Skip to content
Snippets Groups Projects
Select Git revision
  • de
  • refactor/base
  • feat/import-externals
  • alpha default protected
  • feat/external-chapters
  • main
  • master
  • v1.0.0-alpha.57
  • v1.0.0-alpha.56
  • v1.0.0-alpha.55
  • v1.0.0-alpha.54
  • v1.0.0-alpha.53
  • v1.0.0-alpha.52
  • v1.0.0-alpha.51
  • v1.0.0-alpha.50
  • v1.0.0-alpha.49
  • v1.0.0-alpha.48
  • v1.0.0-alpha.47
  • v1.0.0-alpha.46
  • v1.0.0-alpha.45
  • v1.0.0-alpha.44
  • v1.0.0-alpha.43
  • v1.0.0-alpha.42
  • v1.0.0-alpha.41
  • v1.0.0-alpha.40
  • v1.0.0-alpha.39
  • v1.0.0-alpha.38
27 results
Blame Permalink
Forked from Ad Aures / Castopod
915 commits behind the upstream repository.
  • Yassine Doghri's avatar
    2f525c0f
    feat(fediverse): implement activitypub protocols + update user interface · 2f525c0f
    Yassine Doghri authored 
    - add "ActivityPub" library to handle server to server federation and basic
  client to server protocols using activitypub:
  - add webfinger endpoint to look for actor
  - add actor definition with inbox / outbox / followers
  - remote follow an actor
  - create notes with possible preview cards
  - interract with favourites, reblogs and replies
  - block incoming actors and/or domains
  - broadcast/schedule activities to fediverse followers using a cron task
- For castopod, the podcast is the actor:
  - overwrite the activitypub library for castopod's specific needs
  - perform basic interactions administrating a podcast to interact with fediverse users:
    - create notes with episode attachment
    - favourite and share a note + reply
    - add specific castopod_namespaces for podcasts and episodes definitions
- overwrite CodeIgniter's Route service to include alternate-content option for
  activitystream requests
- update episode publication logic:
  - remove publication inputs in create / edit episode form
  - publish / schedule or unpublish an episode after creation
  - the podcaster publishes a note when publishing an episode
- Javascript / Typescript modules:
  - fix Dropdown.ts to keep dropdown menu in foreground
  - add Modal.ts for funding links modal
  - add Toggler.ts to toggle various css states in ui
- User Interface:
  - update tailwindcss to v2
  - use castopod's pine and rose colors
  - update public layout to a 3 column layout
  - add pages in public for podcast activity, episode list and notes
  - update episode page to include linked notes
  - remove previous and next episodes from episode pages
  - show different public views depending on whether user is authenticated or not
  - use Kumbh Sans and Montserrat fonts
- update CodeIgniter's config files
- with CodeIgniter's new requirements, update docker environments are now based on
  php v7.3 image
- move Image entity to Libraries
- update composer and npm packages to latest versions

closes #69 #65 #85, fixes #51 #91 #92 #88
    2f525c0f
    History
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri authored 
    - add "ActivityPub" library to handle server to server federation and basic
  client to server protocols using activitypub:
  - add webfinger endpoint to look for actor
  - add actor definition with inbox / outbox / followers
  - remote follow an actor
  - create notes with possible preview cards
  - interract with favourites, reblogs and replies
  - block incoming actors and/or domains
  - broadcast/schedule activities to fediverse followers using a cron task
- For castopod, the podcast is the actor:
  - overwrite the activitypub library for castopod's specific needs
  - perform basic interactions administrating a podcast to interact with fediverse users:
    - create notes with episode attachment
    - favourite and share a note + reply
    - add specific castopod_namespaces for podcasts and episodes definitions
- overwrite CodeIgniter's Route service to include alternate-content option for
  activitystream requests
- update episode publication logic:
  - remove publication inputs in create / edit episode form
  - publish / schedule or unpublish an episode after creation
  - the podcaster publishes a note when publishing an episode
- Javascript / Typescript modules:
  - fix Dropdown.ts to keep dropdown menu in foreground
  - add Modal.ts for funding links modal
  - add Toggler.ts to toggle various css states in ui
- User Interface:
  - update tailwindcss to v2
  - use castopod's pine and rose colors
  - update public layout to a 3 column layout
  - add pages in public for podcast activity, episode list and notes
  - update episode page to include linked notes
  - remove previous and next episodes from episode pages
  - show different public views depending on whether user is authenticated or not
  - use Kumbh Sans and Montserrat fonts
- update CodeIgniter's config files
- with CodeIgniter's new requirements, update docker environments are now based on
  php v7.3 image
- move Image entity to Libraries
- update composer and npm packages to latest versions

closes #69 #65 #85, fixes #51 #91 #92 #88
PermissionFilter.php 3.62 KiB 
<?php

namespace App\Filters;

use App\Models\PodcastModel;
use Config\Services;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
use Myth\Auth\Exceptions\PermissionException;

class PermissionFilter implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     *
     * @return mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        if (!function_exists('logged_in')) {
            helper('auth');
        }

        if (empty($params)) {
            return;
        }

        $authenticate = Services::authentication();

        // if no user is logged in then send to the login form
        if (!$authenticate->check()) {
            session()->set('redirect_url', current_url());
            return redirect('login');
        }

        helper('misc');
        $authorize = Services::authorization();
        $router = Services::router();
        $routerParams = $router->params();
        $result = false;

        // Check if user has at least one of the permissions
        foreach ($params as $permission) {
            // check if permission is for a specific podcast
            if (
                (startsWith($permission, 'podcast-') ||
                    startsWith($permission, 'podcast_episodes-')) &&
                count($routerParams) > 0
            ) {
                if (
                    $groupId = (new PodcastModel())->getContributorGroupId(
                        $authenticate->id(),
                        $routerParams[0]
                    )
                ) {
                    if ($authorize->groupHasPermission($permission, $groupId)) {
                        $result = true;
                        break;
                    }
                }
            } elseif (
                $authorize->hasPermission($permission, $authenticate->id())
            ) {
                $result = true;
                break;
            }
        }

        if (!$result) {
            if ($authenticate->silent()) {
                $redirectURL = session('redirect_url') ?? '/';
                unset($_SESSION['redirect_url']);
                return redirect()
                    ->to($redirectURL)
                    ->with('error', lang('Auth.notEnoughPrivilege'));
            } else {
                throw new PermissionException(lang('Auth.notEnoughPrivilege'));
            }
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     *
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     *
     * @return void
     */
    public function after(
        RequestInterface $request,
        ResponseInterface $response,
        $arguments = null
    ) {
    }

    //--------------------------------------------------------------------
}