[Bug 513783] Add APIs to gate particular kinds of users
Bugzilla Link | 513783 |
Status | NEW |
Importance | P3 normal |
Reported | Mar 16, 2017 16:52 EDT |
Modified | Aug 12, 2021 16:39 EDT |
Description
We have some webpages with content that is specifically intended for committers only or for foundation staff members only. It would be handy to have a standard API to make sure that the current user is (a) logged in and (b) as the necessary permissions.
I'm thinking of a simple method along the lines of:
$App->mustBeCommitter();
Placed early in a PHP document, the idea is that the call will:
- Redirect an unauthenticated user to the login screen (with a takemeback)\
- Reject a unauthorised user by redirecting them to another page\
- Do nothing for an authenticated and authorised user.
Perhaps, the method can take an optional URL for when the user is unauthorised.
A few years ago, I wrote a function that some of the pages under /projects use:
function mustBeCommitter() {
global $App;
if ($App->devmode)
return;
require_once ($_SERVER['DOCUMENT_ROOT']
. "/eclipse.org-common/classes/friends/friend.class.php");
$Session = $App->useSession("optional");
$friend = $Session->getFriend();
if (!$friend->getLDAPUID()) {
header("Location: " . LOGINPAGE . "?takemeback=" . $_SERVER['SCRIPT_URI']);
exit();
}
if (!$friend->getIsCommitter()) {
header("Location: /projects");
exit();
}
return $friend;
}
There may be an opportunity for a more general solution if there are additional problems that need to be solved.