From 9e8d69739f21e5ac85977d57a2a6c961e318c26e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 10 Nov 2021 20:44:51 +0300
Subject: add two helper account access levels:  - read only - can't subscribe
 to more feeds, feed updates are skipped  - disabled - can't login define used
 access levels as UserHelper constants and refactor code to use them instead
 of hardcoded numbers

---
 classes/userhelper.php | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'classes/userhelper.php')

diff --git a/classes/userhelper.php b/classes/userhelper.php
index 1cdd320a1..ea714b76b 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -17,6 +17,21 @@ class UserHelper {
 		self::HASH_ALGO_SHA1
 	];
 
+	/** forbidden to login */
+	const ACCESS_LEVEL_DISABLED 		= -2;
+
+	/** can't subscribe to new feeds, feeds are not updated */
+	const ACCESS_LEVEL_READONLY		= -1;
+
+	/** no restrictions, regular user */
+	const ACCESS_LEVEL_USER				= 0;
+
+	/** not used, same as regular user */
+	const ACCESS_LEVEL_POWERUSER		= 5;
+
+	/** has administrator permissions */
+	const ACCESS_LEVEL_ADMIN			= 10;
+
 	static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
 		if (!Config::get(Config::SINGLE_USER_MODE)) {
 			$user_id = false;
@@ -41,7 +56,7 @@ class UserHelper {
 
 				$user = ORM::for_table('ttrss_users')->find_one($user_id);
 
-				if ($user) {
+				if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) {
 					$_SESSION["uid"] = $user_id;
 					$_SESSION["auth_module"] = $auth_module;
 					$_SESSION["name"] = $user->login;
@@ -68,7 +83,7 @@ class UserHelper {
 
 			$_SESSION["uid"] = 1;
 			$_SESSION["name"] = "admin";
-			$_SESSION["access_level"] = 10;
+			$_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN;
 
 			$_SESSION["hide_hello"] = true;
 			$_SESSION["hide_logout"] = true;
-- 
cgit v1.2.3-54-g00ecf