Don't be so lazy, implements all the XDB::raw* variants.

[platal.git] / classes / plsession.php

diff --git a/classes/plsession.php b/classes/plsession.php
index add2bd3..9b6f90e 100644 (file)
--- a/classes/plsession.php
+++ b/classes/plsession.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2010 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -19,6 +19,15 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
+/** Authentication level.
+ * Only AUTH_PUBLIC is mandatory. The others are defined as useful values,
+ * but can be overwritten by others auth levels definitions.
+ */
+define('AUTH_SUID',   -1);
+define('AUTH_PUBLIC', 0);
+define('AUTH_COOKIE', 5);
+define('AUTH_MDP',    10);
+
 
 /** The PlSession is a wrapper around the user session management.
  */
@@ -94,7 +103,6 @@ abstract class PlSession
      */
     public function start($level)
     {
-        $backup = S::i($level);
         if ($this->checkAuth($level)) {
             return true;
         }
@@ -151,25 +159,48 @@ abstract class PlSession
      */
     abstract protected function startSessionAs($user, $level);
 
+    /** Check authentication with the given token.
+     *
+     * Token authentication is a light-weight authentication based on a user-specific token.
+     * This can be used for protocols that requires a 'cookie'-free authentication, such as
+     * RSS, iCal registration...
+     *
+     * This function returns a valid user object if authentication is successful, or null if
+     * token mismatch.
+     */
+    abstract public function tokenAuth($login, $token);
+
+    /** Set the permissions to the given flagset.
+     *
+     * This function sets S::set('perms') with a flagset represeting the combination of
+     * $perms and $is_admin.
+     *
+     * $perms is an abstract object representing the permissions.
+     * $is_admin is a boolean, true if the current user has site-administration rights.
+     */
+    abstract protected function makePerms($perms, $is_admin);
 
     /*** SUID management ***/
 
     /** Start a new SUID session.
      */
-    public function startSUID($user)
+    public function startSUID($user, $perms = null)
     {
-        if (isset($_SESSION['suid'])) {
+        if (S::suid()) {
             return false;
         }
-        $newsession = array();
-        $backup   =& $_SESSION;
-        $_SESSION =& $newsession;
+        $backup   = $_SESSION;
+        $_SESSION = array();
         $this->fillSession();
         S::set('suid', $backup);
-        if (!$this->startSessionAs($user, -1)) {
+        if (!$this->startSessionAs($user, AUTH_SUID)) {
             $this->stopSUID();
             return false;
         }
+        S::set('user', $user);
+        if (!is_null($perms)) {
+            $this->makePerms($perms, false);
+        }
         return true;
     }
 
@@ -177,16 +208,20 @@ abstract class PlSession
      */
     public function stopSUID()
     {
-        if (!isset($_SESSION['suid'])) {
+        if (!S::suid()) {
             return false;
         }
-        $_SESSION =& $_SESSION['suid'];
+        $_SESSION = $_SESSION['suid'];
         return true;
     }
 
 
     /*** Thresholds ***/
 
+    /** Minimum level of authentication that is considered as logged.
+     */
+    abstract public function loggedLevel();
+
     /** Minimum level of authentication that is considered as sure.
      */
     abstract public function sureLevel();