Issues in UsersController.php - New Issues - Inspection of "Merge pull request #2681 from Numkil/feature/csrfP..." - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 947afa...ae5e03 )

by Jeroen

created 2020-07-07 14:00 UTC

Controller/UsersController.php (3 issues)

Labels

Severity

Informational 3

Wim Vandersmissen 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\UserManagementBundle\Controller;

use Doctrine\ORM\EntityManager;
use FOS\UserBundle\Event\UserEvent;
use FOS\UserBundle\Model\UserInterface;
use Kunstmaan\AdminBundle\Controller\BaseSettingsController;
use Kunstmaan\AdminBundle\Entity\BaseUser;
use Kunstmaan\AdminBundle\Event\AdaptSimpleFormEvent;
use Kunstmaan\AdminBundle\Event\Events;
use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
use Kunstmaan\AdminBundle\Form\RoleDependentUserFormInterface;
use Kunstmaan\AdminListBundle\AdminList\AdminList;
use Kunstmaan\UserManagementBundle\Event\UserEvents;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

/**
 * Settings controller handling everything related to creating, editing, deleting and listing users in an admin list
 */
class UsersController extends BaseSettingsController
{
    /**
     * List users
     *
     * @Route("/", name="KunstmaanUserManagementBundle_settings_users")
     * @Template("@KunstmaanAdminList/Default/list.html.twig")
     *
     * @return array

     */
    public function listAction(Request $request)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        $em = $this->getDoctrine()->getManager();
        $configuratorClassName = '';
        if ($this->container->hasParameter('kunstmaan_user_management.user_admin_list_configurator.class')) {
            $configuratorClassName = $this->container->getParameter(
                'kunstmaan_user_management.user_admin_list_configurator.class'
            );
        }

        $configurator = new $configuratorClassName($em);

        /* @var AdminList $adminList */
        $adminList = $this->container->get('kunstmaan_adminlist.factory')->createList($configurator);
        $adminList->bindRequest($request);

        return [
            'adminlist' => $adminList,
        ];
    }

    /**
     * Get an instance of the admin user class.
     *
     * @return BaseUser
     */
    private function getUserClassInstance()
    {
        $userClassName = $this->container->getParameter('fos_user.model.user.class');

        return new $userClassName();
    }

    /**
     * Add a user
     *
     * @Route("/add", name="KunstmaanUserManagementBundle_settings_users_add", methods={"GET", "POST"})
     * @Template("@KunstmaanUserManagement/Users/add.html.twig")
     *
     * @return array

     */
    public function addAction(Request $request)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        $user = $this->getUserClassInstance();

        $options = ['password_required' => true, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'validation_groups' => ['Registration'], 'data_class' => \get_class($user)];
        $formTypeClassName = $user->getFormTypeClass();
        $formType = new $formTypeClassName();

        if ($formType instanceof RoleDependentUserFormInterface) {
            // to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
            $options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
        }

        $form = $this->createForm(
            $formTypeClassName,
            $user,
            $options
        );

        if ($request->isMethod('POST')) {
            $form->handleRequest($request);
            if ($form->isSubmitted() && $form->isValid()) {
                $user->setPasswordChanged(true);
                /* @var UserManager $userManager */
                $userManager = $this->container->get('fos_user.user_manager');
                $userManager->updateUser($user, true);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->container->get('translator')->trans('kuma_user.users.add.flash.success.%username%', [
                        '%username%' => $user->getUsername(),
                    ])
                );

                return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
            }
        }

        return [
            'form' => $form->createView(),
        ];
    }

    /**
     * Edit a user
     *
     * @param int $id
     *
     * @Route("/{id}/edit", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_edit", methods={"GET", "POST"})
     * @Template("@KunstmaanUserManagement/Users/edit.html.twig")
     *
     * @return array

     *
     * @throws AccessDeniedException
     */
    public function editAction(Request $request, $id)
    {
        // The logged in user should be able to change his own password/username/email and not for other users
        if ($id == $this->container->get('security.token_storage')->getToken()->getUser()->getId()) {
            $requiredRole = 'ROLE_ADMIN';
        } else {
            $requiredRole = 'ROLE_SUPER_ADMIN';
        }
        $this->denyAccessUnlessGranted($requiredRole);

        /* @var EntityManager $em */
        $em = $this->getDoctrine()->getManager();

        /** @var UserInterface $user */
        $user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
        if ($user === null) {
            throw new NotFoundHttpException(sprintf('User with ID %s not found', $id));
        }

        $userEvent = new UserEvent($user, $request);
        $this->container->get('event_dispatcher')->dispatch(UserEvents::USER_EDIT_INITIALIZE, $userEvent);

        $options = ['password_required' => false, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'data_class' => \get_class($user)];
        $formFqn = $user->getFormTypeClass();
        $formType = new $formFqn();

        if ($formType instanceof RoleDependentUserFormInterface) {
            // to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
            $options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
        }

        $event = new AdaptSimpleFormEvent($request, $formFqn, $user, $options);
        $event = $this->container->get('event_dispatcher')->dispatch(Events::ADAPT_SIMPLE_FORM, $event);
        $tabPane = $event->getTabPane();

        $form = $this->createForm($formFqn, $user, $options);

        if ($request->isMethod('POST')) {
            if ($tabPane) {
                $tabPane->bindRequest($request);
                $form = $tabPane->getForm();
            } else {
                $form->handleRequest($request);
            }

            if ($form->isSubmitted() && $form->isValid()) {
                /* @var UserManager $userManager */
                $userManager = $this->container->get('fos_user.user_manager');
                $userManager->updateUser($user, true);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->container->get('translator')->trans('kuma_user.users.edit.flash.success.%username%', [
                        '%username%' => $user->getUsername(),
                    ])
                );

                return new RedirectResponse(
                    $this->generateUrl(
                        'KunstmaanUserManagementBundle_settings_users_edit',
                        ['id' => $id]
                    )
                );
            }
        }

        $params = [
            'form' => $form->createView(),
            'user' => $user,
        ];

        if ($tabPane) {
            $params = array_merge($params, ['tabPane' => $tabPane]);
        }

        return $params;
    }

    /**
     * Delete a user
     *
     * @param Request $request
     * @param int     $id
     *
     * @Route("/{id}/delete", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_delete", methods={"POST"})
     *
     * @return array
     *
     * @throws AccessDeniedException
     *
     * @deprecated this method is deprecated since KunstmaanUserManagementBundle 5.6 and will be removed in KunstmaanUserManagementBundle 6.0
     */
    public function deleteAction(Request $request, $id)
    {
        @trigger_error('Using the deleteAction method from the UsersController is deprecated since KunstmaanUserManagementBundle 5.6 and will be replaced by the method deleteFormAction in KunstmaanUserManagementBundle 6.0. Use the correct method instead.', E_USER_DEPRECATED);
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        /* @var EntityManager $em */
        $em = $this->getDoctrine()->getManager();
        /* @var UserInterface $user */
        $user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
        if (!\is_null($user)) {
            $userEvent = new UserEvent($user, $request);
            $this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);

            $em->remove($user);
            $em->flush();

            $this->addFlash(
                FlashTypes::SUCCESS,
                $this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
                    '%username%' => $user->getUsername(),
                ])
            );
        }

        return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
    }

    /**
     * @Route("/form-delete/{id}", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_form_delete", methods={"POST"})
     */
    public function deleteFormAction(Request $request, $id)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        $submittedToken = $request->request->get('token');
        if (!$this->isCsrfTokenValid('delete-user', $submittedToken)) {
            return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
        }

        /* @var EntityManager $em */
        $em = $this->getDoctrine()->getManager();
        /* @var UserInterface $user */
        $user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
        if (!\is_null($user)) {
            $userEvent = new UserEvent($user, $request);
            $this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);

            $em->remove($user);
            $em->flush();

            $this->addFlash(
                FlashTypes::SUCCESS,
                $this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
                    '%username%' => $user->getUsername(),
                ])
            );
        }

        return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
    }

    /**
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function changePasswordAction()
    {
        // Redirect to current user edit route...
        return new RedirectResponse(
            $this->generateUrl(
                'KunstmaanUserManagementBundle_settings_users_edit',
                [
                    'id' => $this->container->get('security.token_storage')->getToken()->getUser()->getId(),
                ]
            )
        );
    }
}


1		<?php
2
3		namespace Kunstmaan\UserManagementBundle\Controller;
4
5		use Doctrine\ORM\EntityManager;
6		use FOS\UserBundle\Event\UserEvent;
7		use FOS\UserBundle\Model\UserInterface;
8		use Kunstmaan\AdminBundle\Controller\BaseSettingsController;
9		use Kunstmaan\AdminBundle\Entity\BaseUser;
10		use Kunstmaan\AdminBundle\Event\AdaptSimpleFormEvent;
11		use Kunstmaan\AdminBundle\Event\Events;
12		use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
13		use Kunstmaan\AdminBundle\Form\RoleDependentUserFormInterface;
14		use Kunstmaan\AdminListBundle\AdminList\AdminList;
15		use Kunstmaan\UserManagementBundle\Event\UserEvents;
16		use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
17		use Symfony\Component\HttpFoundation\RedirectResponse;
18		use Symfony\Component\HttpFoundation\Request;
19		use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
20		use Symfony\Component\Routing\Annotation\Route;
21		use Symfony\Component\Security\Core\Exception\AccessDeniedException;
22
23		/**
24		* Settings controller handling everything related to creating, editing, deleting and listing users in an admin list
25		*/
26		class UsersController extends BaseSettingsController
27		{
28		/**
29		* List users
30		*
31		* @Route("/", name="KunstmaanUserManagementBundle_settings_users")
32		* @Template("@KunstmaanAdminList/Default/list.html.twig")
33		*
34		* @return array
		0 ignored issues – show Documentation introduced 2020-05-27 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `array<string,AdminList>`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
35		*/
36		public function listAction(Request $request)
37		{
38		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
39
40		$em = $this->getDoctrine()->getManager();
41		$configuratorClassName = '';
42		if ($this->container->hasParameter('kunstmaan_user_management.user_admin_list_configurator.class')) {
43		$configuratorClassName = $this->container->getParameter(
44		'kunstmaan_user_management.user_admin_list_configurator.class'
45		);
46		}
47
48		$configurator = new $configuratorClassName($em);
49
50		/* @var AdminList $adminList */
51		$adminList = $this->container->get('kunstmaan_adminlist.factory')->createList($configurator);
52		$adminList->bindRequest($request);
53
54		return [
55		'adminlist' => $adminList,
56		];
57		}
58
59		/**
60		* Get an instance of the admin user class.
61		*
62		* @return BaseUser
63		*/
64		private function getUserClassInstance()
65		{
66		$userClassName = $this->container->getParameter('fos_user.model.user.class');
67
68		return new $userClassName();
69		}
70
71		/**
72		* Add a user
73		*
74		* @Route("/add", name="KunstmaanUserManagementBundle_settings_users_add", methods={"GET", "POST"})
75		* @Template("@KunstmaanUserManagement/Users/add.html.twig")
76		*
77		* @return array
		0 ignored issues – show Documentation introduced 2020-05-27 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `RedirectResponse\|array<s...omponent\Form\FormView>`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
78		*/
79		public function addAction(Request $request)
80		{
81		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
82
83		$user = $this->getUserClassInstance();
84
85		$options = ['password_required' => true, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'validation_groups' => ['Registration'], 'data_class' => \get_class($user)];
86		$formTypeClassName = $user->getFormTypeClass();
87		$formType = new $formTypeClassName();
88
89		if ($formType instanceof RoleDependentUserFormInterface) {
90		// to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
91		$options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
92		}
93
94		$form = $this->createForm(
95		$formTypeClassName,
96		$user,
97		$options
98		);
99
100		if ($request->isMethod('POST')) {
101		$form->handleRequest($request);
102	View Code Duplication	if ($form->isSubmitted() && $form->isValid()) {
103		$user->setPasswordChanged(true);
104		/* @var UserManager $userManager */
105		$userManager = $this->container->get('fos_user.user_manager');
106		$userManager->updateUser($user, true);
107
108		$this->addFlash(
109		FlashTypes::SUCCESS,
110		$this->container->get('translator')->trans('kuma_user.users.add.flash.success.%username%', [
111		'%username%' => $user->getUsername(),
112		])
113		);
114
115		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
116		}
117		}
118
119		return [
120		'form' => $form->createView(),
121		];
122		}
123
124		/**
125		* Edit a user
126		*
127		* @param int $id
128		*
129		* @Route("/{id}/edit", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_edit", methods={"GET", "POST"})
130		* @Template("@KunstmaanUserManagement/Users/edit.html.twig")
131		*
132		* @return array
		0 ignored issues – show Documentation introduced 2020-05-27 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `RedirectResponse\|array`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
133		*
134		* @throws AccessDeniedException
135		*/
136		public function editAction(Request $request, $id)
137		{
138		// The logged in user should be able to change his own password/username/email and not for other users
139		if ($id == $this->container->get('security.token_storage')->getToken()->getUser()->getId()) {
140		$requiredRole = 'ROLE_ADMIN';
141		} else {
142		$requiredRole = 'ROLE_SUPER_ADMIN';
143		}
144		$this->denyAccessUnlessGranted($requiredRole);
145
146		/* @var EntityManager $em */
147		$em = $this->getDoctrine()->getManager();
148
149		/** @var UserInterface $user */
150		$user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
151		if ($user === null) {
152		throw new NotFoundHttpException(sprintf('User with ID %s not found', $id));
153		}
154
155		$userEvent = new UserEvent($user, $request);
156		$this->container->get('event_dispatcher')->dispatch(UserEvents::USER_EDIT_INITIALIZE, $userEvent);
157
158		$options = ['password_required' => false, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'data_class' => \get_class($user)];
159		$formFqn = $user->getFormTypeClass();
160		$formType = new $formFqn();
161
162		if ($formType instanceof RoleDependentUserFormInterface) {
163		// to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
164		$options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
165		}
166
167		$event = new AdaptSimpleFormEvent($request, $formFqn, $user, $options);
168		$event = $this->container->get('event_dispatcher')->dispatch(Events::ADAPT_SIMPLE_FORM, $event);
169		$tabPane = $event->getTabPane();
170
171		$form = $this->createForm($formFqn, $user, $options);
172
173		if ($request->isMethod('POST')) {
174		if ($tabPane) {
175		$tabPane->bindRequest($request);
176		$form = $tabPane->getForm();
177		} else {
178		$form->handleRequest($request);
179		}
180
181	View Code Duplication	if ($form->isSubmitted() && $form->isValid()) {
182		/* @var UserManager $userManager */
183		$userManager = $this->container->get('fos_user.user_manager');
184		$userManager->updateUser($user, true);
185
186		$this->addFlash(
187		FlashTypes::SUCCESS,
188		$this->container->get('translator')->trans('kuma_user.users.edit.flash.success.%username%', [
189		'%username%' => $user->getUsername(),
190		])
191		);
192
193		return new RedirectResponse(
194		$this->generateUrl(
195		'KunstmaanUserManagementBundle_settings_users_edit',
196		['id' => $id]
197		)
198		);
199		}
200		}
201
202		$params = [
203		'form' => $form->createView(),
204		'user' => $user,
205		];
206
207		if ($tabPane) {
208		$params = array_merge($params, ['tabPane' => $tabPane]);
209		}
210
211		return $params;
212		}
213
214		/**
215		* Delete a user
216		*
217		* @param Request $request
218		* @param int $id
219		*
220		* @Route("/{id}/delete", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_delete", methods={"POST"})
221		*
222		* @return array
223		*
224		* @throws AccessDeniedException
225		*
226		* @deprecated this method is deprecated since KunstmaanUserManagementBundle 5.6 and will be removed in KunstmaanUserManagementBundle 6.0
227		*/
228		public function deleteAction(Request $request, $id)
229		{
230		@trigger_error('Using the deleteAction method from the UsersController is deprecated since KunstmaanUserManagementBundle 5.6 and will be replaced by the method deleteFormAction in KunstmaanUserManagementBundle 6.0. Use the correct method instead.', E_USER_DEPRECATED);
231		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
232
233		/* @var EntityManager $em */
234		$em = $this->getDoctrine()->getManager();
235		/* @var UserInterface $user */
236		$user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
237	View Code Duplication	if (!\is_null($user)) {
238		$userEvent = new UserEvent($user, $request);
239		$this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);
240
241		$em->remove($user);
242		$em->flush();
243
244		$this->addFlash(
245		FlashTypes::SUCCESS,
246		$this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
247		'%username%' => $user->getUsername(),
248		])
249		);
250		}
251
252		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
253		}
254
255		/**
256		* @Route("/form-delete/{id}", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_form_delete", methods={"POST"})
257		*/
258		public function deleteFormAction(Request $request, $id)
259		{
260		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
261
262		$submittedToken = $request->request->get('token');
263		if (!$this->isCsrfTokenValid('delete-user', $submittedToken)) {
264		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
265		}
266
267		/* @var EntityManager $em */
268		$em = $this->getDoctrine()->getManager();
269		/* @var UserInterface $user */
270		$user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
271	View Code Duplication	if (!\is_null($user)) {
272		$userEvent = new UserEvent($user, $request);
273		$this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);
274
275		$em->remove($user);
276		$em->flush();
277
278		$this->addFlash(
279		FlashTypes::SUCCESS,
280		$this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
281		'%username%' => $user->getUsername(),
282		])
283		);
284		}
285
286		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
287		}
288
289		/**
290		* @return \Symfony\Component\HttpFoundation\Response
291		*/
292		public function changePasswordAction()
293		{
294		// Redirect to current user edit route...
295		return new RedirectResponse(
296		$this->generateUrl(
297		'KunstmaanUserManagementBundle_settings_users_edit',
298		[
299		'id' => $this->container->get('security.token_storage')->getToken()->getUser()->getId(),
300		]
301		)
302		);
303		}
304		}
305

Kunstmaan / KunstmaanBundlesCMS

Push — master ( 947afa...ae5e03 )

Controller/UsersController.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like