View GitHub Repository Expendable

Schedule Inspection
Subscribe
Completed
Push — master ( ad686c...badfda )
by Maxime
06:32 queued 03:47
created

UserUtils::isNotSuperAdmin()   A

↳ Parent: UserUtils

Complexity

Conditions 2
Paths 2

Size

Total Lines 3
Code Lines 1

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 2
CRAP Score 2

Importance

Changes 0
Metric Value
eloc 1
dl 0
loc 3
ccs 2
cts 2
cp 1
rs 10
c 0
b 0
f 0
cc 2
nc 2
nop 0
crap 2
1 
<?php namespace Distilleries\Expendable\Helpers;
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
use \Auth;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                
use \Session;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
class UserUtils

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                             162                         
                
                
                
    public static function isBackendRole()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                             162                         
                
                
                
        $user = Auth::user();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                             162                         
                
                
                
        if (empty($user)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                             34                         
                
                
                
            return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                             130                         
                
                
                
        return !empty(Auth::user()->role) && (Auth::user()->role->initials == '@sa' || Auth::user()->role->initials == '@a');

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
Accessing role on the interface Illuminate\Contracts\Auth\Authenticatable suggest that you code against a concrete implementation. How about adding an instanceof check?
                                                                                                                                                    

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
    public static function frontendInitialRole()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
        return [

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
            '@g', //guest

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
        ];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
    public static function isFrontendRole()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
        $user = Auth::user();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
        if (empty($user)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
            return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
        return !empty(Auth::user()->role) && in_array(Auth::user()->role->initials, self::frontendInitialRole());

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
Accessing role on the interface Illuminate\Contracts\Auth\Authenticatable suggest that you code against a concrete implementation. How about adding an instanceof check?
                                                                                                                                                    

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    41
                

                                    
                             2                         
                
                
                
    public static function get()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                             2                         
                
                
                
        return Auth::user();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                             40                         
                
                
                
    public static function getEmail()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                             40                         
                
                
                
        return Auth::user()->getEmailForPasswordReset();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    51
                

                                    
                             40                         
                
                
                
    public static function getDisplayName()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    53
                

                                    
                             40                         
                
                
                
        return Auth::user()->getEmailForPasswordReset();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    56
                

                                    
                             6                         
                
                
                
    public static function isNotSuperAdmin()

            


            
                                                                        
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                
    {

            


            
                                                                        
                            
            
                                    
            
            

                
                    58
                

                                    
                             6                         
                
                
                
        return !empty(Auth::user()->role) && Auth::user()->role->initials != '@sa';

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
Accessing role on the interface Illuminate\Contracts\Auth\Authenticatable suggest that you code against a concrete implementation. How about adding an instanceof check?
                                                                                                                                                    

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    62
                

                                    
                             12                         
                
                
                
    public static function setArea($area)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    64
                

                                    
                             12                         
                
                
                
        Session::put('permissions', $area);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    65
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    66
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    67
                

                                    
                             6                         
                
                
                
    public static function getArea()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    68
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    69
                

                                    
                             6                         
                
                
                
        return Session::get('permissions');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    70
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    71
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    72
                

                                    
                             8                         
                
                
                
    public static function forgotArea()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    73
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    74
                

                                    
                             8                         
                
                
                
        Session::forget('permissions');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    75
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    76
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    77
                

                                    
                             4                         
                
                
                
    public static function hasAccess($key)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    78
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    79
                

                                    
                             4                         
                
                
                
        $key  = ltrim($key, "\\");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    80
                

                                    
                             4                         
                
                
                
        $area = self::getArea();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    81
                

                                    
                             4                         
                
                
                
        $area = (is_array($area) && !empty($area)) ? $area : [];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    82
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    83
                

                                    
                             4                         
                
                
                
        return in_array($key, $area);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    84
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    85
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    86
                

                                    
                             162                         
                
                
                
    public static function hasDisplayAllStatus()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    87
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    88
                

                                    
                             162                         
                
                
                
        return Session::get('display_all_status', false);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    89
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    90
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    91
                

                                    
                             54                         
                
                
                
    public static function forgotDisplayAllStatus()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    92
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    93
                

                                    
                             54                         
                
                
                
        Session::forget('display_all_status');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    94
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    95
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    96
                

                                    
                             122                         
                
                
                
    public static function setDisplayAllStatus()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    97
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    98
                

                                    
                             122                         
                
                
                
        Session::put('display_all_status', true);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    99
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    100
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    101
                

                                    
                             8                         
                
                
                
    public static function setIsLoggedIn()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    102
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    103
                

                                    
                             8                         
                
                
                
        if (session_id() == '')

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    104
                

                                    
                                                    
                
                
                
        {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    105
                

                                    
                             5                         
                
                
                
            @session_start();

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Security
            Best Practice
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                                
                            
                        

                                        
It seems like you do not handle an error condition for session_start(). This can introduce security issues, and is generally not recommended.
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-unhandled   annotation

                                    

                                        

                                            105
                                            
                                                
            /** @scrutinizer ignore-unhandled */ @session_start();

                                        

                                                                            

                                

                                                                        

                    
                                            

                            

                            

                                
                                    
                                
                            


                            
If you suppress an error, we recommend checking for the error condition explicitly:


// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}





                        

                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    106
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    107
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    108
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    109
                

                                    
                             8                         
                
                
                
        $_SESSION['isLoggedIn'] = true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    110
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    111
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    112
                

                                    
                             8                         
                
                
                
    public static function forgotIsLoggedIn()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    113
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    114
                

                                    
                             8                         
                
                
                
        $session_id = session_id();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    115
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    116
                

                                    
                             8                         
                
                
                
        if (!empty($session_id))

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    117
                

                                    
                                                    
                
                
                
        {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    118
                

                                    
                             4                         
                
                
                
            unset($_SESSION['isLoggedIn']);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    119
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    120
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    121
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    122
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    123
                

                                    
                             4                         
                
                
                
    public static function securityCheckLockEnabled()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    124
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    125
                

                                    
                             4                         
                
                
                
        return config('expendable.auth.security_enabled') === true;

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    126
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    127
                

                                    
                                                    
                
                
                
}