2022-06-17 17:51:59 +02:00
|
|
|
<?php
|
|
|
|
|
|
2025-04-21 18:57:21 +02:00
|
|
|
use Kirby\Exception\AuthException;
|
2022-06-17 17:51:59 +02:00
|
|
|
|
|
|
|
|
return function () {
|
2022-08-31 15:02:43 +02:00
|
|
|
$auth = $this->kirby()->auth();
|
|
|
|
|
$allowImpersonation = $this->kirby()->option('api.allowImpersonation') ?? false;
|
2022-06-17 17:51:59 +02:00
|
|
|
|
2022-08-31 15:02:43 +02:00
|
|
|
// csrf token check
|
|
|
|
|
if (
|
|
|
|
|
$auth->type($allowImpersonation) === 'session' &&
|
|
|
|
|
$auth->csrf() === false
|
|
|
|
|
) {
|
2025-07-11 14:41:34 +02:00
|
|
|
throw new AuthException(message: 'Unauthenticated');
|
2022-08-31 15:02:43 +02:00
|
|
|
}
|
2022-06-17 17:51:59 +02:00
|
|
|
|
2022-08-31 15:02:43 +02:00
|
|
|
// get user from session or basic auth
|
|
|
|
|
if ($user = $auth->user(null, $allowImpersonation)) {
|
|
|
|
|
if ($user->role()->permissions()->for('access', 'panel') === false) {
|
2025-07-11 14:41:34 +02:00
|
|
|
throw new AuthException(key: 'access.panel');
|
2022-08-31 15:02:43 +02:00
|
|
|
}
|
2022-06-17 17:51:59 +02:00
|
|
|
|
2022-08-31 15:02:43 +02:00
|
|
|
return $user;
|
|
|
|
|
}
|
2022-06-17 17:51:59 +02:00
|
|
|
|
2025-07-11 14:41:34 +02:00
|
|
|
throw new AuthException(message: 'Unauthenticated');
|
2022-06-17 17:51:59 +02:00
|
|
|
};
|
