Issues in UsersController.php - Fixed Issues - Inspection of "Merge pull request #2681 from Numkil/feature/csrfP..." - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 947afa...ae5e03 )

by Jeroen

created 2020-07-07 14:00 UTC

Controller/UsersController.php (4 issues)

Labels

Documentation 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\UserManagementBundle\Controller;

use Doctrine\ORM\EntityManager;
use FOS\UserBundle\Event\UserEvent;
use FOS\UserBundle\Model\UserInterface;
use Kunstmaan\AdminBundle\Controller\BaseSettingsController;
use Kunstmaan\AdminBundle\Entity\BaseUser;
use Kunstmaan\AdminBundle\Event\AdaptSimpleFormEvent;
use Kunstmaan\AdminBundle\Event\Events;
use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
use Kunstmaan\AdminBundle\Form\RoleDependentUserFormInterface;
use Kunstmaan\AdminListBundle\AdminList\AdminList;
use Kunstmaan\UserManagementBundle\Event\UserEvents;
use Symfony\Component\Routing\Annotation\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

/**
 * Settings controller handling everything related to creating, editing, deleting and listing users in an admin list
 */
class UsersController extends BaseSettingsController
{
    /**
     * List users
     *
     * @Route("/", name="KunstmaanUserManagementBundle_settings_users")
     * @Template("@KunstmaanAdminList/Default/list.html.twig")
     *
     * @param \Symfony\Component\HttpFoundation\Request $request
     *
     * @return array

     */
    public function listAction(Request $request)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        $em = $this->getDoctrine()->getManager();
        $configuratorClassName = '';
        if ($this->container->hasParameter('kunstmaan_user_management.user_admin_list_configurator.class')) {
            $configuratorClassName = $this->container->getParameter(
                'kunstmaan_user_management.user_admin_list_configurator.class'
            );
        }

        $configurator = new $configuratorClassName($em);

        /* @var AdminList $adminList */
        $adminList = $this->container->get('kunstmaan_adminlist.factory')->createList($configurator);
        $adminList->bindRequest($request);

        return array(
            'adminlist' => $adminList,
        );
    }

    /**
     * Get an instance of the admin user class.
     *
     * @return BaseUser
     */
    private function getUserClassInstance()
    {
        $userClassName = $this->container->getParameter('fos_user.model.user.class');

        return new $userClassName();
    }

    /**
     * Add a user
     *
     * @Route("/add", name="KunstmaanUserManagementBundle_settings_users_add", methods={"GET", "POST"})
     * @Template("@KunstmaanUserManagement/Users/add.html.twig")
     *
     * @param \Symfony\Component\HttpFoundation\Request $request
     *
     * @return array

     */
    public function addAction(Request $request)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        $user = $this->getUserClassInstance();

        $options = array('password_required' => true, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'validation_groups' => array('Registration'), 'data_class' => \get_class($user));
        $formTypeClassName = $user->getFormTypeClass();
        $formType = new $formTypeClassName();

        if ($formType instanceof RoleDependentUserFormInterface) {
            // to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
            $options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
        }

        $form = $this->createForm(
            $formTypeClassName,
            $user,
            $options
        );

        if ($request->isMethod('POST')) {
            $form->handleRequest($request);
            if ($form->isSubmitted() && $form->isValid()) {
                $user->setPasswordChanged(true);
                /* @var UserManager $userManager */
                $userManager = $this->container->get('fos_user.user_manager');
                $userManager->updateUser($user, true);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->container->get('translator')->trans('kuma_user.users.add.flash.success.%username%', [
                        '%username%' => $user->getUsername(),
                    ])
                );

                return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
            }
        }

        return array(
            'form' => $form->createView(),
        );
    }

    /**
     * Edit a user
     *
     * @param int $id
     *
     * @Route("/{id}/edit", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_edit", methods={"GET", "POST"})
     * @Template("@KunstmaanUserManagement/Users/edit.html.twig")
     *
     * @throws AccessDeniedException
     *
     * @return array

     */
    public function editAction(Request $request, $id)
    {
        // The logged in user should be able to change his own password/username/email and not for other users
        if ($id == $this->container->get('security.token_storage')->getToken()->getUser()->getId()) {
            $requiredRole = 'ROLE_ADMIN';
        } else {
            $requiredRole = 'ROLE_SUPER_ADMIN';
        }
        $this->denyAccessUnlessGranted($requiredRole);

        /* @var EntityManager $em */
        $em = $this->getDoctrine()->getManager();

        /** @var UserInterface $user */
        $user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
        if ($user === null) {
            throw new NotFoundHttpException(sprintf('User with ID %s not found', $id));
        }

        $userEvent = new UserEvent($user, $request);
        $this->container->get('event_dispatcher')->dispatch(UserEvents::USER_EDIT_INITIALIZE, $userEvent);

        $options = array('password_required' => false, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'data_class' => \get_class($user));
        $formFqn = $user->getFormTypeClass();
        $formType = new $formFqn();

        if ($formType instanceof RoleDependentUserFormInterface) {
            // to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
            $options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
        }

        $event = new AdaptSimpleFormEvent($request, $formFqn, $user, $options);
        $event = $this->container->get('event_dispatcher')->dispatch(Events::ADAPT_SIMPLE_FORM, $event);
        $tabPane = $event->getTabPane();

        $form = $this->createForm($formFqn, $user, $options);

        if ($request->isMethod('POST')) {
            if ($tabPane) {
                $tabPane->bindRequest($request);
                $form = $tabPane->getForm();
            } else {
                $form->handleRequest($request);
            }

            if ($form->isSubmitted() && $form->isValid()) {
                /* @var UserManager $userManager */
                $userManager = $this->container->get('fos_user.user_manager');
                $userManager->updateUser($user, true);

                $this->addFlash(
                    FlashTypes::SUCCESS,
                    $this->container->get('translator')->trans('kuma_user.users.edit.flash.success.%username%', [
                        '%username%' => $user->getUsername(),
                    ])
                );

                return new RedirectResponse(
                    $this->generateUrl(
                        'KunstmaanUserManagementBundle_settings_users_edit',
                        array('id' => $id)
                    )
                );
            }
        }

        $params = array(
            'form' => $form->createView(),
            'user' => $user,
        );

        if ($tabPane) {
            $params = array_merge($params, array('tabPane' => $tabPane));
        }

        return $params;
    }

    /**
     * Delete a user
     *
     * @param Request $request
     * @param int     $id
     *
     * @Route("/{id}/delete", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_delete", methods={"POST"})
     *
     * @throws AccessDeniedException
     *
     * @return array

     */
    public function deleteAction(Request $request, $id)
    {
        $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');

        /* @var EntityManager $em */
        $em = $this->getDoctrine()->getManager();
        /* @var UserInterface $user */
        $user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
        if (!\is_null($user)) {
            $userEvent = new UserEvent($user, $request);
            $this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);

            $em->remove($user);
            $em->flush();

            $this->addFlash(
                FlashTypes::SUCCESS,
                $this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
                    '%username%' => $user->getUsername(),
                ])
            );
        }

        return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
    }

    /**
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function changePasswordAction()
    {
        // Redirect to current user edit route...
        return new RedirectResponse(
            $this->generateUrl(
                'KunstmaanUserManagementBundle_settings_users_edit',
                array(
                    'id' => $this->container->get('security.token_storage')->getToken()->getUser()->getId(),
                )
            )
        );
    }
}


1		<?php
2
3		namespace Kunstmaan\UserManagementBundle\Controller;
4
5		use Doctrine\ORM\EntityManager;
6		use FOS\UserBundle\Event\UserEvent;
7		use FOS\UserBundle\Model\UserInterface;
8		use Kunstmaan\AdminBundle\Controller\BaseSettingsController;
9		use Kunstmaan\AdminBundle\Entity\BaseUser;
10		use Kunstmaan\AdminBundle\Event\AdaptSimpleFormEvent;
11		use Kunstmaan\AdminBundle\Event\Events;
12		use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
13		use Kunstmaan\AdminBundle\Form\RoleDependentUserFormInterface;
14		use Kunstmaan\AdminListBundle\AdminList\AdminList;
15		use Kunstmaan\UserManagementBundle\Event\UserEvents;
16		use Symfony\Component\Routing\Annotation\Route;
17		use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
18		use Symfony\Component\HttpFoundation\RedirectResponse;
19		use Symfony\Component\HttpFoundation\Request;
20		use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
21		use Symfony\Component\Security\Core\Exception\AccessDeniedException;
22
23		/**
24		* Settings controller handling everything related to creating, editing, deleting and listing users in an admin list
25		*/
26		class UsersController extends BaseSettingsController
27		{
28		/**
29		* List users
30		*
31		* @Route("/", name="KunstmaanUserManagementBundle_settings_users")
32		* @Template("@KunstmaanAdminList/Default/list.html.twig")
33		*
34		* @param \Symfony\Component\HttpFoundation\Request $request
35		*
36		* @return array
		0 ignored issues – show Documentation introduced 2017-11-21 06:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `array<string,AdminList>`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
37		*/
38		public function listAction(Request $request)
39		{
40		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
41
42		$em = $this->getDoctrine()->getManager();
43		$configuratorClassName = '';
44		if ($this->container->hasParameter('kunstmaan_user_management.user_admin_list_configurator.class')) {
45		$configuratorClassName = $this->container->getParameter(
46		'kunstmaan_user_management.user_admin_list_configurator.class'
47		);
48		}
49
50		$configurator = new $configuratorClassName($em);
51
52		/* @var AdminList $adminList */
53		$adminList = $this->container->get('kunstmaan_adminlist.factory')->createList($configurator);
54		$adminList->bindRequest($request);
55
56		return array(
57		'adminlist' => $adminList,
58		);
59		}
60
61		/**
62		* Get an instance of the admin user class.
63		*
64		* @return BaseUser
65		*/
66		private function getUserClassInstance()
67		{
68		$userClassName = $this->container->getParameter('fos_user.model.user.class');
69
70		return new $userClassName();
71		}
72
73		/**
74		* Add a user
75		*
76		* @Route("/add", name="KunstmaanUserManagementBundle_settings_users_add", methods={"GET", "POST"})
77		* @Template("@KunstmaanUserManagement/Users/add.html.twig")
78		*
79		* @param \Symfony\Component\HttpFoundation\Request $request
80		*
81		* @return array
		0 ignored issues – show Documentation introduced 2017-11-21 06:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `RedirectResponse\|array<s...omponent\Form\FormView>`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
82		*/
83		public function addAction(Request $request)
84		{
85		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
86
87		$user = $this->getUserClassInstance();
88
89		$options = array('password_required' => true, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'validation_groups' => array('Registration'), 'data_class' => \get_class($user));
90		$formTypeClassName = $user->getFormTypeClass();
91		$formType = new $formTypeClassName();
92
93		if ($formType instanceof RoleDependentUserFormInterface) {
94		// to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
95		$options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
96		}
97
98		$form = $this->createForm(
99		$formTypeClassName,
100		$user,
101		$options
102		);
103
104		if ($request->isMethod('POST')) {
105		$form->handleRequest($request);
106	View Code Duplication	if ($form->isSubmitted() && $form->isValid()) {
107		$user->setPasswordChanged(true);
108		/* @var UserManager $userManager */
109		$userManager = $this->container->get('fos_user.user_manager');
110		$userManager->updateUser($user, true);
111
112		$this->addFlash(
113		FlashTypes::SUCCESS,
114		$this->container->get('translator')->trans('kuma_user.users.add.flash.success.%username%', [
115		'%username%' => $user->getUsername(),
116		])
117		);
118
119		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
120		}
121		}
122
123		return array(
124		'form' => $form->createView(),
125		);
126		}
127
128		/**
129		* Edit a user
130		*
131		* @param int $id
132		*
133		* @Route("/{id}/edit", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_edit", methods={"GET", "POST"})
134		* @Template("@KunstmaanUserManagement/Users/edit.html.twig")
135		*
136		* @throws AccessDeniedException
137		*
138		* @return array
		0 ignored issues – show Documentation introduced 2018-09-26 07:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `RedirectResponse\|array`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
139		*/
140		public function editAction(Request $request, $id)
141		{
142		// The logged in user should be able to change his own password/username/email and not for other users
143		if ($id == $this->container->get('security.token_storage')->getToken()->getUser()->getId()) {
144		$requiredRole = 'ROLE_ADMIN';
145		} else {
146		$requiredRole = 'ROLE_SUPER_ADMIN';
147		}
148		$this->denyAccessUnlessGranted($requiredRole);
149
150		/* @var EntityManager $em */
151		$em = $this->getDoctrine()->getManager();
152
153		/** @var UserInterface $user */
154		$user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
155		if ($user === null) {
156		throw new NotFoundHttpException(sprintf('User with ID %s not found', $id));
157		}
158
159		$userEvent = new UserEvent($user, $request);
160		$this->container->get('event_dispatcher')->dispatch(UserEvents::USER_EDIT_INITIALIZE, $userEvent);
161
162		$options = array('password_required' => false, 'langs' => $this->container->getParameter('kunstmaan_admin.admin_locales'), 'data_class' => \get_class($user));
163		$formFqn = $user->getFormTypeClass();
164		$formType = new $formFqn();
165
166		if ($formType instanceof RoleDependentUserFormInterface) {
167		// to edit groups and enabled the current user should have ROLE_SUPER_ADMIN
168		$options['can_edit_all_fields'] = $this->isGranted('ROLE_SUPER_ADMIN');
169		}
170
171		$event = new AdaptSimpleFormEvent($request, $formFqn, $user, $options);
172		$event = $this->container->get('event_dispatcher')->dispatch(Events::ADAPT_SIMPLE_FORM, $event);
173		$tabPane = $event->getTabPane();
174
175		$form = $this->createForm($formFqn, $user, $options);
176
177		if ($request->isMethod('POST')) {
178		if ($tabPane) {
179		$tabPane->bindRequest($request);
180		$form = $tabPane->getForm();
181		} else {
182		$form->handleRequest($request);
183		}
184
185	View Code Duplication	if ($form->isSubmitted() && $form->isValid()) {
186		/* @var UserManager $userManager */
187		$userManager = $this->container->get('fos_user.user_manager');
188		$userManager->updateUser($user, true);
189
190		$this->addFlash(
191		FlashTypes::SUCCESS,
192		$this->container->get('translator')->trans('kuma_user.users.edit.flash.success.%username%', [
193		'%username%' => $user->getUsername(),
194		])
195		);
196
197		return new RedirectResponse(
198		$this->generateUrl(
199		'KunstmaanUserManagementBundle_settings_users_edit',
200		array('id' => $id)
201		)
202		);
203		}
204		}
205
206		$params = array(
207		'form' => $form->createView(),
208		'user' => $user,
209		);
210
211		if ($tabPane) {
212		$params = array_merge($params, array('tabPane' => $tabPane));
213		}
214
215		return $params;
216		}
217
218		/**
219		* Delete a user
220		*
221		* @param Request $request
222		* @param int $id
223		*
224		* @Route("/{id}/delete", requirements={"id" = "\d+"}, name="KunstmaanUserManagementBundle_settings_users_delete", methods={"POST"})
225		*
226		* @throws AccessDeniedException
227		*
228		* @return array
		0 ignored issues – show Documentation introduced 2018-09-26 07:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `RedirectResponse`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
229		*/
230		public function deleteAction(Request $request, $id)
231		{
232		$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
233
234		/* @var EntityManager $em */
235		$em = $this->getDoctrine()->getManager();
236		/* @var UserInterface $user */
237		$user = $em->getRepository($this->container->getParameter('fos_user.model.user.class'))->find($id);
238		if (!\is_null($user)) {
239		$userEvent = new UserEvent($user, $request);
240		$this->container->get('event_dispatcher')->dispatch(UserEvents::USER_DELETE_INITIALIZE, $userEvent);
241
242		$em->remove($user);
243		$em->flush();
244
245		$this->addFlash(
246		FlashTypes::SUCCESS,
247		$this->container->get('translator')->trans('kuma_user.users.delete.flash.success.%username%', [
248		'%username%' => $user->getUsername(),
249		])
250		);
251		}
252
253		return new RedirectResponse($this->generateUrl('KunstmaanUserManagementBundle_settings_users'));
254		}
255
256		/**
257		* @return \Symfony\Component\HttpFoundation\Response
258		*/
259		public function changePasswordAction()
260		{
261		// Redirect to current user edit route...
262		return new RedirectResponse(
263		$this->generateUrl(
264		'KunstmaanUserManagementBundle_settings_users_edit',
265		array(
266		'id' => $this->container->get('security.token_storage')->getToken()->getUser()->getId(),
267		)
268		)
269		);
270		}
271		}
272

Kunstmaan / KunstmaanBundlesCMS

Push — master ( 947afa...ae5e03 )

Controller/UsersController.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like