User::assert_permission() - Code Metrics - Inspection of "Better coverage white list" - Icybee/module-users - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 4.0 ( af9dea...2073b3 )

by Olivier

created 2017-03-09 08:06 UTC

User::assert_permission() A

↳ Parent: User

Complexity

Conditions	2
Paths	2

Size

Total Lines	7
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	7
rs	9.4285
cc	2
eloc	3
nc	2
nop	2

<?php

/*
 * This file is part of the Icybee package.
 *
 * (c) Olivier Laviale <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Icybee\Modules\Users;

use ICanBoogie\ActiveRecord;

use Brickrouge\AlterCSSClassNamesEvent;
use Brickrouge\CSSClassNames;
use Brickrouge\CSSClassNamesProperty;

use Icybee\Modules\Registry\Binding\UserBindings as RegistryBindings;

/**
 * A user.
 *
 * @property-read UserModel $model
 * @property-read \ICanBoogie\Core|Binding\ApplicationBindings $app
 *
 * @property-read string $name The formatted name of the user.
 * @property-read boolean $is_admin true if the user is admin, false otherwise.
 * @property-read boolean $is_guest true if the user is a guest, false otherwise.
 *
 * @property-read string $password_hash The password hash.
 * @property-read bool|null $has_legacy_password_hash Whether the password hash is a legacy hash.
 * {@link User::get_has_legacy_password_hash()}.
 */
class User extends ActiveRecord implements CSSClassNames
{
	use RegistryBindings;
	use ActiveRecord\Property\CreatedAtProperty;
	use LoggedAtProperty;
	use CSSClassNamesProperty;
	use PasswordTrait;

	const MODEL_ID = 'users';

	const UID = 'uid';
	const EMAIL = 'email';
	const PASSWORD = 'password';
	const PASSWORD_HASH = 'password_hash';
	const PASSWORD_VERIFY = 'password-verify';
	const USERNAME = 'username';
	const FIRSTNAME = 'firstname';
	const LASTNAME = 'lastname';
	const NICKNAME = 'nickname';
	const CREATED_AT = 'created_at';
	const LOGGED_AT = 'logged_at';
	const CONSTRUCTOR = 'constructor';
	const LANGUAGE = 'language';
	const TIMEZONE = 'timezone';
	const IS_ACTIVATED = 'is_activated';
	const ROLES = 'roles';
	const RESTRICTED_SITES = 'restricted_sites';

	const NAME_AS = 'name_as';

	/**
	 * The {@link $name} property should be created from `$username`.
	 *
	 * @var int
	 */
	const NAME_AS_USERNAME = 0;

	/**
	 * The {@link $name} property should be created from `$firstname`.
	 *
	 * @var int
	 */
	const NAME_AS_FIRSTNAME = 1;

	/**
	 * The {@link $name} property should be created from `$lastname`.
	 *
	 * @var int
	 */
	const NAME_AS_LASTNAME = 2;

	/**
	 * The {@link $name} property should be created from `$firstname $lastname`.
	 *
	 * @var int
	 */
	const NAME_AS_FIRSTNAME_LASTNAME = 3;

	/**
	 * The {@link $name} property should be created from `$lastname $firstname`.
	 *
	 * @var int
	 */
	const NAME_AS_LASTNAME_FIRSTNAME = 4;

	/**
	 * The {@link $name} property should be created from `$nickname`.
	 *
	 * @var int
	 */
	const NAME_AS_NICKNAME = 5;

	/**
	 * @inheritdoc
	 *
	 * The method takes care of setting the {@link password_hash} property which is not
	 * settable otherwise.
	 *
	 * @return static
	 */
	static public function from($properties = null, array $construct_args = [], $class_name = null)
	{
		if (!is_array($properties) || !array_key_exists('password_hash', $properties))
		{
			return parent::from($properties, $construct_args, $class_name);
		}

		$password_hash = $properties['password_hash'];
		unset($properties['password_hash']);
		$instance = parent::from($properties, $construct_args);
		$instance->password_hash = $password_hash;

		return $instance;
	}

	/**
	 * User identifier.
	 *
	 * @var string
	 */
	public $uid;

	/**
	 * Constructor of the user record (module id).
	 *
	 * The property MUST be defined to persist the record.
	 *
	 * @var string
	 */
	public $constructor;

	/**
	 * User email.
	 *
	 * The property MUST be defined to persist the record.
	 *
	 * @var string
	 */
	public $email;

	/**
	 * Username of the user.
	 *
	 * The property MUST be defined to persist the record.
	 *
	 * @var string
	 */
	public $username;

	/**
	 * First name of the user.
	 *
	 * @var string
	 */
	public $firstname = '';

	/**
	 * Last name of the user.
	 *
	 * @var string
	 */
	public $lastname = '';

	/**
	 * Nickname of the user.
	 *
	 * @var string
	 */
	public $nickname = '';

	/**
	 * Preferred format to create the value of the {@link $name} property.
	 *
	 * @var string
	 */
	public $name_as = self::NAME_AS_USERNAME;

	/**
	 * Preferred language of the user.
	 *
	 * @var string
	 */
	public $language = '';

	/**
	 * Preferred timezone of the user.
	 *
	 * @var string
	 */
	public $timezone = '';

	/**
	 * State of the user account activation.
	 *
	 * @var bool
	 */
	public $is_activated = false;

	/**
	 * If empty, the {@link $constructor} property is initialized with the model identifier.
	 *
	 * @inheritdoc
	 */
	public function __construct($model = null)
	{
		parent::__construct($model);

		if (empty($this->constructor))
		{
			$this->constructor = $this->model_id;
		}
	}

	/**
	 * @inheritdoc
	 */
	public function __get($property)
	{
		$value = parent::__get($property);

		if ($property === 'css_class_names')
		{
			new AlterCSSClassNamesEvent($this, $value);
		}

		return $value;
	}

	/**
	 * @inheritdoc
	 */
	public function create_validation_rules()
	{
		return [

			'username' => 'required',
			'email' => 'required|email|unique',
			'timezone' => 'timezone'

		];
	}

	/**
	 * @inheritdoc
	 */
	public function save(array $options = [])
	{
		if ($this->get_created_at()->is_empty)
		{
			$this->set_created_at('now');
		}

		return parent::save($options);
	}

	/**
	 * Adds the {@link $password_hash} property.
	 */
	public function to_array()
	{
		$array = parent::to_array();

		if ($this->password_hash)
		{
			$array['password_hash'] = $this->password_hash;
		}

		return $array;
	}

	/**
	 * Returns the formatted name of the user.
	 *
	 * The format of the name is defined by the {@link $name_as} property. The {@link $username},
	 * {@link $firstname}, {@link $lastname} and {@link $nickname} properties can be used to
	 * format the name.
	 *
	 * This is the getter for the {@link $name} magic property.
	 *
	 * @return string
	 */
	protected function get_name()
	{
		$values = [

			self::NAME_AS_USERNAME => $this->username,
			self::NAME_AS_FIRSTNAME => $this->firstname,
			self::NAME_AS_LASTNAME => $this->lastname,
			self::NAME_AS_FIRSTNAME_LASTNAME => $this->firstname . ' ' . $this->lastname,
			self::NAME_AS_LASTNAME_FIRSTNAME => $this->lastname . ' ' . $this->firstname,
			self::NAME_AS_NICKNAME => $this->nickname

		];

		$rc = isset($values[$this->name_as]) ? $values[$this->name_as] : null;

		if (!trim($rc))
		{
			return $this->username;
		}

		return $rc;
	}

	/**
	 * Checks if the user is the admin user.
	 *
	 * This is the getter for the {@link $is_admin} magic property.
	 *
	 * @return boolean `true` if the user is the admin user, `false` otherwise.
	 */
	protected function get_is_admin()
	{
		return $this->uid == 1;
	}

	/**
	 * Checks if the user is a guest user.
	 *
	 * This is the getter for the {@link $is_guest} magic property.
	 *
	 * @return boolean `true` if the user is a guest user, `false` otherwise.
	 */
	protected function get_is_guest()
	{
		return !$this->uid;
	}

	/**
	 * Returns the ids of the sites the user is restricted to.
	 *
	 * This is the getter for the {@link $restricted_sites_ids} magic property.
	 *
	 * @return array The array is empty if the user has no site restriction.
	 */
	protected function lazy_get_restricted_sites_ids()
	{
		if ($this->is_admin)
		{
			return [];
		}

		return $this->model->models['users/has_many_sites']
		->select('site_id')
		->filter_by_uid($this->uid)
		->all(\PDO::FETCH_COLUMN);
	}

	/**
	 * Checks if the user has a given permission.
	 *
	 * @param string|int $permission
	 * @param mixed|null $resource
	 *
	 * @return mixed
	 */
	public function has_permission($permission, $resource = null)
	{
		if ($this->is_admin)
		{
			return Module::PERMISSION_ADMINISTER;
		}

		return $this->app->check_user_permission($this, $permission, $resource);
	}

	/**
	 * @param string|int $permission
	 * @param mixed|null $resource
	 *
	 * @throws UserLacksPermission if user lacks a required permission.
	 */
	public function assert_permission($permission, $resource = null)
	{
		if (!$this->has_permission($permission, $resource))
		{
			throw new UserLacksPermission($this, $permission, $resource);
		}
	}

	/**
	 * Determine if the user has ownership of a resource.
	 *
	 * @param mixed $resource
	 *
	 * @return bool
	 */
	public function has_ownership($resource)
	{
		return $this->app->check_user_ownership($this, $resource);
	}

	/**
	 * @param mixed $resource
	 *
	 * @throws UserLacksOwnership if the user lacks ownership of the resource.
	 */
	public function assert_ownership($resource)
	{
		if (!$this->has_ownership($resource))
		{
			throw new UserLacksOwnership($this, $resource);
		}
	}

	/**
	 * Logs the user in.
	 *
	 * A user is logged in by setting its id in the `user_id` session key.
	 *
	 * Note: The method does *not* check user authentication!
	 *
	 * The following things happen when the user is logged in:
	 *
	 * - The `$app->user` property is set to the user.
	 * - The `$app->user_id` property is set to the user id.
	 * - The session id is regenerated and the user id, ip and user agent are stored in the session.
	 *
	 * @throws \Exception in attempt to log in a guest user.
	 *
	 * @see \Icybee\Modules\Users\Hooks::get_user_id()
	 */
	public function login()
	{
		if (!$this->uid)
		{
			throw new \Exception('Guest users cannot login.');
		}

		$app = $this->app;
		$app->user = $this;
		$app->user_id = $this->uid;

		if (PHP_SAPI !== 'cli')
		{
			$app->session->regenerate();
		}

		$app->session['user_id'] = $this->uid;
	}

	/**
	 * Log the user out.
	 *
	 * The following things happen when the user is logged out:
	 *
	 * - The `$app->user` property is unset.
	 * - The `$app->user_id` property is unset.
	 * - The `user_id` session property is removed.
	 */
	public function logout()
	{
		$app = $this->app;

		if (PHP_SAPI !== 'cli')
		{
			$app->session->regenerate();
		}

		unset($app->user);
		unset($app->user_id);
		unset($app->session['user_id']);
	}

	/**
	 * @inheritdoc
	 */
	protected function get_css_class_names()
	{
		return [

			'type' => 'user',
			'id' => ($this->uid && !$this->is_guest) ? 'user-id-' . $this->uid : null,
			'username' => ($this->username && !$this->is_guest) ? 'user-' . $this->username : null,
			'constructor' => 'constructor-' . \ICanBoogie\normalize($this->constructor),
			'is-admin' => $this->is_admin,
			'is-guest' => $this->is_guest,
			'is-logged' => !$this->is_guest

		];
	}
}


1			<?php
2
3			/*
4			* This file is part of the Icybee package.
5			*
6			* (c) Olivier Laviale <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace Icybee\Modules\Users;
13
14			use ICanBoogie\ActiveRecord;
15
16			use Brickrouge\AlterCSSClassNamesEvent;
17			use Brickrouge\CSSClassNames;
18			use Brickrouge\CSSClassNamesProperty;
19
20			use Icybee\Modules\Registry\Binding\UserBindings as RegistryBindings;
21
22			/**
23			* A user.
24			*
25			* @property-read UserModel $model
26			* @property-read \ICanBoogie\Core\|Binding\ApplicationBindings $app
27			*
28			* @property-read string $name The formatted name of the user.
29			* @property-read boolean $is_admin true if the user is admin, false otherwise.
30			* @property-read boolean $is_guest true if the user is a guest, false otherwise.
31			*
32			* @property-read string $password_hash The password hash.
33			* @property-read bool\|null $has_legacy_password_hash Whether the password hash is a legacy hash.
34			* {@link User::get_has_legacy_password_hash()}.
35			*/
36			class User extends ActiveRecord implements CSSClassNames
37			{
38			use RegistryBindings;
39			use ActiveRecord\Property\CreatedAtProperty;
40			use LoggedAtProperty;
41			use CSSClassNamesProperty;
42			use PasswordTrait;
43
44			const MODEL_ID = 'users';
45
46			const UID = 'uid';
47			const EMAIL = 'email';
48			const PASSWORD = 'password';
49			const PASSWORD_HASH = 'password_hash';
50			const PASSWORD_VERIFY = 'password-verify';
51			const USERNAME = 'username';
52			const FIRSTNAME = 'firstname';
53			const LASTNAME = 'lastname';
54			const NICKNAME = 'nickname';
55			const CREATED_AT = 'created_at';
56			const LOGGED_AT = 'logged_at';
57			const CONSTRUCTOR = 'constructor';
58			const LANGUAGE = 'language';
59			const TIMEZONE = 'timezone';
60			const IS_ACTIVATED = 'is_activated';
61			const ROLES = 'roles';
62			const RESTRICTED_SITES = 'restricted_sites';
63
64			const NAME_AS = 'name_as';
65
66			/**
67			* The {@link $name} property should be created from `$username`.
68			*
69			* @var int
70			*/
71			const NAME_AS_USERNAME = 0;
72
73			/**
74			* The {@link $name} property should be created from `$firstname`.
75			*
76			* @var int
77			*/
78			const NAME_AS_FIRSTNAME = 1;
79
80			/**
81			* The {@link $name} property should be created from `$lastname`.
82			*
83			* @var int
84			*/
85			const NAME_AS_LASTNAME = 2;
86
87			/**
88			* The {@link $name} property should be created from `$firstname $lastname`.
89			*
90			* @var int
91			*/
92			const NAME_AS_FIRSTNAME_LASTNAME = 3;
93
94			/**
95			* The {@link $name} property should be created from `$lastname $firstname`.
96			*
97			* @var int
98			*/
99			const NAME_AS_LASTNAME_FIRSTNAME = 4;
100
101			/**
102			* The {@link $name} property should be created from `$nickname`.
103			*
104			* @var int
105			*/
106			const NAME_AS_NICKNAME = 5;
107
108			/**
109			* @inheritdoc
110			*
111			* The method takes care of setting the {@link password_hash} property which is not
112			* settable otherwise.
113			*
114			* @return static
115			*/
116			static public function from($properties = null, array $construct_args = [], $class_name = null)
117			{
118			if (!is_array($properties) \|\| !array_key_exists('password_hash', $properties))
119			{
120			return parent::from($properties, $construct_args, $class_name);
121			}
122
123			$password_hash = $properties['password_hash'];
124			unset($properties['password_hash']);
125			$instance = parent::from($properties, $construct_args);
126			$instance->password_hash = $password_hash;
127
128			return $instance;
129			}
130
131			/**
132			* User identifier.
133			*
134			* @var string
135			*/
136			public $uid;
137
138			/**
139			* Constructor of the user record (module id).
140			*
141			* The property MUST be defined to persist the record.
142			*
143			* @var string
144			*/
145			public $constructor;
146
147			/**
148			* User email.
149			*
150			* The property MUST be defined to persist the record.
151			*
152			* @var string
153			*/
154			public $email;
155
156			/**
157			* Username of the user.
158			*
159			* The property MUST be defined to persist the record.
160			*
161			* @var string
162			*/
163			public $username;
164
165			/**
166			* First name of the user.
167			*
168			* @var string
169			*/
170			public $firstname = '';
171
172			/**
173			* Last name of the user.
174			*
175			* @var string
176			*/
177			public $lastname = '';
178
179			/**
180			* Nickname of the user.
181			*
182			* @var string
183			*/
184			public $nickname = '';
185
186			/**
187			* Preferred format to create the value of the {@link $name} property.
188			*
189			* @var string
190			*/
191			public $name_as = self::NAME_AS_USERNAME;
192
193			/**
194			* Preferred language of the user.
195			*
196			* @var string
197			*/
198			public $language = '';
199
200			/**
201			* Preferred timezone of the user.
202			*
203			* @var string
204			*/
205			public $timezone = '';
206
207			/**
208			* State of the user account activation.
209			*
210			* @var bool
211			*/
212			public $is_activated = false;
213
214			/**
215			* If empty, the {@link $constructor} property is initialized with the model identifier.
216			*
217			* @inheritdoc
218			*/
219			public function __construct($model = null)
220			{
221			parent::__construct($model);
222
223			if (empty($this->constructor))
224			{
225			$this->constructor = $this->model_id;
226			}
227			}
228
229			/**
230			* @inheritdoc
231			*/
232			public function __get($property)
233			{
234			$value = parent::__get($property);
235
236			if ($property === 'css_class_names')
237			{
238			new AlterCSSClassNamesEvent($this, $value);
239			}
240
241			return $value;
242			}
243
244			/**
245			* @inheritdoc
246			*/
247			public function create_validation_rules()
248			{
249			return [
250
251			'username' => 'required',
252			'email' => 'required\|email\|unique',
253			'timezone' => 'timezone'
254
255			];
256			}
257
258			/**
259			* @inheritdoc
260			*/
261			public function save(array $options = [])
262			{
263			if ($this->get_created_at()->is_empty)
264			{
265			$this->set_created_at('now');
266			}
267
268			return parent::save($options);
269			}
270
271			/**
272			* Adds the {@link $password_hash} property.
273			*/
274			public function to_array()
275			{
276			$array = parent::to_array();
277
278			if ($this->password_hash)
279			{
280			$array['password_hash'] = $this->password_hash;
281			}
282
283			return $array;
284			}
285
286			/**
287			* Returns the formatted name of the user.
288			*
289			* The format of the name is defined by the {@link $name_as} property. The {@link $username},
290			* {@link $firstname}, {@link $lastname} and {@link $nickname} properties can be used to
291			* format the name.
292			*
293			* This is the getter for the {@link $name} magic property.
294			*
295			* @return string
296			*/
297			protected function get_name()
298			{
299			$values = [
300
301			self::NAME_AS_USERNAME => $this->username,
302			self::NAME_AS_FIRSTNAME => $this->firstname,
303			self::NAME_AS_LASTNAME => $this->lastname,
304			self::NAME_AS_FIRSTNAME_LASTNAME => $this->firstname . ' ' . $this->lastname,
305			self::NAME_AS_LASTNAME_FIRSTNAME => $this->lastname . ' ' . $this->firstname,
306			self::NAME_AS_NICKNAME => $this->nickname
307
308			];
309
310			$rc = isset($values[$this->name_as]) ? $values[$this->name_as] : null;
311
312			if (!trim($rc))
313			{
314			return $this->username;
315			}
316
317			return $rc;
318			}
319
320			/**
321			* Checks if the user is the admin user.
322			*
323			* This is the getter for the {@link $is_admin} magic property.
324			*
325			* @return boolean `true` if the user is the admin user, `false` otherwise.
326			*/
327			protected function get_is_admin()
328			{
329			return $this->uid == 1;
330			}
331
332			/**
333			* Checks if the user is a guest user.
334			*
335			* This is the getter for the {@link $is_guest} magic property.
336			*
337			* @return boolean `true` if the user is a guest user, `false` otherwise.
338			*/
339			protected function get_is_guest()
340			{
341			return !$this->uid;
342			}
343
344			/**
345			* Returns the ids of the sites the user is restricted to.
346			*
347			* This is the getter for the {@link $restricted_sites_ids} magic property.
348			*
349			* @return array The array is empty if the user has no site restriction.
350			*/
351			protected function lazy_get_restricted_sites_ids()
352			{
353			if ($this->is_admin)
354			{
355			return [];
356			}
357
358			return $this->model->models['users/has_many_sites']
359			->select('site_id')
360			->filter_by_uid($this->uid)
361			->all(\PDO::FETCH_COLUMN);
362			}
363
364			/**
365			* Checks if the user has a given permission.
366			*
367			* @param string\|int $permission
368			* @param mixed\|null $resource
369			*
370			* @return mixed
371			*/
372			public function has_permission($permission, $resource = null)
373			{
374			if ($this->is_admin)
375			{
376			return Module::PERMISSION_ADMINISTER;
377			}
378
379			return $this->app->check_user_permission($this, $permission, $resource);
380			}
381
382			/**
383			* @param string\|int $permission
384			* @param mixed\|null $resource
385			*
386			* @throws UserLacksPermission if user lacks a required permission.
387			*/
388			public function assert_permission($permission, $resource = null)
389			{
390			if (!$this->has_permission($permission, $resource))
391			{
392			throw new UserLacksPermission($this, $permission, $resource);
393			}
394			}
395
396			/**
397			* Determine if the user has ownership of a resource.
398			*
399			* @param mixed $resource
400			*
401			* @return bool
402			*/
403			public function has_ownership($resource)
404			{
405			return $this->app->check_user_ownership($this, $resource);
406			}
407
408			/**
409			* @param mixed $resource
410			*
411			* @throws UserLacksOwnership if the user lacks ownership of the resource.
412			*/
413			public function assert_ownership($resource)
414			{
415			if (!$this->has_ownership($resource))
416			{
417			throw new UserLacksOwnership($this, $resource);
418			}
419			}
420
421			/**
422			* Logs the user in.
423			*
424			* A user is logged in by setting its id in the `user_id` session key.
425			*
426			* Note: The method does not check user authentication!
427			*
428			* The following things happen when the user is logged in:
429			*
430			* - The `$app->user` property is set to the user.
431			* - The `$app->user_id` property is set to the user id.
432			* - The session id is regenerated and the user id, ip and user agent are stored in the session.
433			*
434			* @throws \Exception in attempt to log in a guest user.
435			*
436			* @see \Icybee\Modules\Users\Hooks::get_user_id()
437			*/
438			public function login()
439			{
440			if (!$this->uid)
441			{
442			throw new \Exception('Guest users cannot login.');
443			}
444
445			$app = $this->app;
446			$app->user = $this;
447			$app->user_id = $this->uid;
448
449			if (PHP_SAPI !== 'cli')
450			{
451			$app->session->regenerate();
452			}
453
454			$app->session['user_id'] = $this->uid;
455			}
456
457			/**
458			* Log the user out.
459			*
460			* The following things happen when the user is logged out:
461			*
462			* - The `$app->user` property is unset.
463			* - The `$app->user_id` property is unset.
464			* - The `user_id` session property is removed.
465			*/
466			public function logout()
467			{
468			$app = $this->app;
469
470			if (PHP_SAPI !== 'cli')
471			{
472			$app->session->regenerate();
473			}
474
475			unset($app->user);
476			unset($app->user_id);
477			unset($app->session['user_id']);
478			}
479
480			/**
481			* @inheritdoc
482			*/
483			protected function get_css_class_names()
484			{
485			return [
486
487			'type' => 'user',
488			'id' => ($this->uid && !$this->is_guest) ? 'user-id-' . $this->uid : null,
489			'username' => ($this->username && !$this->is_guest) ? 'user-' . $this->username : null,
490			'constructor' => 'constructor-' . \ICanBoogie\normalize($this->constructor),
491			'is-admin' => $this->is_admin,
492			'is-guest' => $this->is_guest,
493			'is-logged' => !$this->is_guest
494
495			];
496			}
497			}
498

Icybee / module-users

Push — 4.0 ( af9dea...2073b3 )

User::assert_permission() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like