Is it possible to intercept calls to functions of a class?

1

In a multi-level user application, not everyone can access / use the same methods, is there any way to intercept the call of a method / function so that it can be validated according to the user level? / p>

EX:  Common user tries to create another user by accessing "users / create" , the call would look something like this:

Class usuarios {

  function criar () {
   // cria usuario
  }

}

The ideal would be:

Class usuarios {

   function __intercept($function_name) {

     $normal_methods = array('perfil', 'deslogar');
     $admin_methods = array('criar','excluir','editar', 'perfil', 'deslogar');


    if(tiver permisao) {
  in_array(...);
    //continue
    } else { 
    // redireciona
     }


   }

   function criar (){
   //cria usuario
   }

}
    
asked by anonymous 14.08.2017 / 03:54

2 answers

0

I recommend you create a table in your database for example: tbl_permissoes

Table tbl_users

+----------------------------+
| ID   | USERNAME | PASSWORD |
+----------------------------+
|    1 |   USER01 | PASSWORD |
|    2 |   USER02 | PASSWORD |
|    3 |   USER03 | PASSWORD |
+----------------------------+

tbl_permissoes table: contains a user_id column, and the other columns as in the example below are the areas or methods that the user may or may not have access to, strong> 0 is not allowed and 1 is allowed.

+-----------------------------------------+
| ID   | USER_ID | CREATE | EDIT | DELETE |
+-----------------------------------------+
|    1 |       1 |      1 |    0 |      0 |
|    1 |       2 |      1 |    1 |      1 |
|    1 |       3 |      0 |    0 |      1 |
+-----------------------------------------+

As I am currently not having access to a database, I tested it at link

<?php
$Users = [
    1 => [
        'id' => 1,
        'nome' => 'USER01',
        'permissoes' => [
            'create' =>  1,
            'edit' => 0,
            'delete' => 0
        ]
    ],
    2 => [
        'id' => 2,
        'nome' => 'USER02',
        'permissoes' => [
            'create' =>  1,
            'edit' => 1,
            'delete' => 0
        ]
    ],
    3 => [
        'id' => 3,
        'nome' => 'USER03',
        'permissoes' => [
            'create' =>  1,
            'edit' => 1,
            'delete' => 1
        ]
    ],
    4 => [
        'id' => 4,
        'nome' => 'USER04',
        'permissoes' => [
            'create' =>  0,
            'edit' => 0,
            'delete' => 1
        ]
    ]
];


Class usuarios {
    /**
     * Função para verificar se o usuário logado
     * tem permissão para acessar uma página / método etc..
     */
    function verificarPermissao($UserID, $FuncName) {
        global $Users;
        if($Users[$UserID]["permissoes"][$FuncName] === 1) {
            $this->$FuncName();
        } else { 
            echo "Usuário não tem permissão para executar: {$FuncName}\n";
        }

    }

    function create() {
        echo "Usuário tem permissão para criar\n";
    }

    function edit() {
        echo "Usuário tem permissão para editar\n";
    }

    function delete() {
        echo "Usuário tem permissão para deletar\n";
    }
}

$user1 = new usuarios();
$user1->verificarPermissao(1, 'edit');
$user1->verificarPermissao(1, 'create');
$user1->verificarPermissao(1, 'delete');
echo "\n\n";
$user2 = new usuarios();
$user2->verificarPermissao(2, 'edit');
$user2->verificarPermissao(2, 'create');
$user2->verificarPermissao(2, 'delete');
echo "\n\n";
$user3 = new usuarios();
$user3->verificarPermissao(3, 'edit');
$user3->verificarPermissao(3, 'create');
$user3->verificarPermissao(3, 'delete');
echo "\n\n";
$user4 = new usuarios();
$user4->verificarPermissao(4, 'edit');
$user4->verificarPermissao(4, 'create');
$user4->verificarPermissao(4, 'delete');
    
14.08.2017 / 04:58
0

In PHP, the method __call() is called when the method does not exist in the class.

Suddenly you can do something like this:

public function __call($metodo, $parametros){
    if($metodo == "inserir"){
        // delega para o o codigo que insere
    }
    if($metodo == "excluir"){
        // delega para o o codigo que exclui
    }
    ...
}

At the time of calling you call as if the method existed, but in practice it is in __call() that it will enter:

$usuarios->inserir();
    
14.08.2017 / 05:08