diff --git a/data/security/securitylog.txt b/data/security/securitylog.txt index b4d0e61..8b02239 100644 --- a/data/security/securitylog.txt +++ b/data/security/securitylog.txt @@ -1 +1,3 @@ 127.0.0.1;2024-03-25 21:48:49;login: wrong password +127.0.0.1;2024-04-20 12:51:39;login: wrong password +127.0.0.1;2024-04-21 19:24:11;login: invalid data diff --git a/system/typemill/Controllers/ControllerWebAuth.php b/system/typemill/Controllers/ControllerWebAuth.php index e26f6b3..4707a1e 100644 --- a/system/typemill/Controllers/ControllerWebAuth.php +++ b/system/typemill/Controllers/ControllerWebAuth.php @@ -158,32 +158,9 @@ class ControllerWebAuth extends Controller $user->login(); - # if user is allowed to view content-area - $acl = $this->c->get('acl'); - if($acl->hasRole($userdata['userrole']) && $acl->isAllowed($userdata['userrole'], 'content', 'read')) - { - $editor = (isset($this->settings['editor']) && $this->settings['editor'] == 'visual') ? 'visual' : 'raw'; + $redirect = $this->getRedirectDestination($userdata['userrole']); - return $response->withHeader('Location', $this->routeParser->urlFor('content.' . $editor))->withStatus(302); - } - - return $response->withHeader('Location', $this->routeParser->urlFor('user.account'))->withStatus(302); - } - - - private function isAuthcodeActive($settings) - { - if( - isset($settings['authcode']) && - $settings['authcode'] && - isset($settings['mailfrom']) && - filter_var($settings['mailfrom'], FILTER_VALIDATE_EMAIL) - ) - { - return true; - } - - return false; + return $response->withHeader('Location', $this->routeParser->urlFor($redirect))->withStatus(302); } # login a user with valid authcode @@ -259,18 +236,69 @@ class ControllerWebAuth extends Controller $user->login(); - # if user is allowed to view content-area - $acl = $this->c->get('acl'); - if($acl->hasRole($userdata['userrole']) && $acl->isAllowed($userdata['userrole'], 'content', 'read')) - { - $editor = (isset($this->settings['editor']) && $this->settings['editor'] == 'visual') ? 'visual' : 'raw'; + $redirect = $this->getRedirectDestination($userdata['userrole']); - return $response->withHeader('Location', $this->routeParser->urlFor('content.' . $editor))->withStatus(302); - } - - return $response->withHeader('Location', $this->routeParser->urlFor('user.account'))->withStatus(302); + return $response->withHeader('Location', $this->routeParser->urlFor($redirect))->withStatus(302); } + private function getRedirectDestination(string $userrole) + { + # decide where to redirect after login, configurable in settings -> system.yaml + $redirect = 'home'; + $acl = $this->c->get('acl'); + if($acl->hasRole($userrole)) + { + if($acl->isAllowed($userrole, 'system', 'read')) + { + # defaults to content editor + $redirect = 'content'; + if(isset($this->settings['redirectadminrights']) && $this->settings['redirectadminrights']) + { + $redirect = $this->settings['redirectadminrights']; + } + } + elseif($acl->isAllowed($userrole, 'content', 'read')) + { + # defaults to content editor + $redirect = 'content'; + if(isset($this->settings['redirectcontentrights']) && $this->settings['redirectcontentrights']) + { + $redirect = $this->settings['redirectcontentrights']; + } + } + elseif($acl->isAllowed($userrole, 'account', 'read')) + { + $redirect = 'user.account'; + if(isset($this->settings['redirectaccountrights']) && $this->settings['redirectaccountrights']) + { + $redirect = $this->settings['redirectaccountrights']; + } + } + + if($redirect == 'content') + { + $editor = (isset($this->settings['editor']) && $this->settings['editor'] == 'visual') ? 'visual' : 'raw'; + $redirect = 'content.' . $editor; + } + } + + return $redirect; + } + + private function isAuthcodeActive($settings) + { + if( + isset($settings['authcode']) && + $settings['authcode'] && + isset($settings['mailfrom']) && + filter_var($settings['mailfrom'], FILTER_VALIDATE_EMAIL) + ) + { + return true; + } + + return false; + } # log out a user public function logout(Request $request, Response $response) diff --git a/system/typemill/Events/OnShortcodeFound.php b/system/typemill/Events/OnShortcodeFound.php index 5767c2f..f419eb4 100644 --- a/system/typemill/Events/OnShortcodeFound.php +++ b/system/typemill/Events/OnShortcodeFound.php @@ -11,4 +11,15 @@ use Symfony\Component\EventDispatcher\Event; class OnShortcodeFound extends BaseEvent { + # allowed structure of returned data: + # $shortcodeArray['data']['embed'] = [ 'url' => '', 'params' => '']; + +/* + public function setData($data) + { + # validate and fix data structure here + $this->data = $data; + } +*/ + } \ No newline at end of file diff --git a/system/typemill/settings/system.yaml b/system/typemill/settings/system.yaml index 19faf7c..abd824e 100644 --- a/system/typemill/settings/system.yaml +++ b/system/typemill/settings/system.yaml @@ -164,6 +164,30 @@ fieldsetaccess: type: checkbox label: 'Wrap restriction notice' checkboxlabel: 'Wrap the restriction notice above into a notice-4 element (which can be designed as special box)' + redirectadminrights: + type: select + label: 'After login redirect users with admin rights to' + css: lg:w-half + options: + settings.show: 'system page' + content: 'editor page' + user.account: 'account page' + home: 'home page (frontend)' + redirectcontentrights: + type: select + label: 'After login redirect users with edit rights to' + css: lg:w-half + options: + content: 'editor page' + user.account: 'account page' + home: 'home page (frontend)' + redirectaccountrights: + type: select + label: 'After login redirect users without edit rights to' + css: lg:w-half + options: + user.account: 'account page' + home: 'home page (frontend)' fieldsetmail: type: fieldset legend: Email