Is it possible to intercept calls to class functions?

Asked

Viewed 55 times

2

In a multi-level user application, not everyone can access/use the same methods, there is some way to intercept the call of a method/function so that a validation can be made according to the user level?

EX: Common user tries to create another user by accessing "users/create", the call would be something like this:

Class usuarios {

  function criar () {
   // cria usuario
  }

}

The ideal would be:

Class usuarios {

   function __intercept($function_name) {

     $normal_methods = array('perfil', 'deslogar');
     $admin_methods = array('criar','excluir','editar', 'perfil', 'deslogar');


    if(tiver permisao) {
  in_array(...);
    //continue
    } else { 
    // redireciona
     }


   }

   function criar (){
   //cria usuario
   }

}

2 answers

0

I recommend you to create a table in your data bank for example: tbl_permissions

Table tbl_users

+----------------------------+
| ID   | USERNAME | PASSWORD |
+----------------------------+
|    1 |   USER01 | PASSWORD |
|    2 |   USER02 | PASSWORD |
|    3 |   USER03 | PASSWORD |
+----------------------------+

Table tbl_permissions: contains a column user_id, and the other columns as in the example below are the areas or methods that the user may or may not have access to, and 0 is not permitted and 1 you have permission.

+-----------------------------------------+
| ID   | USER_ID | CREATE | EDIT | DELETE |
+-----------------------------------------+
|    1 |       1 |      1 |    0 |      0 |
|    1 |       2 |      1 |    1 |      1 |
|    1 |       3 |      0 |    0 |      1 |
+-----------------------------------------+

As I am currently without access to a database, I ran a test on https://ideone.com/WFDIB8

<?php
$Users = [
    1 => [
        'id' => 1,
        'nome' => 'USER01',
        'permissoes' => [
            'create' =>  1,
            'edit' => 0,
            'delete' => 0
        ]
    ],
    2 => [
        'id' => 2,
        'nome' => 'USER02',
        'permissoes' => [
            'create' =>  1,
            'edit' => 1,
            'delete' => 0
        ]
    ],
    3 => [
        'id' => 3,
        'nome' => 'USER03',
        'permissoes' => [
            'create' =>  1,
            'edit' => 1,
            'delete' => 1
        ]
    ],
    4 => [
        'id' => 4,
        'nome' => 'USER04',
        'permissoes' => [
            'create' =>  0,
            'edit' => 0,
            'delete' => 1
        ]
    ]
];


Class usuarios {
    /**
     * Função para verificar se o usuário logado
     * tem permissão para acessar uma página / método etc..
     */
    function verificarPermissao($UserID, $FuncName) {
        global $Users;
        if($Users[$UserID]["permissoes"][$FuncName] === 1) {
            $this->$FuncName();
        } else { 
            echo "Usuário não tem permissão para executar: {$FuncName}\n";
        }

    }

    function create() {
        echo "Usuário tem permissão para criar\n";
    }

    function edit() {
        echo "Usuário tem permissão para editar\n";
    }

    function delete() {
        echo "Usuário tem permissão para deletar\n";
    }
}

$user1 = new usuarios();
$user1->verificarPermissao(1, 'edit');
$user1->verificarPermissao(1, 'create');
$user1->verificarPermissao(1, 'delete');
echo "\n\n";
$user2 = new usuarios();
$user2->verificarPermissao(2, 'edit');
$user2->verificarPermissao(2, 'create');
$user2->verificarPermissao(2, 'delete');
echo "\n\n";
$user3 = new usuarios();
$user3->verificarPermissao(3, 'edit');
$user3->verificarPermissao(3, 'create');
$user3->verificarPermissao(3, 'delete');
echo "\n\n";
$user4 = new usuarios();
$user4->verificarPermissao(4, 'edit');
$user4->verificarPermissao(4, 'create');
$user4->verificarPermissao(4, 'delete');

0

In PHP there is the method __call() which is called when the method does not exist in the class.

Suddenly you can do something like this:

public function __call($metodo, $parametros){
    if($metodo == "inserir"){
        // delega para o o codigo que insere
    }
    if($metodo == "excluir"){
        // delega para o o codigo que exclui
    }
    ...
}

At the time of calling you call as if the method existed, but in practice is in the __call()that he will enter:

$usuarios->inserir();

Browser other questions tagged

You are not signed in. Login or sign up in order to post.