180 lines
5.5 KiB
PHP
180 lines
5.5 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Handles user authentication for wiaas
|
|
*
|
|
* User roles are inherited from organization
|
|
*
|
|
* Class Wiaas_Authentication
|
|
*/
|
|
class Wiaas_Authentication {
|
|
|
|
const SUPER_ADMIN_USER_ID = 1;
|
|
|
|
public static function init() {
|
|
// authenticate current user
|
|
// add_action('determine_current_user', array(__CLASS__, 'authenticate_current_user'), 999);
|
|
|
|
// authenticates user on login
|
|
// add_filter( 'authenticate', array( __CLASS__, 'authenticate_user_on_login' ), 999, 3);
|
|
|
|
// retrieve preferred user role for user
|
|
add_filter('get_user_metadata', array(__CLASS__, 'maybe_filter_user_roles'), 10, 3);
|
|
|
|
// redirect to dashboard after login
|
|
// add_filter( 'login_redirect', array( __CLASS__, 'login_redirect' ) );
|
|
}
|
|
|
|
/**
|
|
* Redirect admin user to dashboard
|
|
*
|
|
* @return string
|
|
*/
|
|
public static function login_redirect() {
|
|
return admin_url('index.php') ;
|
|
}
|
|
|
|
|
|
/**
|
|
* Authenticate current user based on roles assigned to organization
|
|
*
|
|
* User role will be determined in `maybe_filter_user_roles` based on his organization roles
|
|
*
|
|
* If this is REST API request user will be only authenticated with customer role if his organization has
|
|
* customer role assigned to it.
|
|
*
|
|
* If this is backend request user will be authenticated with previously selected or first available role
|
|
* from his organization roles.
|
|
*
|
|
* @param int|false $user_id
|
|
* @return int|false|WP_Error
|
|
*/
|
|
public static function authenticate_current_user($user_id) {
|
|
// do nothing if user not authenticated, user is super admin or this is REST API request
|
|
if (! $user_id || $user_id === self::SUPER_ADMIN_USER_ID) {
|
|
return $user_id;
|
|
}
|
|
|
|
$user = new WP_User($user_id);
|
|
|
|
if (empty($user->roles)) {
|
|
return new WP_Error('wiaas_authentication_error', 'No permissions!');
|
|
}
|
|
|
|
return $user_id;
|
|
}
|
|
|
|
/**
|
|
* Authenticate wiaas user on login based on roles assigned to organization
|
|
*
|
|
* User role will be determined in `maybe_filter_user_roles` based on his organization roles
|
|
*
|
|
* If this is REST API login request user will be only authenticated with customer role if his organization his
|
|
* customer role assigned to it.
|
|
*
|
|
* If this is backend login request user will be authenticated with previously selected or first available role
|
|
* from his organization roles.
|
|
*
|
|
* @param WP_User $user
|
|
* @return WP_User|WP_Error
|
|
*/
|
|
public static function authenticate_user_on_login($user) {
|
|
// do nothing if there is an error already,
|
|
// user is super admin
|
|
if (is_wp_error($user) || $user->ID === 1) {
|
|
return $user;
|
|
}
|
|
|
|
if (empty($user->roles)) {
|
|
return new WP_Error('wiaas_authentication_error', 'No permissions!');
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
|
|
/**
|
|
*
|
|
* Override default user roles with only his organization roles.
|
|
*
|
|
* If this is REST API request retrieve customer role if organization has that role.
|
|
*
|
|
* If this is backend request retrieve previously selected role or first available organization role with
|
|
* backend access.
|
|
*
|
|
* @param $null
|
|
* @param int $user_id
|
|
* @param string $meta_key
|
|
* @return array|null
|
|
*/
|
|
public static function maybe_filter_user_roles($null, $user_id, $meta_key) {
|
|
|
|
global $wpdb;
|
|
|
|
if ($user_id !== 0 && $user_id !== self::SUPER_ADMIN_USER_ID && $meta_key === $wpdb->get_blog_prefix() . 'capabilities') {
|
|
|
|
return array( array( 'customer' => true ) );
|
|
|
|
// import organization functions (during user authentication it is not yet loaded)
|
|
require_once dirname( __FILE__ ) . '/user/wiaas-organization-functions.php';
|
|
|
|
// get user organization
|
|
$organization_id = wiaas_get_user_organization_id($user_id);
|
|
|
|
// validate if user has organization
|
|
if ( empty( $organization_id) ) {
|
|
return array();
|
|
}
|
|
|
|
// get organization roles
|
|
$roles = wiaas_get_organization_roles($organization_id);
|
|
|
|
// if organization has no roles assigned to it user will have no roles
|
|
if ( empty($roles) ) {
|
|
return array();
|
|
}
|
|
|
|
/**
|
|
* REST API access
|
|
*/
|
|
|
|
// for REST API access allow only customer role for user
|
|
if ( $is_rest_api = strpos($_SERVER['REQUEST_URI'], rest_get_url_prefix()) ) {
|
|
return in_array('customer', $roles) ? array( array( 'customer' => true ) ) : array();
|
|
}
|
|
|
|
/**
|
|
* BACKEND ACCESS
|
|
*/
|
|
|
|
// remove customer role
|
|
$roles = array_diff($roles, array( 'customer'));
|
|
|
|
// not available backend roles for user
|
|
if ( empty($roles) ) {
|
|
return array();
|
|
}
|
|
|
|
// retrieve selected role for user
|
|
$role = get_user_meta($user_id, '_wiaas_current_user_admin_role', true);
|
|
|
|
// if user has no selected role, selected role in invalid (deleted) or organization has no selected role
|
|
// assign first available role to user
|
|
if ( empty($role) ||
|
|
! wp_roles()->is_role($role) ||
|
|
! in_array($role, $roles) ) {
|
|
|
|
// pick first role
|
|
$role = $roles[0];
|
|
update_user_meta($user_id, '_wiaas_current_user_admin_role', $role);
|
|
}
|
|
|
|
return array( array ( "$role" => true ));
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|
|
|
|
Wiaas_Authentication::init();
|