mirror of
https://github.com/elyby/accounts.git
synced 2024-11-06 16:21:08 +05:30
55 lines
1.6 KiB
PHP
55 lines
1.6 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace api\components\OAuth2\Repositories;
|
|
|
|
use api\components\OAuth2\Entities\ScopeEntity;
|
|
use api\rbac\Permissions as P;
|
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
|
|
|
class PublicScopeRepository implements ScopeRepositoryInterface {
|
|
|
|
private const OFFLINE_ACCESS = 'offline_access';
|
|
private const CHANGE_SKIN = 'change_skin';
|
|
private const ACCOUNT_INFO = 'account_info';
|
|
private const ACCOUNT_EMAIL = 'account_email';
|
|
|
|
private const PUBLIC_SCOPES_TO_INTERNAL_PERMISSIONS = [
|
|
self::ACCOUNT_INFO => P::OBTAIN_OWN_ACCOUNT_INFO,
|
|
self::ACCOUNT_EMAIL => P::OBTAIN_ACCOUNT_EMAIL,
|
|
];
|
|
|
|
private const ALLOWED_SCOPES = [
|
|
P::OBTAIN_OWN_ACCOUNT_INFO,
|
|
P::OBTAIN_ACCOUNT_EMAIL,
|
|
P::MINECRAFT_SERVER_SESSION,
|
|
self::OFFLINE_ACCESS,
|
|
self::CHANGE_SKIN,
|
|
];
|
|
|
|
public function getScopeEntityByIdentifier($identifier): ?ScopeEntityInterface {
|
|
$identifier = $this->convertToInternalPermission($identifier);
|
|
if (!in_array($identifier, self::ALLOWED_SCOPES, true)) {
|
|
return null;
|
|
}
|
|
|
|
return new ScopeEntity($identifier);
|
|
}
|
|
|
|
public function finalizeScopes(
|
|
array $scopes,
|
|
$grantType,
|
|
ClientEntityInterface $clientEntity,
|
|
$userIdentifier = null
|
|
): array {
|
|
return $scopes;
|
|
}
|
|
|
|
private function convertToInternalPermission(string $publicScope): string {
|
|
return self::PUBLIC_SCOPES_TO_INTERNAL_PERMISSIONS[$publicScope] ?? $publicScope;
|
|
}
|
|
|
|
}
|