This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * Copyright (c) Enalean, 2014. All rights reserved |
||
5 | * |
||
6 | * This file is a part of Tuleap. |
||
7 | * |
||
8 | * Tuleap is free software; you can redistribute it and/or modify |
||
9 | * it under the terms of the GNU General Public License as published by |
||
10 | * the Free Software Foundation; either version 2 of the License, or |
||
11 | * (at your option) any later version. |
||
12 | * |
||
13 | * Tuleap is distributed in the hope that it will be useful, |
||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | * GNU General Public License for more details. |
||
17 | * |
||
18 | * You should have received a copy of the GNU General Public License |
||
19 | * along with Tuleap. If not, see <http://www.gnu.org/licenses/ |
||
20 | */ |
||
21 | |||
22 | class Admin_PermissionDelegationController { |
||
23 | |||
24 | const REDIRECT_URL = '/admin/permission_delegation.php'; |
||
25 | |||
26 | /** |
||
27 | * @var Codendi_Request |
||
28 | */ |
||
29 | private $request; |
||
30 | |||
31 | /** |
||
32 | * @var TemplateRenderer |
||
33 | */ |
||
34 | private $renderer; |
||
35 | |||
36 | /** |
||
37 | * @var User_ForgeUserGroupPermissionsFactory |
||
38 | */ |
||
39 | private $user_group_permissions_factory; |
||
40 | |||
41 | /** |
||
42 | * @var User_ForgeUserGroupPermissionsManager |
||
43 | */ |
||
44 | private $user_group_permissions_manager; |
||
45 | |||
46 | /** |
||
47 | * @var User_ForgeUserGroupFactory |
||
48 | */ |
||
49 | private $user_group_factory; |
||
50 | |||
51 | /** |
||
52 | * @var User_ForgeUserGroupUsersFactory |
||
53 | */ |
||
54 | private $user_group_users_factory; |
||
55 | |||
56 | /** |
||
57 | * @var User_ForgeUserGroupUsersManager |
||
58 | */ |
||
59 | private $user_group_users_manager; |
||
60 | |||
61 | /** |
||
62 | * |
||
63 | * @var User_ForgeUserGroupManager |
||
64 | */ |
||
65 | private $user_group_manager; |
||
66 | |||
67 | |||
68 | public function __construct(Codendi_Request $request) { |
||
69 | $this->request = $request; |
||
70 | $this->renderer = TemplateRendererFactory::build()->getRenderer($this->getTemplatesDir()); |
||
71 | |||
72 | $permissions_dao = new User_ForgeUserGroupPermissionsDao(); |
||
73 | $this->user_group_permissions_factory = new User_ForgeUserGroupPermissionsFactory($permissions_dao); |
||
74 | $this->user_group_permissions_manager = new User_ForgeUserGroupPermissionsManager($permissions_dao); |
||
75 | |||
76 | $user_group_dao = new UserGroupDao(); |
||
77 | $this->user_group_factory = new User_ForgeUserGroupFactory($user_group_dao); |
||
78 | $this->user_group_manager = new User_ForgeUserGroupManager($user_group_dao); |
||
79 | |||
80 | $user_group_users_dao = new User_ForgeUserGroupUsersDao(); |
||
81 | $this->user_group_users_factory = new User_ForgeUserGroupUsersFactory($user_group_users_dao); |
||
82 | $this->user_group_users_manager = new User_ForgeUserGroupUsersManager($user_group_users_dao); |
||
83 | } |
||
84 | |||
85 | private function redirect($id = null) { |
||
86 | if ($id) { |
||
87 | $redirect = http_build_query(array('id' => $id)); |
||
88 | $GLOBALS['Response']->redirect(self::REDIRECT_URL.'/?'.$redirect); |
||
89 | } |
||
90 | |||
91 | $GLOBALS['Response']->redirect(self::REDIRECT_URL.'/'); |
||
92 | } |
||
93 | |||
94 | public function process() { |
||
95 | switch ($this->request->get('action')) { |
||
96 | case 'show-add-group': |
||
97 | $this->showAddGroup(); |
||
98 | break; |
||
99 | |||
100 | case 'show-edit-group': |
||
101 | $this->showEditGroup($this->request->get('id')); |
||
102 | break; |
||
103 | |||
104 | case 'update-group': |
||
105 | $this->updateGroup(); |
||
106 | break; |
||
107 | |||
108 | case 'show-delete-group': |
||
109 | $this->showDeleteGroup($this->request->get('id')); |
||
110 | break; |
||
111 | |||
112 | case 'delete-group': |
||
113 | $this->deleteGroup(); |
||
114 | break; |
||
115 | |||
116 | case 'show-add-permissions': |
||
117 | $this->showAddPermissions($this->request->get('id')); |
||
118 | break; |
||
119 | |||
120 | case 'add-permissions': |
||
121 | $this->addPermissions(); |
||
122 | break; |
||
123 | |||
124 | case 'delete-permissions': |
||
125 | $this->deletePermissions(); |
||
126 | break; |
||
127 | case 'manage-users': |
||
128 | $this->manageUsers(); |
||
129 | break; |
||
130 | |||
131 | case 'index': |
||
132 | default : |
||
133 | $this->index(); |
||
134 | break; |
||
135 | } |
||
136 | } |
||
137 | |||
138 | private function showAddGroup() { |
||
139 | $presenter = new Admin_PermissionDelegationGroupModalPresenter(); |
||
140 | $this->renderer->renderToPage('group_modal', $presenter); |
||
141 | } |
||
142 | |||
143 | private function showEditGroup($group_id) { |
||
144 | $group = $this->user_group_factory->getForgeUserGroupById($group_id); |
||
145 | |||
146 | $presenter = new Admin_PermissionDelegationGroupModalPresenter($group); |
||
147 | $this->renderer->renderToPage('group_modal', $presenter); |
||
148 | } |
||
149 | |||
150 | private function updateGroup() { |
||
151 | $id = $this->request->get('id'); |
||
152 | $name = $this->request->get('name'); |
||
153 | $description = $this->request->get('description'); |
||
154 | |||
155 | try { |
||
156 | if ($id) { |
||
157 | $user_group = new User_ForgeUGroup($id, $name, $description); |
||
158 | $this->user_group_manager->updateUserGroup($user_group); |
||
159 | } else { |
||
160 | $user_group = $this->user_group_factory->createForgeUGroup($name, $description); |
||
161 | $this->request->set('id', $user_group->getId()); |
||
162 | } |
||
163 | |||
164 | } catch (User_UserGroupNameInvalidException $e) { |
||
165 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'user_group_already_exists')); |
||
166 | |||
167 | } catch(User_UserGroupNotFoundException $e) { |
||
168 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
169 | } |
||
170 | |||
171 | $this->index(); |
||
172 | } |
||
173 | |||
174 | private function showDeleteGroup($group_id) { |
||
175 | $group = $this->user_group_factory->getForgeUserGroupById($group_id); |
||
176 | |||
177 | $presenter = new Admin_PermissionDelegationDeleteGroupModalPresenter($group); |
||
178 | $this->renderer->renderToPage('delete_group_modal', $presenter); |
||
179 | } |
||
180 | |||
181 | private function deleteGroup() { |
||
182 | $id = $this->request->get('id'); |
||
183 | |||
184 | if ($id) { |
||
185 | try { |
||
186 | $user_group = $this->user_group_factory->getForgeUserGroupById($id); |
||
187 | $this->user_group_manager->deleteForgeUserGroup($user_group); |
||
188 | |||
189 | } catch(User_UserGroupNotFoundException $e) { |
||
190 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
191 | } |
||
192 | } |
||
193 | |||
194 | $this->redirect(); |
||
195 | } |
||
196 | |||
197 | private function index() { |
||
198 | $groups = $this->user_group_factory->getAllForgeUserGroups(); |
||
199 | $current_id = $this->request->get('id'); |
||
200 | |||
201 | $formatted_groups = $this->getFormattedGroups($groups,$current_id); |
||
202 | $current_group_presenter = $this->getCurrentGroupPresenter($formatted_groups); |
||
203 | |||
204 | $presenter = new Admin_PermissionDelegationIndexPresenter($formatted_groups, $current_group_presenter); |
||
205 | |||
206 | $this->header(); |
||
207 | $this->renderer->renderToPage('index', $presenter); |
||
208 | $this->footer(); |
||
209 | } |
||
210 | |||
211 | private function getCurrentGroupPresenter(array $formatted_groups) { |
||
212 | foreach ($formatted_groups as $formatted_group) { |
||
213 | try { |
||
214 | if ($formatted_group['is_current']) { |
||
215 | $user_group = $this->user_group_factory->getForgeUserGroupById($formatted_group['id']); |
||
216 | $permissions = $this->user_group_permissions_factory->getPermissionsForForgeUserGroup($user_group); |
||
217 | $users = $this->user_group_users_factory->getAllUsersFromForgeUserGroup($user_group); |
||
218 | return new Admin_PermissionDelegationGroupPresenter($user_group, $permissions, $users); |
||
219 | } |
||
220 | } catch (User_ForgeUserGroupPermission_NotFoundException $e) { |
||
221 | return null; |
||
222 | } |
||
223 | } |
||
224 | |||
225 | return null; |
||
226 | } |
||
227 | |||
228 | private function getFormattedGroups(array $groups, $current_id) { |
||
229 | $formatted_groups = array(); |
||
230 | |||
231 | foreach ($groups as $group) { |
||
232 | $formatted_groups[] = array( |
||
233 | 'id' => $group->getId(), |
||
234 | 'name' => $group->getName(), |
||
235 | 'is_current' => $group->getId() == $current_id, |
||
236 | ); |
||
237 | } |
||
238 | |||
239 | if (! $current_id && $formatted_groups) { |
||
0 ignored issues
–
show
|
|||
240 | $formatted_groups[0]['is_current'] = true; |
||
241 | } |
||
242 | |||
243 | return $formatted_groups; |
||
244 | } |
||
245 | |||
246 | private function showAddPermissions($group_id) { |
||
247 | $group = $this->user_group_factory->getForgeUserGroupById($group_id); |
||
248 | $unused_permissions = $this->user_group_permissions_factory->getAllUnusedForgePermissionsForForgeUserGroup($group); |
||
249 | |||
250 | $presenter = new Admin_PermissionDelegationPermissionsModalPresenter($group, $unused_permissions); |
||
251 | $this->renderer->renderToPage('permissions_modal', $presenter); |
||
252 | } |
||
253 | |||
254 | private function addPermissions() { |
||
255 | $id = $this->request->get('id'); |
||
256 | $permission_ids = $this->request->get('permissions'); |
||
257 | |||
258 | if ($id) { |
||
259 | try { |
||
260 | $user_group = $this->user_group_factory->getForgeUserGroupById($id); |
||
261 | |||
262 | foreach ($permission_ids as $permission_id) { |
||
263 | $permission = $this->user_group_permissions_factory->getForgePermissionById($permission_id); |
||
264 | $this->user_group_permissions_manager->addPermission($user_group, $permission); |
||
265 | } |
||
266 | |||
267 | } catch(User_UserGroupNotFoundException $e) { |
||
268 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
269 | |||
270 | } catch(User_ForgeUserGroupPermission_NotFoundException $e) { |
||
271 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'permission_not_found')); |
||
272 | } |
||
273 | } |
||
274 | |||
275 | $this->redirect($id); |
||
276 | } |
||
277 | |||
278 | private function deletePermissions() { |
||
279 | $id = $this->request->get('id'); |
||
280 | $permission_ids = $this->request->get('permissions'); |
||
281 | |||
282 | if ($id) { |
||
283 | try { |
||
284 | $user_group = $this->user_group_factory->getForgeUserGroupById($id); |
||
285 | |||
286 | foreach ($permission_ids as $permission_id) { |
||
287 | $permission = $this->user_group_permissions_factory->getForgePermissionById($permission_id); |
||
288 | $this->user_group_permissions_manager->deletePermission($user_group, $permission); |
||
289 | } |
||
290 | |||
291 | } catch(User_UserGroupNotFoundException $e) { |
||
292 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
293 | } catch(User_ForgeUserGroupPermission_NotFoundException $e) { |
||
294 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'permission_not_found')); |
||
295 | } |
||
296 | } |
||
297 | |||
298 | $this->redirect($id); |
||
299 | } |
||
300 | |||
301 | private function header() { |
||
302 | $GLOBALS['HTML']->header(array('title' => $GLOBALS['Language']->getText('admin_permission_delegation', 'page_title'))); |
||
303 | echo '<script type="text/javascript" src="/scripts/admin/permission_delegation.js"></script>'; |
||
304 | } |
||
305 | |||
306 | private function footer() { |
||
307 | $GLOBALS['HTML']->footer(array()); |
||
308 | } |
||
309 | |||
310 | private function getTemplatesDir() { |
||
311 | return ForgeConfig::get('codendi_dir') .'/src/templates/admin/permission_delegation/'; |
||
312 | } |
||
313 | |||
314 | private function getUserManager() { |
||
315 | return UserManager::instance(); |
||
316 | } |
||
317 | |||
318 | private function manageUsers() { |
||
319 | if ($this->request->get('remove-users')) { |
||
320 | $this->removeUsersFromGroup(); |
||
321 | } elseif ($this->request->get('add-user')) { |
||
322 | $this->addUserToGroup(); |
||
323 | } |
||
324 | |||
325 | $this->redirect(); |
||
326 | } |
||
327 | |||
328 | private function addUserToGroup() { |
||
329 | $group_id = $this->request->get('id'); |
||
330 | $user = $this->request->get('user'); |
||
331 | |||
332 | if ($user) { |
||
333 | $user = $this->getUserManager()->findUser($user); |
||
334 | } |
||
335 | |||
336 | if ($group_id && $user) { |
||
337 | try { |
||
338 | $user_group = $this->user_group_factory->getForgeUserGroupById($group_id); |
||
339 | $this->user_group_users_manager->addUserToForgeUserGroup($user, $user_group); |
||
340 | } catch (User_UserGroupNotFoundException $e) { |
||
341 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
342 | } |
||
343 | } |
||
344 | |||
345 | $this->redirect($group_id); |
||
346 | } |
||
347 | |||
348 | private function removeUsersFromGroup() { |
||
349 | $group_id = $this->request->get('id'); |
||
350 | $user_ids = $this->request->get('user-ids'); |
||
351 | |||
352 | if ($group_id) { |
||
353 | try { |
||
354 | $user_group = $this->user_group_factory->getForgeUserGroupById($group_id); |
||
355 | $this->removeUsers($user_group, $user_ids); |
||
356 | |||
357 | } catch (User_UserGroupNotFoundException $e) { |
||
358 | $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('admin_permission_delegation', 'ugroup_not_found')); |
||
359 | } |
||
360 | } |
||
361 | |||
362 | $this->redirect($group_id); |
||
363 | } |
||
364 | |||
365 | private function removeUsers($user_group, $user_ids) { |
||
366 | foreach ($user_ids as $user_id) { |
||
367 | $user = $this->getUserManager()->getUserById($user_id); |
||
368 | |||
369 | if ($user) { |
||
370 | $this->user_group_users_manager->removeUserFromForgeUserGroup($user, $user_group); |
||
371 | } |
||
372 | } |
||
373 | } |
||
374 | } |
||
375 | ?> |
||
376 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.