You are here

Home » API reference » Google Authenticator / 2 Factor Authentication - 2FA 8.2 » MoAuthUtilities.php » MoAuthUtilities

static function MoAuthUtilities::isUserCanSee2FASettings in Google Authenticator / 2 Factor Authentication - 2FA 8.2

2 calls to MoAuthUtilities::isUserCanSee2FASettings()
miniorange_2fa_menu_local_tasks_alter in ./miniorange_2fa.module
UserMfaSetup::buildForm in src/Form/UserMfaSetup.php
Form constructor.

File

src/MoAuthUtilities.php, line 725
This file is part of miniOrange 2FA module.

Class

MoAuthUtilities

Namespace

Drupal\miniorange_2fa

Code

static function isUserCanSee2FASettings() {

  // User can see MFA settings only iff

  /**
   * 1. User is Admin
   * 2. User is authenticated and his roles and email is appropriate to see the MFA settings
   *
   * **/
  $variableAndValues = self::miniOrange_set_get_configurations([
    'allow_end_users_to_decide',
    'end_users_can_decide_without_rules',
    'skip_not_allowed_for_secured_users',
    'only_some_admins_can_edit_2fa_configs',
    'list_of_admins_who_can_edit_2fa_configs',
  ], "GET");
  $account = \Drupal::currentUser();
  $separator = FALSE;
  $user_id = 0;
  $path = \Drupal::service('path.current')
    ->getPath();
  if (strpos($path, "user") !== FALSE) {
    $separator = "user/";
  }
  if (strpos($path, "mfa_setup") !== FALSE) {
    $separator = "mfa_setup/";
  }
  if ($separator !== FALSE) {
    $user_id = explode("/", explode($separator, $path)[1])[0];
  }

  // user is authenticated and he has the admin rights
  $includedAdmin = TRUE;
  if ($account
    ->isAuthenticated() && $account
    ->hasPermission('administer users') && $variableAndValues['only_some_admins_can_edit_2fa_configs']) {
    $userIdsOfAdmins = str_replace(" ", "", $variableAndValues['list_of_admins_who_can_edit_2fa_configs']);
    $userIdsOfAdmins = explode(';', $userIdsOfAdmins);
    $includedAdmin = in_array(strval($account
      ->id()), $userIdsOfAdmins);
  }
  if ($account
    ->isAuthenticated() && $account
    ->hasPermission('administer users')) {
    if ($includedAdmin) {
      return TRUE;
    }
    if (!$includedAdmin && intval($user_id) !== intval($account
      ->id())) {
      return FALSE;
    }
  }

  // Iff opt-in opt out is disabled or user is not logged in then he can't see the 2FA settings
  if (!$variableAndValues['allow_end_users_to_decide'] || !$account
    ->isAuthenticated()) {
    return FALSE;
  }
  elseif ($variableAndValues['end_users_can_decide_without_rules'] || MoAuthUtilities::isTFARequired($account
    ->getRoles(), $account
    ->getEmail())) {
    return TRUE;
  }
  else {
    $tfaEnabled = FALSE;
    $custom_attributes = self::get_users_custom_attribute($account
      ->id());
    if (count($custom_attributes) > 0) {
      $tfaEnabled = $custom_attributes[0]->enabled == 1;
    }
    if ($tfaEnabled) {
      return TRUE;
    }
  }
  return FALSE;
}