Home-made facade for getCurrentUser().

pitchum · pitchum · commit 00a6899b1463 · 2019-10-21T14:36:54.000+02:00
diff --git a/app/Http/Controllers/EditPasteController.php b/app/Http/Controllers/EditPasteController.php
@@ -19,8 +19,8 @@ public function index($link, Request $request){
     $paste = Paste::where('link', $link)->firstOrFail();
 
     // Est-ce que l'utilisateur connecté est celui qui a écrit la paste ?
-    if (Auth::user() != $paste->user || $paste->userId == 0) {
-      return abort('404');
+    if (!User::is_owner($paste) || $paste->userId == 0) {
+      return abort('403');
     }
 
     // Renvoi de la view
@@ -41,8 +41,8 @@ public function edit($link, Requests\EditPaste $request){
     $paste = Paste::where('link', $link)->firstOrFail();
 
     // Est-ce que l'utilisateur connecté est celui qui a écrit la paste ?
-    if (Auth::user() != $paste->user || $paste->userId == 0) {
-      return abort('404');
+    if (!User::is_owner($paste) || $paste->userId == 0) {
+      return abort('403');
     }
 
     $title = (empty(trim(Input::get('pasteTitle')))) ? 'Untitled' : Input::get('pasteTitle');
diff --git a/app/Http/Controllers/PasteController.php b/app/Http/Controllers/PasteController.php
@@ -318,7 +318,7 @@ public function raw($link){
     // On crée la var envoyée à la view disant si l'user créateur est le viewer
     $sameUser = false;
     if(cas()->isAuthenticated()) {
-      if ($paste->userId == Auth::user()->id) {
+      if ($paste->userId == User::getCurrentUser()->id) {
       }
     }
     return response($paste->content, 200)->header('Content-Type', 'text/plain');
diff --git a/app/User.php b/app/User.php
@@ -46,4 +46,23 @@ public static function create_if_absent($username) {
         }
         return $user;
     }
+
+
+    /**
+     * This stupid function exists because I couldn't find how to
+     * properly implement CAS authentication as a Facade for Auth.
+     * When I have time I'll try to read all Laravel doc and find out.
+     */
+    public static function getCurrentUser() {
+        cas()->isAuthenticated(); // XXX workaround CAS_OutOfSequenceBeforeAuthenticationCallException (because I don't know how to use Laravel properly)
+        $username = cas()->getCurrentUser();
+        $user = User::where('name', $username)->first();
+        return $user;
+    }
+
+    public static function is_owner($paste) {
+        $user = User::getCurrentUser();
+        return (($user->id == $paste->userId && $paste->userId != 0)) ? true : false;
+    }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -318,7 +318,7 @@ public function raw($link){`
`318`	`318`	`// On crée la var envoyée à la view disant si l'user créateur est le viewer`
`319`	`319`	`$sameUser = false;`
`320`	`320`	`if(cas()->isAuthenticated()) {`
`321`		`- if ($paste->userId == Auth::user()->id) {`
	`321`	`+ if ($paste->userId == User::getCurrentUser()->id) {`
`322`	`322`	`}`
`323`	`323`	`}`
`324`	`324`	`return response($paste->content, 200)->header('Content-Type', 'text/plain');`