Issues in PermissionAdmin.php - New Issues - Inspection of "[MenuBundle] Fix menu item sorting issue with mult..." - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — 5.0 (#2072)

by Jeroen

created 2018-08-09 07:53 UTC

Helper/Security/Acl/Permission/PermissionAdmin.php (2 issues)

Labels

Documentation 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\AdminBundle\Helper\Security\Acl\Permission;

use Doctrine\ORM\EntityManager;
use Kunstmaan\AdminBundle\Entity\AbstractEntity;
use Kunstmaan\AdminBundle\Entity\AclChangeset;
use Kunstmaan\AdminBundle\Entity\Role;
use Kunstmaan\UtilitiesBundle\Helper\Shell\Shell;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Role\RoleInterface;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * Helper to manage the permissions on a certain entity
 */
class PermissionAdmin
{
    const ADD    = 'ADD';
    const DELETE = 'DEL';

    /**
     * @var AbstractEntity
     */
    protected $resource = null;

    /**
     * @var EntityManager
     */
    protected $em = null;

    /**
     * @var TokenStorageInterface
     */
    protected $tokenStorage = null;

    /**
     * @var MutableAclProviderInterface
     */
    protected $aclProvider = null;

    /**
     * @var ObjectIdentityRetrievalStrategyInterface
     */
    protected $oidRetrievalStrategy = null;

    /**
     * @var PermissionMap
     */
    protected $permissionMap = null;

    /**
     * @var array
     */
    protected $permissions = null;

    /**
     * @var EventDispatcherInterface
     */
    protected $eventDispatcher = null;

    /**
     * @var KernelInterface
     */
    protected $kernel;

    /**
     * @var Shell
     */
    protected $shellHelper;

    /**
     * Constructor
     *
     * @param EntityManager                            $em                   The EntityManager
     * @param TokenStorageInterface                    $tokenStorage         The token storage
     * @param AclProviderInterface                     $aclProvider          The ACL provider
     * @param ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy The object retrieval strategy
     * @param EventDispatcherInterface                 $eventDispatcher      The event dispatcher
     * @param Shell                                    $shellHelper          The shell helper
     * @param KernelInterface                          $kernel               The kernel
     */
    public function __construct(
        EntityManager $em,
        TokenStorageInterface $tokenStorage,
        AclProviderInterface $aclProvider,
        ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy,
        EventDispatcherInterface $eventDispatcher,
        Shell $shellHelper,
        KernelInterface $kernel
    )
    {
        $this->em                   = $em;
        $this->tokenStorage         = $tokenStorage;
        $this->aclProvider          = $aclProvider;
        $this->oidRetrievalStrategy = $oidRetrievalStrategy;
        $this->eventDispatcher      = $eventDispatcher;
        $this->shellHelper          = $shellHelper;
        $this->kernel               = $kernel;
    }

    /**
     * Initialize permission admin with specified entity.
     *
     * @param AbstractEntity         $resource      The object which has the permissions
     * @param PermissionMapInterface $permissionMap The permission map to use
     */
    public function initialize(AbstractEntity $resource, PermissionMapInterface $permissionMap)
    {
        $this->resource      = $resource;
        $this->permissionMap = $permissionMap;
        $this->permissions   = array();

        // Init permissions
        try {
            $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($this->resource);
            /* @var $acl AclInterface */
            $acl            = $this->aclProvider->findAcl($objectIdentity);
            $objectAces     = $acl->getObjectAces();
            /* @var $ace AuditableEntryInterface */
            foreach ($objectAces as $ace) {
                $securityIdentity = $ace->getSecurityIdentity();
                if ($securityIdentity instanceof RoleSecurityIdentity) {
                    $this->permissions[$securityIdentity->getRole()] = new MaskBuilder($ace->getMask());
                }
            }
        } catch (AclNotFoundException $e) {
            // No Acl found - do nothing (or should we initialize with default values here?)
        }
    }

    /**
     * Get permissions.
     *
     * @return MaskBuilder[]
     */
    public function getPermissions()
    {
        return $this->permissions;
    }

    /**
     * Get permission for specified role.
     *
     * @param RoleInterface|string $role
     *
     * @return MaskBuilder|null
     */
    public function getPermission($role)
    {
        if ($role instanceof RoleInterface) {
            $role = $role->getRole();
        }
        if (isset($this->permissions[$role])) {
            return $this->permissions[$role];
        }

        return null;
    }

    /**
     * Get all roles.
     *
     * @return Role[]

     */
    public function getAllRoles()
    {
        return $this->em->getRepository('KunstmaanAdminBundle:Role')->findAll();
    }

    /**
     * Get all manageable roles for pages
     *
     * @return Role[]

     */
    public function getManageableRolesForPages()
    {
        $roles = $this->em->getRepository('KunstmaanAdminBundle:Role')->findAll();

        if (($token = $this->tokenStorage->getToken()) && ($user = $token->getUser())) {
            if ($user && !$user->isSuperAdmin() && ($superAdminRole = array_keys($roles, 'ROLE_SUPER_ADMIN'))) {
                $superAdminRole = current($superAdminRole);
                unset($roles[$superAdminRole]);
            }
        }

        return $roles;
    }

    /**
     * Get possible permissions.
     *
     * @return array
     */
    public function getPossiblePermissions()
    {
        return $this->permissionMap->getPossiblePermissions();
    }

    /**
     * Handle form entry of permission changes.
     *
     * @param Request $request
     *
     * @return bool
     */
    public function bindRequest(Request $request)
    {
        $changes = $request->request->get('permission-hidden-fields');

        if (empty($changes)) {
            return true;
        }

        // Just apply the changes to the current node (non recursively)
        $this->applyAclChangeset($this->resource, $changes, false);

        // Apply recursively (on request)
        $applyRecursive = $request->request->get('applyRecursive');
        if ($applyRecursive) {
            // Serialize changes & store them in DB
            $user = $this->tokenStorage->getToken()->getUser();
            $this->createAclChangeSet($this->resource, $changes, $user);

            $cmd = 'php ' . $this->kernel->getRootDir() . '/../bin/console kuma:acl:apply';
            $cmd .= ' --env=' . $this->kernel->getEnvironment();

            $this->shellHelper->runInBackground($cmd);
        }

        return true;
    }

    /**
     * Create a new ACL changeset.
     *
     * @param AbstractEntity $entity  The entity
     * @param array          $changes The changes
     * @param UserInterface  $user    The user
     *
     * @return AclChangeset
     */
    public function createAclChangeSet(AbstractEntity $entity, $changes, UserInterface $user)
    {
        $aclChangeset = new AclChangeset();
        $aclChangeset->setRef($entity);
        $aclChangeset->setChangeset($changes);
        /* @var $user BaseUser */
        $aclChangeset->setUser($user);
        $this->em->persist($aclChangeset);
        $this->em->flush();

        return $aclChangeset;
    }

    /**
     * Apply the specified ACL changeset.
     *
     * @param AbstractEntity $entity    The entity
     * @param array          $changeset The changeset
     * @param bool           $recursive The recursive
     */
    public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
    {
        if ($recursive) {
            if (!method_exists($entity, 'getChildren')) {
                return;
            }

            // Iterate over children and apply recursively
            /** @noinspection PhpUndefinedMethodInspection */
            foreach ($entity->getChildren() as $child) {
                $this->applyAclChangeset($child, $changeset);
            }
        }

        // Apply ACL modifications to node
        $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
        try {
            /* @var $acl MutableAclInterface */
            $acl = $this->aclProvider->findAcl($objectIdentity);
        } catch (AclNotFoundException $e) {
            /* @var $acl MutableAclInterface */
            $acl = $this->aclProvider->createAcl($objectIdentity);
        }

        // Process permissions in changeset
        foreach ($changeset as $role => $roleChanges) {
            $index = $this->getObjectAceIndex($acl, $role);
            $mask  = 0;
            if (false !== $index) {
                $mask = $this->getMaskAtIndex($acl, $index);
            }
            foreach ($roleChanges as $type => $permissions) {
                $maskChange = new MaskBuilder();
                foreach ($permissions as $permission) {
                    $maskChange->add($permission);
                }
                switch ($type) {
                    case self::ADD:
                        $mask = $mask | $maskChange->get();
                        break;
                    case self::DELETE:
                        $mask = $mask & ~$maskChange->get();
                        break;
                }
            }
            if (false !== $index) {
                $acl->updateObjectAce($index, $mask);
            } else {
                $securityIdentity = new RoleSecurityIdentity($role);
                $acl->insertObjectAce($securityIdentity, $mask);
            }
        }
        $this->aclProvider->updateAcl($acl);
    }

    /**
     * Get current object ACE index for specified role.
     *
     * @param AclInterface $acl  The AclInterface
     * @param string       $role The role
     *
     * @return bool|int
     */
    private function getObjectAceIndex(AclInterface $acl, $role)
    {
        $objectAces = $acl->getObjectAces();
        /* @var $ace AuditableEntryInterface */
        foreach ($objectAces as $index => $ace) {
            $securityIdentity = $ace->getSecurityIdentity();
            if ($securityIdentity instanceof RoleSecurityIdentity) {
                if ($securityIdentity->getRole() == $role) {
                    return $index;
                }
            }
        }

        return false;
    }

    /**
     * Get object ACE mask at specified index.
     *
     * @param AclInterface $acl   The acl interface
     * @param int          $index The index
     *
     * @return bool|int
     */
    private function getMaskAtIndex(AclInterface $acl, $index)
    {
        $objectAces       = $acl->getObjectAces();
        /* @var $ace AuditableEntryInterface */
        $ace              = $objectAces[$index];
        $securityIdentity = $ace->getSecurityIdentity();
        if ($securityIdentity instanceof RoleSecurityIdentity) {
            return $ace->getMask();
        }

        return false;
    }
}


1		<?php
2
3		namespace Kunstmaan\AdminBundle\Helper\Security\Acl\Permission;
4
5		use Doctrine\ORM\EntityManager;
6		use Kunstmaan\AdminBundle\Entity\AbstractEntity;
7		use Kunstmaan\AdminBundle\Entity\AclChangeset;
8		use Kunstmaan\AdminBundle\Entity\Role;
9		use Kunstmaan\UtilitiesBundle\Helper\Shell\Shell;
10		use Symfony\Component\EventDispatcher\EventDispatcherInterface;
11		use Symfony\Component\HttpFoundation\Request;
12		use Symfony\Component\HttpKernel\KernelInterface;
13		use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
14		use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
15		use Symfony\Component\Security\Acl\Model\AclInterface;
16		use Symfony\Component\Security\Acl\Model\AclProviderInterface;
17		use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
18		use Symfony\Component\Security\Acl\Model\MutableAclInterface;
19		use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
20		use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
21		use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
22		use Symfony\Component\Security\Core\Role\RoleInterface;
23		use Symfony\Component\Security\Core\User\UserInterface;
24
25		/**
26		* Helper to manage the permissions on a certain entity
27		*/
28		class PermissionAdmin
29		{
30		const ADD = 'ADD';
31		const DELETE = 'DEL';
32
33		/**
34		* @var AbstractEntity
35		*/
36		protected $resource = null;
37
38		/**
39		* @var EntityManager
40		*/
41		protected $em = null;
42
43		/**
44		* @var TokenStorageInterface
45		*/
46		protected $tokenStorage = null;
47
48		/**
49		* @var MutableAclProviderInterface
50		*/
51		protected $aclProvider = null;
52
53		/**
54		* @var ObjectIdentityRetrievalStrategyInterface
55		*/
56		protected $oidRetrievalStrategy = null;
57
58		/**
59		* @var PermissionMap
60		*/
61		protected $permissionMap = null;
62
63		/**
64		* @var array
65		*/
66		protected $permissions = null;
67
68		/**
69		* @var EventDispatcherInterface
70		*/
71		protected $eventDispatcher = null;
72
73		/**
74		* @var KernelInterface
75		*/
76		protected $kernel;
77
78		/**
79		* @var Shell
80		*/
81		protected $shellHelper;
82
83		/**
84		* Constructor
85		*
86		* @param EntityManager $em The EntityManager
87		* @param TokenStorageInterface $tokenStorage The token storage
88		* @param AclProviderInterface $aclProvider The ACL provider
89		* @param ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy The object retrieval strategy
90		* @param EventDispatcherInterface $eventDispatcher The event dispatcher
91		* @param Shell $shellHelper The shell helper
92		* @param KernelInterface $kernel The kernel
93		*/
94		public function __construct(
95		EntityManager $em,
96		TokenStorageInterface $tokenStorage,
97		AclProviderInterface $aclProvider,
98		ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy,
99		EventDispatcherInterface $eventDispatcher,
100		Shell $shellHelper,
101		KernelInterface $kernel
102		)
103		{
104		$this->em = $em;
105		$this->tokenStorage = $tokenStorage;
106		$this->aclProvider = $aclProvider;
107		$this->oidRetrievalStrategy = $oidRetrievalStrategy;
108		$this->eventDispatcher = $eventDispatcher;
109		$this->shellHelper = $shellHelper;
110		$this->kernel = $kernel;
111		}
112
113		/**
114		* Initialize permission admin with specified entity.
115		*
116		* @param AbstractEntity $resource The object which has the permissions
117		* @param PermissionMapInterface $permissionMap The permission map to use
118		*/
119		public function initialize(AbstractEntity $resource, PermissionMapInterface $permissionMap)
120		{
121		$this->resource = $resource;
122		$this->permissionMap = $permissionMap;
123		$this->permissions = array();
124
125		// Init permissions
126		try {
127		$objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($this->resource);
128		/* @var $acl AclInterface */
129		$acl = $this->aclProvider->findAcl($objectIdentity);
130		$objectAces = $acl->getObjectAces();
131		/* @var $ace AuditableEntryInterface */
132	View Code Duplication	foreach ($objectAces as $ace) {
133		$securityIdentity = $ace->getSecurityIdentity();
134		if ($securityIdentity instanceof RoleSecurityIdentity) {
135		$this->permissions[$securityIdentity->getRole()] = new MaskBuilder($ace->getMask());
136		}
137		}
138		} catch (AclNotFoundException $e) {
139		// No Acl found - do nothing (or should we initialize with default values here?)
140		}
141		}
142
143		/**
144		* Get permissions.
145		*
146		* @return MaskBuilder[]
147		*/
148		public function getPermissions()
149		{
150		return $this->permissions;
151		}
152
153		/**
154		* Get permission for specified role.
155		*
156		* @param RoleInterface\|string $role
157		*
158		* @return MaskBuilder\|null
159		*/
160		public function getPermission($role)
161		{
162		if ($role instanceof RoleInterface) {
163		$role = $role->getRole();
164		}
165		if (isset($this->permissions[$role])) {
166		return $this->permissions[$role];
167		}
168
169		return null;
170		}
171
172		/**
173		* Get all roles.
174		*
175		* @return Role[]
		0 ignored issues – show Documentation introduced 2018-07-31 07:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `object[]`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
176		*/
177		public function getAllRoles()
178		{
179		return $this->em->getRepository('KunstmaanAdminBundle:Role')->findAll();
180		}
181
182		/**
183		* Get all manageable roles for pages
184		*
185		* @return Role[]
		0 ignored issues – show Documentation introduced 2018-07-31 07:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `object[]`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
186		*/
187		public function getManageableRolesForPages()
188		{
189		$roles = $this->em->getRepository('KunstmaanAdminBundle:Role')->findAll();
190
191		if (($token = $this->tokenStorage->getToken()) && ($user = $token->getUser())) {
192		if ($user && !$user->isSuperAdmin() && ($superAdminRole = array_keys($roles, 'ROLE_SUPER_ADMIN'))) {
193		$superAdminRole = current($superAdminRole);
194		unset($roles[$superAdminRole]);
195		}
196		}
197
198		return $roles;
199		}
200
201		/**
202		* Get possible permissions.
203		*
204		* @return array
205		*/
206		public function getPossiblePermissions()
207		{
208		return $this->permissionMap->getPossiblePermissions();
209		}
210
211		/**
212		* Handle form entry of permission changes.
213		*
214		* @param Request $request
215		*
216		* @return bool
217		*/
218		public function bindRequest(Request $request)
219		{
220		$changes = $request->request->get('permission-hidden-fields');
221
222		if (empty($changes)) {
223		return true;
224		}
225
226		// Just apply the changes to the current node (non recursively)
227		$this->applyAclChangeset($this->resource, $changes, false);
228
229		// Apply recursively (on request)
230		$applyRecursive = $request->request->get('applyRecursive');
231		if ($applyRecursive) {
232		// Serialize changes & store them in DB
233		$user = $this->tokenStorage->getToken()->getUser();
234		$this->createAclChangeSet($this->resource, $changes, $user);
235
236		$cmd = 'php ' . $this->kernel->getRootDir() . '/../bin/console kuma:acl:apply';
237		$cmd .= ' --env=' . $this->kernel->getEnvironment();
238
239		$this->shellHelper->runInBackground($cmd);
240		}
241
242		return true;
243		}
244
245		/**
246		* Create a new ACL changeset.
247		*
248		* @param AbstractEntity $entity The entity
249		* @param array $changes The changes
250		* @param UserInterface $user The user
251		*
252		* @return AclChangeset
253		*/
254		public function createAclChangeSet(AbstractEntity $entity, $changes, UserInterface $user)
255		{
256		$aclChangeset = new AclChangeset();
257		$aclChangeset->setRef($entity);
258		$aclChangeset->setChangeset($changes);
259		/* @var $user BaseUser */
260		$aclChangeset->setUser($user);
261		$this->em->persist($aclChangeset);
262		$this->em->flush();
263
264		return $aclChangeset;
265		}
266
267		/**
268		* Apply the specified ACL changeset.
269		*
270		* @param AbstractEntity $entity The entity
271		* @param array $changeset The changeset
272		* @param bool $recursive The recursive
273		*/
274		public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
275		{
276		if ($recursive) {
277		if (!method_exists($entity, 'getChildren')) {
278		return;
279		}
280
281		// Iterate over children and apply recursively
282		/** @noinspection PhpUndefinedMethodInspection */
283		foreach ($entity->getChildren() as $child) {
284		$this->applyAclChangeset($child, $changeset);
285		}
286		}
287
288		// Apply ACL modifications to node
289		$objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
290		try {
291		/* @var $acl MutableAclInterface */
292		$acl = $this->aclProvider->findAcl($objectIdentity);
293		} catch (AclNotFoundException $e) {
294		/* @var $acl MutableAclInterface */
295		$acl = $this->aclProvider->createAcl($objectIdentity);
296		}
297
298		// Process permissions in changeset
299		foreach ($changeset as $role => $roleChanges) {
300		$index = $this->getObjectAceIndex($acl, $role);
301		$mask = 0;
302		if (false !== $index) {
303		$mask = $this->getMaskAtIndex($acl, $index);
304		}
305		foreach ($roleChanges as $type => $permissions) {
306		$maskChange = new MaskBuilder();
307		foreach ($permissions as $permission) {
308		$maskChange->add($permission);
309		}
310		switch ($type) {
311		case self::ADD:
312		$mask = $mask \| $maskChange->get();
313		break;
314		case self::DELETE:
315		$mask = $mask & ~$maskChange->get();
316		break;
317		}
318		}
319		if (false !== $index) {
320		$acl->updateObjectAce($index, $mask);
321		} else {
322		$securityIdentity = new RoleSecurityIdentity($role);
323		$acl->insertObjectAce($securityIdentity, $mask);
324		}
325		}
326		$this->aclProvider->updateAcl($acl);
327		}
328
329		/**
330		* Get current object ACE index for specified role.
331		*
332		* @param AclInterface $acl The AclInterface
333		* @param string $role The role
334		*
335		* @return bool\|int
336		*/
337	View Code Duplication	private function getObjectAceIndex(AclInterface $acl, $role)
338		{
339		$objectAces = $acl->getObjectAces();
340		/* @var $ace AuditableEntryInterface */
341		foreach ($objectAces as $index => $ace) {
342		$securityIdentity = $ace->getSecurityIdentity();
343		if ($securityIdentity instanceof RoleSecurityIdentity) {
344		if ($securityIdentity->getRole() == $role) {
345		return $index;
346		}
347		}
348		}
349
350		return false;
351		}
352
353		/**
354		* Get object ACE mask at specified index.
355		*
356		* @param AclInterface $acl The acl interface
357		* @param int $index The index
358		*
359		* @return bool\|int
360		*/
361	View Code Duplication	private function getMaskAtIndex(AclInterface $acl, $index)
362		{
363		$objectAces = $acl->getObjectAces();
364		/* @var $ace AuditableEntryInterface */
365		$ace = $objectAces[$index];
366		$securityIdentity = $ace->getSecurityIdentity();
367		if ($securityIdentity instanceof RoleSecurityIdentity) {
368		return $ace->getMask();
369		}
370
371		return false;
372		}
373		}
374

Kunstmaan / KunstmaanBundlesCMS

Pull Request — 5.0 (#2072)

Helper/Security/Acl/Permission/PermissionAdmin.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like