
|
|
* @param Player $player
|
|
* @param $rightName
|
|
* @return bool
|
|
*/
|
|
public function checkPermission(Player $player, $rightName) {
|
|
$right = $this->maniaControl->getSettingManager()->getSettingValue($this, $rightName);
|
|
return self::checkRight($player, self::getAuthLevel($right));
|
|
}
|
|
|
|
/**
|
|
* Checks the permission by a right name
|
|
*
|
|
* @api
|
|
* @param Plugin $plugin
|
|
* @param Player $player
|
|
* @param $rightName
|
|
* @return bool
|
|
*/
|
|
public function checkPluginPermission(Plugin $plugin, Player $player, $rightName) {
|
|
$right = $this->maniaControl->getSettingManager()->getSettingValue($plugin, $rightName);
|
|
return self::checkRight($player, self::getAuthLevel($right));
|
|
}
|
|
|
|
/**
|
|
* Define a Minimum Right Level needed for an Action
|
|
*
|
|
* @api
|
|
* @param string $rightName
|
|
* @param int $authLevelNeeded
|
|
* @param string $authLevelsAllowed
|
|
*/
|
|
public function definePermissionLevel($rightName, $authLevelNeeded, $authLevelsAllowed = self::AUTH_LEVEL_MODERATOR) {
|
|
$this->maniaControl->getSettingManager()->initSetting($this, $rightName, self::getPermissionLevelNameArray($authLevelNeeded, $authLevelsAllowed));
|
|
}
|
|
|
|
/**
|
|
* Define a Minimum Right Level needed for an Action
|
|
*
|
|
* @api
|
|
* @param Plugin $plugin
|
|
* @param string $rightName
|
|
* @param int $authLevelNeeded
|
|
* @param string $authLevelsAllowed
|
|
*/
|
|
public function definePluginPermissionLevel(Plugin $plugin, $rightName, $authLevelNeeded, $authLevelsAllowed = self::AUTH_LEVEL_MODERATOR) {
|
|
$this->maniaControl->getSettingManager()->initSetting($plugin, $rightName, self::getPermissionLevelNameArray($authLevelNeeded, $authLevelsAllowed));
|
|
}
|
|
|
|
/**
|
|
* Get the PermissionLevelNameArray
|
|
*
|
|
* @api
|
|
* @param $authLevelNeeded
|
|
* @param $authLevelsAllowed
|
|
* @return array[]
|
|
*/
|
|
public static function getPermissionLevelNameArray($authLevelNeeded, $authLevelsAllowed = self::AUTH_LEVEL_MODERATOR) {
|
|
assert($authLevelNeeded >= $authLevelsAllowed);
|
|
|
|
switch ($authLevelsAllowed) {
|
|
case self::AUTH_LEVEL_PLAYER:
|
|
switch ($authLevelNeeded) {
|
|
case self::AUTH_LEVEL_PLAYER:
|
|
return array(self::AUTH_NAME_PLAYER, self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN);
|
|
case self::AUTH_LEVEL_MODERATOR:
|
|
return array(self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_PLAYER);
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
return array(self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_PLAYER, self::AUTH_NAME_MODERATOR);
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return array(self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_PLAYER, self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN);
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return array(self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_PLAYER, self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN);
|
|
}
|
|
break;
|
|
|
|
case self::AUTH_LEVEL_MODERATOR:
|
|
switch ($authLevelNeeded) {
|
|
case self::AUTH_LEVEL_MODERATOR:
|
|
return array(self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN);
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
return array(self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_MODERATOR);
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return array(self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN);
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return array(self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_MODERATOR, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN);
|
|
}
|
|
break;
|
|
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
switch ($authLevelNeeded) {
|
|
case self::AUTH_LEVEL_ADMIN:
|
|
return array(self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN);
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return array(self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_ADMIN);
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return array(self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_ADMIN, self::AUTH_NAME_SUPERADMIN);
|
|
}
|
|
break;
|
|
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
switch ($authLevelNeeded) {
|
|
case self::AUTH_LEVEL_SUPERADMIN:
|
|
return array(self::AUTH_NAME_SUPERADMIN, self::AUTH_NAME_MASTERADMIN);
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return array(self::AUTH_NAME_MASTERADMIN, self::AUTH_NAME_SUPERADMIN);
|
|
}
|
|
break;
|
|
|
|
// just for completeness, should not be used this way
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
switch ($authLevelNeeded) {
|
|
case self::AUTH_LEVEL_MASTERADMIN:
|
|
return array(self::AUTH_NAME_MASTERADMIN);
|
|
}
|
|
break;
|
|
}
|
|
|
|
return array("-");
|
|
}
|
|
}
|