Initial commit

kirby/src/Cms/AppUsers.php

@@ -0,0 +1,157 @@
+<?php
+
+namespace Kirby\Cms;
+
+use Closure;
+use Throwable;
+
+/**
+ * AppUsers
+ *
+ * @package   Kirby Cms
+ * @author    Bastian Allgeier <bastian@getkirby.com>
+ * @link      https://getkirby.com
+ * @copyright Bastian Allgeier
+ * @license   https://getkirby.com/license
+ */
+trait AppUsers
+{
+	protected Auth|null $auth = null;
+	protected User|string|null $user = null;
+	protected Users|null $users = null;
+
+	/**
+	 * Returns the Authentication layer class
+	 */
+	public function auth(): Auth
+	{
+		return $this->auth ??= new Auth($this);
+	}
+
+	/**
+	 * Become any existing user or disable the current user
+	 *
+	 * @param string|null $who User ID or email address,
+	 *                         `null` to use the actual user again,
+	 *                         `'kirby'` for a virtual admin user or
+	 *                         `'nobody'` to disable the actual user
+	 * @param Closure|null $callback Optional action function that will be run with
+	 *                               the permissions of the impersonated user; the
+	 *                               impersonation will be reset afterwards
+	 * @return mixed If called without callback: User that was impersonated;
+	 *               if called with callback: Return value from the callback
+	 * @throws \Throwable
+	 */
+	public function impersonate(
+		string|null $who = null,
+		Closure|null $callback = null
+	): mixed {
+		$auth = $this->auth();
+
+		$userBefore = $auth->currentUserFromImpersonation();
+		$userAfter  = $auth->impersonate($who);
+
+		if ($callback === null) {
+			return $userAfter;
+		}
+
+		try {
+			return $callback($userAfter);
+		} catch (Throwable $e) {
+			throw $e;
+		} finally {
+			// ensure that the impersonation is *always* reset
+			// to the original value, even if an error occurred
+			$auth->impersonate($userBefore?->id());
+		}
+	}
+
+	/**
+	 * Returns all user roles
+	 */
+	public function roles(): Roles
+	{
+		return $this->roles ??= Roles::load($this->root('roles'));
+	}
+
+	/**
+	 * Returns a specific user role by id
+	 * or the role of the current user if no id is given
+	 *
+	 * @param bool $allowImpersonation If set to false, only the role of the
+	 *                                 actually logged in user will be returned
+	 *                                 (when `$id` is passed as `null`)
+	 */
+	public function role(
+		string|null $id = null,
+		bool $allowImpersonation = true
+	): Role|null {
+		if ($id !== null) {
+			return $this->roles()->find($id);
+		}
+
+		return $this->user(null, $allowImpersonation)?->role();
+	}
+
+	/**
+	 * Set the currently active user id
+	 *
+	 * @return $this
+	 */
+	protected function setUser(User|string|null $user = null): static
+	{
+		$this->user = $user;
+		return $this;
+	}
+
+	/**
+	 * Create your own set of app users
+	 *
+	 * @return $this
+	 */
+	protected function setUsers(array|null $users = null): static
+	{
+		if ($users !== null) {
+			$this->users = Users::factory($users);
+		}
+
+		return $this;
+	}
+
+	/**
+	 * Returns a specific user by id
+	 * or the current user if no id is given
+	 *
+	 * @param bool $allowImpersonation If set to false, only the actually
+	 *                                 logged in user will be returned
+	 *                                 (when `$id` is passed as `null`)
+	 */
+	public function user(
+		string|null $id = null,
+		bool $allowImpersonation = true
+	): User|null {
+		if ($id !== null) {
+			return $this->users()->find($id);
+		}
+
+		if ($allowImpersonation === true && is_string($this->user) === true) {
+			return $this->auth()->impersonate($this->user);
+		}
+
+		try {
+			return $this->auth()->user(null, $allowImpersonation);
+		} catch (Throwable) {
+			return null;
+		}
+	}
+
+	/**
+	 * Returns all users
+	 */
+	public function users(): Users
+	{
+		return $this->users ??= Users::load(
+			$this->root('accounts'),
+		);
+	}
+}