Permission::check() - Code Metrics - OmarElGabry/miniPHP - Measure and Improve Code Quality continuously with Scrutinizer

Permission::check() D
last analyzed 2018-01-04 10:22 UTC

↳ Parent: Permission

Complexity

Conditions	10
Paths	12

Size

Total Lines	34
Code Lines	16

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	34
rs	4.8196
cc	10
eloc	16
nc	12
nop	4

How to fix Complexity

<?php

 /**
  * Permission Class
  *
  * Handles all permissions for accessing resources(usually controllers), and what are the actions a user can perform
  *
  * This class requires from you to define all permission rules in you PHP code,
  * Another approach you could take is to define them in the database,
  * But, i find this approach is simpler and less costly at least for this application.
  *
  * @license    http://opensource.org/licenses/MIT The MIT License (MIT)
  * @author     Omar El Gabry <[email protected]>
  */

class Permission {
namespace YourVendor;

class YourClass { }

    /**
     * allowed permissions for actions on specific resources
     *
     * $perms[] = [
     *      'role' => 'student', //AROs
     *      'resource' => 'Post' //ACOs - actions could be ACOs instead.
     *      'actions' => ['edit', 'delete'],
     *      'conditions' => ['owner'] - things that you validate against if the user has access to the action
     *  ];
     *
     * @var array
     */
    public static $perms = [];

    /**
     * check if the $role has access to $action on $resource
     *
     * @param  string  $role
     * @param  string  $resource
     * @param  string  $action   if set to "*", then check if $actions parameter was assigned to "*" when using allow() method
     *                           This indicates the $role has access to all actions on $resource
     * @param  array   $config   configuration data to be passed to condition methods
     * @throws Exception if $config is empty or method doesn't exists
     * @return boolean
     */
    public static function check($role, $resource, $action = "*", array $config = []){

        // checks if action was allowed at least once
        $allowed = false;
        $action = strtolower($action);

        foreach(self::$perms as $perm){
            if($perm['role'] === $role && $perm['resource'] === $resource){

                if(in_array($action, $perm["actions"], true) || $perm["actions"] === ["*"]){

                    $allowed = true;

                    foreach($perm["conditions"] as $condition){

                        if (!method_exists(__CLASS__, $condition)) {
                            throw new Exception("Permission, Method doesnt exists: " . $condition);
                        }

                        if(self::$condition($config) === false){
                            Logger::log("Permission", $role . " is not allowed to perform '" . $action . "' action on " . $resource . " because of " . $condition, __FILE__, __LINE__);
                            return false;
                        }
                    }
                }
            }
        }

        if(!$allowed){
            Logger::log("Permission", $role . " is not allowed to perform '" . $action . "' action on " . $resource, __FILE__, __LINE__);
        }

        return $allowed;
    }

    /**
     * Add new rule: allow a $role for $actions on $resource,
     * You may add additional $conditions that must be fulfilled as well.
     *
     * @param  string  $role
     * @param  string  $resource
     * @param  mixed   $actions
     * @param  mixed   $conditions
     */
    public static function allow($role, $resource, $actions = "*", $conditions = []){

        $actions = array_map("strtolower", (array)$actions);

        self::$perms[] = ['role' => $role, 'resource' => $resource, 'actions' => $actions, 'conditions' => (array)$conditions];
    }

    /**
     *  deny or remove $actions for a $role on $resource
     *
     * @param  string  $role
     * @param  string  $resource
     * @param  mixed   $actions
     */
    public static function deny($role, $resource, $actions = "*"){

        $actions = array_map("strtolower", (array)$actions);

        foreach(self::$perms as $key => &$perm){
            if($perm['role'] === $role && $perm['resource'] === $resource){
                foreach($perm['actions'] as $index => $action){
                    if(in_array($action, $actions, true) || $actions === ["*"]){
                        unset($perm['actions'][$index]);
                    }
                }

                if(empty($perm['actions'])){
                    unset(self::$perms[$key]);
                }
            }
        }
    }

    /** *********************************************** **/
    /** **************    Conditions     ************** **/
    /** *********************************************** **/

    /**
     * checks if user is owner
     *
     * @param  array $config
     * @return bool
     */
    private static function owner($config){

        $database = Database::openConnection();

        $database->prepare('SELECT * FROM '.$config["table"]. ' WHERE id = :id AND user_id = :user_id LIMIT 1');
        $database->bindValue(':id', (int)$config["id"]);
        $database->bindValue(':user_id', (int)$config["user_id"]);
        $database->execute();

        return $database->countRows() === 1;
    }

 }


1			<?php
2
3			/**
4			* Permission Class
5			*
6			* Handles all permissions for accessing resources(usually controllers), and what are the actions a user can perform
7			*
8			* This class requires from you to define all permission rules in you PHP code,
9			* Another approach you could take is to define them in the database,
10			* But, i find this approach is simpler and less costly at least for this application.
11			*
12			* @license http://opensource.org/licenses/MIT The MIT License (MIT)
13			* @author Omar El Gabry <[email protected]>
14			*/
15
16			class Permission {
			0 ignored issues – show Coding Style Compatibility introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
17
18			/**
19			* allowed permissions for actions on specific resources
20			*
21			* $perms[] = [
22			* 'role' => 'student', //AROs
23			* 'resource' => 'Post' //ACOs - actions could be ACOs instead.
24			* 'actions' => ['edit', 'delete'],
25			* 'conditions' => ['owner'] - things that you validate against if the user has access to the action
26			* ];
27			*
28			* @var array
29			*/
30			public static $perms = [];
31
32			/**
33			* check if the $role has access to $action on $resource
34			*
35			* @param string $role
36			* @param string $resource
37			* @param string $action if set to "", then check if $actions parameter was assigned to "" when using allow() method
38			* This indicates the $role has access to all actions on $resource
39			* @param array $config configuration data to be passed to condition methods
40			* @throws Exception if $config is empty or method doesn't exists
41			* @return boolean
42			*/
43			public static function check($role, $resource, $action = "*", array $config = []){
44
45			// checks if action was allowed at least once
46			$allowed = false;
47			$action = strtolower($action);
48
49			foreach(self::$perms as $perm){
50			if($perm['role'] === $role && $perm['resource'] === $resource){
51
52			if(in_array($action, $perm["actions"], true) \|\| $perm["actions"] === ["*"]){
53
54			$allowed = true;
55
56			foreach($perm["conditions"] as $condition){
57
58			if (!method_exists(__CLASS__, $condition)) {
59			throw new Exception("Permission, Method doesnt exists: " . $condition);
60			}
61
62			if(self::$condition($config) === false){
63			Logger::log("Permission", $role . " is not allowed to perform '" . $action . "' action on " . $resource . " because of " . $condition, __FILE__, __LINE__);
64			return false;
65			}
66			}
67			}
68			}
69			}
70
71			if(!$allowed){
72			Logger::log("Permission", $role . " is not allowed to perform '" . $action . "' action on " . $resource, __FILE__, __LINE__);
73			}
74
75			return $allowed;
76			}
77
78			/**
79			* Add new rule: allow a $role for $actions on $resource,
80			* You may add additional $conditions that must be fulfilled as well.
81			*
82			* @param string $role
83			* @param string $resource
84			* @param mixed $actions
85			* @param mixed $conditions
86			*/
87			public static function allow($role, $resource, $actions = "*", $conditions = []){
88
89			$actions = array_map("strtolower", (array)$actions);
90
91			self::$perms[] = ['role' => $role, 'resource' => $resource, 'actions' => $actions, 'conditions' => (array)$conditions];
92			}
93
94			/**
95			* deny or remove $actions for a $role on $resource
96			*
97			* @param string $role
98			* @param string $resource
99			* @param mixed $actions
100			*/
101			public static function deny($role, $resource, $actions = "*"){
102
103			$actions = array_map("strtolower", (array)$actions);
104
105			foreach(self::$perms as $key => &$perm){
106			if($perm['role'] === $role && $perm['resource'] === $resource){
107			foreach($perm['actions'] as $index => $action){
108			if(in_array($action, $actions, true) \|\| $actions === ["*"]){
109			unset($perm['actions'][$index]);
110			}
111			}
112
113			if(empty($perm['actions'])){
114			unset(self::$perms[$key]);
115			}
116			}
117			}
118			}
119
120			/ ******************************************* /
121			/ ********** Conditions ********** /
122			/ ******************************************* /
123
124			/**
125			* checks if user is owner
126			*
127			* @param array $config
128			* @return bool
129			*/
130			private static function owner($config){
131
132			$database = Database::openConnection();
133
134			$database->prepare('SELECT * FROM '.$config["table"]. ' WHERE id = :id AND user_id = :user_id LIMIT 1');
135			$database->bindValue(':id', (int)$config["id"]);
136			$database->bindValue(':user_id', (int)$config["user_id"]);
137			$database->execute();
138
139			return $database->countRows() === 1;
140			}
141
142			}
143

GitHub Access Token became invalid

Permission::check() D
last analyzed 2018-01-04 10:22 UTC

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

OmarElGabry / miniPHP

GitHub Access Token became invalid

Permission::check() D last analyzed 2018-01-04 10:22 UTC

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like

Permission::check() D
last analyzed 2018-01-04 10:22 UTC