diff --git a/PHPCI/Controller.php b/PHPCI/Controller.php index 69be68ee..57ed81f2 100644 --- a/PHPCI/Controller.php +++ b/PHPCI/Controller.php @@ -72,10 +72,23 @@ class Controller extends \b8\Controller return $this->response; } + /** + * Require that the currently logged in user is an administrator. + * @throws ForbiddenException + */ protected function requireAdmin() { - if (!$_SESSION['phpci_user']->getIsAdmin()) { + if (!$this->currentUserIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } } + + /** + * Check if the currently logged in user is an administrator. + * @return bool + */ + protected function currentUserIsAdmin() + { + return $_SESSION['phpci_user']->getIsAdmin(); + } } diff --git a/PHPCI/Controller/BuildController.php b/PHPCI/Controller/BuildController.php index 2d0ea73a..a46a094a 100644 --- a/PHPCI/Controller/BuildController.php +++ b/PHPCI/Controller/BuildController.php @@ -70,7 +70,7 @@ class BuildController extends \PHPCI\Controller ), ); - if ($_SESSION['phpci_user']->getIsAdmin()) { + if ($this->currentUserIsAdmin()) { $nav['links']['build/delete/' . $build->getId()] = 'Delete Build'; } @@ -156,9 +156,7 @@ class BuildController extends \PHPCI\Controller */ public function delete($buildId) { - if (empty($_SESSION['phpci_user']) || !$_SESSION['phpci_user']->getIsAdmin()) { - throw new \Exception('You do not have permission to do that.'); - } + $this->requireAdmin(); $build = BuildFactory::getBuildById($buildId); diff --git a/PHPCI/Controller/PluginController.php b/PHPCI/Controller/PluginController.php index b4281626..c853aabd 100644 --- a/PHPCI/Controller/PluginController.php +++ b/PHPCI/Controller/PluginController.php @@ -44,9 +44,7 @@ class PluginController extends \PHPCI\Controller public function index() { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new \Exception('You do not have permission to do that.'); - } + $this->requireAdmin(); $this->view->canWrite = is_writable(APPLICATION_PATH . 'composer.json'); $this->view->required = $this->required; @@ -72,9 +70,7 @@ class PluginController extends \PHPCI\Controller public function remove() { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new \Exception('You do not have permission to do that.'); - } + $this->requireAdmin(); $package = $this->getParam('package', null); $json = $this->getComposerJson(); @@ -93,9 +89,7 @@ class PluginController extends \PHPCI\Controller public function install() { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new \Exception('You do not have permission to do that.'); - } + $this->requireAdmin(); $package = $this->getParam('package', null); $version = $this->getParam('version', '*'); diff --git a/PHPCI/Controller/ProjectController.php b/PHPCI/Controller/ProjectController.php index 5b594b96..69d8b95e 100644 --- a/PHPCI/Controller/ProjectController.php +++ b/PHPCI/Controller/ProjectController.php @@ -122,9 +122,7 @@ class ProjectController extends \PHPCI\Controller */ public function delete($projectId) { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new ForbiddenException('You do not have permission to do that.'); - } + $this->requireAdmin(); $project = $this->projectStore->getById($projectId); $this->projectService->deleteProject($project); @@ -227,9 +225,7 @@ class ProjectController extends \PHPCI\Controller */ public function edit($projectId) { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new ForbiddenException('You do not have permission to do that.'); - } + $this->requireAdmin(); $method = $this->request->getMethod(); $project = $this->projectStore->getById($projectId); diff --git a/PHPCI/Controller/SettingsController.php b/PHPCI/Controller/SettingsController.php index 4cd9f0be..e17ba399 100644 --- a/PHPCI/Controller/SettingsController.php +++ b/PHPCI/Controller/SettingsController.php @@ -38,6 +38,8 @@ class SettingsController extends Controller public function index() { + $this->requireAdmin(); + $this->layout->title = 'Settings'; $this->view->settings = $this->settings; @@ -65,6 +67,8 @@ class SettingsController extends Controller public function github() { + $this->requireAdmin(); + $this->settings['phpci']['github']['id'] = $this->getParam('githubid', ''); $this->settings['phpci']['github']['secret'] = $this->getParam('githubsecret', ''); $error = $this->storeSettings(); @@ -80,6 +84,8 @@ class SettingsController extends Controller public function email() { + $this->requireAdmin(); + $this->settings['phpci']['email_settings'] = $this->getParams(); $this->settings['phpci']['email_settings']['smtp_encryption'] = $this->getParam('smtp_encryption', 0); @@ -96,6 +102,8 @@ class SettingsController extends Controller public function build() { + $this->requireAdmin(); + $this->settings['phpci']['build'] = $this->getParams(); $error = $this->storeSettings(); diff --git a/PHPCI/Controller/UserController.php b/PHPCI/Controller/UserController.php index 3240edce..583381f6 100644 --- a/PHPCI/Controller/UserController.php +++ b/PHPCI/Controller/UserController.php @@ -115,9 +115,7 @@ class UserController extends Controller */ public function add() { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new ForbiddenException('You do not have permission to do that.'); - } + $this->requireAdmin(); $this->layout->title = 'Add User'; @@ -157,9 +155,7 @@ class UserController extends Controller */ public function edit($userId) { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new ForbiddenException('You do not have permission to do that.'); - } + $this->requireAdmin(); $method = $this->request->getMethod(); $user = $this->userStore->getById($userId); @@ -253,10 +249,8 @@ class UserController extends Controller */ public function delete($userId) { - if (!$_SESSION['phpci_user']->getIsAdmin()) { - throw new ForbiddenException('You do not have permission to do that.'); - } - + $this->requireAdmin(); + $user = $this->userStore->getById($userId); if (empty($user)) {