These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php declare(strict_types=1); |
||
2 | |||
3 | /** |
||
4 | * This file is part of the Samshal\Acl library |
||
5 | * |
||
6 | * @license MIT |
||
7 | * @copyright Copyright (c) 2016 Samshal http://samshal.github.com |
||
8 | */ |
||
9 | namespace Samshal\Acl; |
||
10 | |||
11 | use Samshal\Acl\Role\{ |
||
12 | DefaultRole as Role, |
||
13 | RoleInterface |
||
14 | }; |
||
15 | use Samshal\Acl\Resource\{ |
||
16 | DefaultResource as Resource, |
||
17 | ResourceInterface |
||
18 | }; |
||
19 | use Samshal\Acl\Permission\{ |
||
20 | DefaultPermission as Permission, |
||
21 | PermissionInterface |
||
22 | }; |
||
23 | use Samshal\Acl\Registry\{ |
||
24 | GlobalRegistry, |
||
25 | Registry |
||
26 | }; |
||
27 | |||
28 | |||
29 | /** |
||
30 | * Class Acl |
||
31 | * |
||
32 | * @package samshal.acl |
||
33 | * @author Samuel Adeshina <[email protected]> |
||
34 | * @since 30/05/2016 |
||
35 | */ |
||
36 | class Acl implements AclInterface |
||
37 | { |
||
38 | /** |
||
39 | * @var Samshal\Acl\Registry\RegistryInterface $roleRegistry |
||
40 | */ |
||
41 | public $roleRegistry; |
||
42 | |||
43 | /** |
||
44 | * @var Samshal\Acl\Registry\RegistryInterface $resourceRegistry |
||
45 | */ |
||
46 | protected $resourceRegistry; |
||
47 | |||
48 | /** |
||
49 | * @var Samshal\Acl\Registry\RegistryInterface $permissionRegistry |
||
50 | */ |
||
51 | protected $permissionRegistry; |
||
52 | |||
53 | /** |
||
54 | * @var Samshal\Acl\Registry\RegistryInterface $globalRegistry |
||
55 | */ |
||
56 | public $globalRegistry; |
||
57 | |||
58 | /** |
||
59 | * @var string[] $sesion |
||
60 | */ |
||
61 | protected $session = []; |
||
62 | |||
63 | /** |
||
64 | * @var string SYN_ALLOW |
||
65 | */ |
||
66 | const SYN_ALLOW = "can"; |
||
67 | |||
68 | /** |
||
69 | * @var string SYN_DENY |
||
70 | */ |
||
71 | const SYN_DENY = "cannot"; |
||
72 | |||
73 | /** |
||
74 | * Performs bootstrapping |
||
75 | */ |
||
76 | public function __construct() |
||
77 | { |
||
78 | self::initRegistries(); |
||
79 | self::initSession(); |
||
80 | } |
||
81 | |||
82 | /** |
||
83 | * Initalizes the registries |
||
84 | * |
||
85 | * @return void |
||
86 | */ |
||
87 | protected function initRegistries() |
||
88 | { |
||
89 | $this->roleRegistry = new Registry(); |
||
90 | $this->resourceRegistry = new Registry(); |
||
91 | $this->permissionRegistry = new Registry(); |
||
92 | $this->globalRegistry = new GlobalRegistry(); |
||
93 | } |
||
94 | |||
95 | /** |
||
96 | * Initializes the global session array and sets them to the default value |
||
97 | * |
||
98 | * @return void |
||
99 | */ |
||
100 | protected function initSession() |
||
101 | { |
||
102 | $this->session["query"] = true; |
||
103 | unset($this->session["role"], $this->session["status"]); |
||
104 | } |
||
105 | |||
106 | /** |
||
107 | * Listen for and intercept properties that're not set |
||
108 | * |
||
109 | * @param string $role; |
||
110 | * @throws \Exception |
||
111 | * @return AclInterface |
||
112 | */ |
||
113 | public function __get(string $role) : AclInterface |
||
114 | { |
||
115 | if ($role === self::SYN_ALLOW || $role === self::SYN_DENY) |
||
116 | { |
||
117 | $this->session["status"] = ($role === self::SYN_ALLOW); |
||
118 | |||
119 | if (!empty($this->session["role"])) |
||
120 | { |
||
121 | $this->session["query"] = false; |
||
122 | } |
||
123 | |||
124 | return $this; |
||
125 | } |
||
126 | |||
127 | if (!$this->roleRegistry->exists($role)) { |
||
128 | throw new \Exception( |
||
129 | sprintf( |
||
130 | "The role: %s doesnt exist", |
||
131 | (string)$role |
||
132 | ) |
||
133 | ); |
||
134 | } |
||
135 | |||
136 | $this->session["role"] = $role; |
||
137 | |||
138 | return $this; |
||
139 | } |
||
140 | |||
141 | /** |
||
142 | * Listen for and intercept undefined methods |
||
143 | * |
||
144 | * @param string $permission |
||
145 | * @param string[] $args |
||
146 | * @throws \Exception |
||
147 | * @return boolean|null |
||
148 | */ |
||
149 | public function __call(string $permission, array $args) |
||
150 | { |
||
151 | if (!$this->permissionRegistry->exists($permission)) { |
||
152 | throw new \Exception( |
||
153 | sprintf( |
||
154 | "The permission: %s doesnt exist", |
||
155 | (string)$permission |
||
156 | ) |
||
157 | ); |
||
158 | } |
||
159 | |||
160 | foreach ($args as $arg) { |
||
161 | if (!$this->resourceRegistry->exists($arg)) { |
||
162 | throw new \Exception( |
||
163 | sprintf( |
||
164 | "The resource: %s doesnt exist", |
||
165 | (string)$arg |
||
166 | ) |
||
167 | ); |
||
168 | } |
||
169 | } |
||
170 | |||
171 | if ($this->session["query"]) |
||
172 | { |
||
173 | $result = $this->getPermissionStatus( |
||
174 | $this->session["role"], |
||
175 | $permission, |
||
176 | $args[0] |
||
177 | ); |
||
178 | |||
179 | $this->initSession(); |
||
180 | |||
181 | return $result; |
||
182 | } |
||
183 | |||
184 | foreach ($args as $arg) { |
||
185 | $this->allow( |
||
186 | $this->session["role"], |
||
187 | $permission, |
||
188 | $arg, |
||
189 | (boolean)$this->session["status"] |
||
190 | ); |
||
191 | } |
||
192 | |||
193 | $this->initSession(); |
||
194 | } |
||
195 | |||
196 | /** |
||
197 | * Add a new role object to the registry |
||
198 | * |
||
199 | * @param string[] $role |
||
200 | * @return void |
||
201 | */ |
||
202 | public function addRole(string ...$role) |
||
203 | { |
||
204 | foreach ($role as $_role) |
||
205 | { |
||
206 | $this->roleRegistry->save($_role); |
||
207 | } |
||
208 | } |
||
209 | |||
210 | /** |
||
211 | * Add a new resource object to the registry |
||
212 | * |
||
213 | * @param string[] $resource |
||
214 | * @return void |
||
215 | */ |
||
216 | public function addResource(string ...$resource) |
||
217 | { |
||
218 | foreach ($resource as $_resource) |
||
219 | { |
||
220 | $this->resourceRegistry->save($_resource); |
||
221 | } |
||
222 | } |
||
223 | |||
224 | /** |
||
225 | * Add a new permission object to the registry |
||
226 | * |
||
227 | * @param string[] $permission |
||
228 | * @return void |
||
229 | */ |
||
230 | public function addPermission(string ...$permission) |
||
231 | { |
||
232 | foreach ($permission as $_permission) |
||
233 | { |
||
234 | $this->permissionRegistry->save($_permission); |
||
235 | } |
||
236 | } |
||
237 | |||
238 | /** |
||
239 | * Adds objects lazily. |
||
240 | * |
||
241 | * Automatically determine the type of an object and call the appropriate |
||
242 | * add method on it. |
||
243 | * |
||
244 | * @param ObjectInterface[] $objects |
||
245 | * @throws \Exception |
||
246 | * @return void |
||
247 | */ |
||
248 | public function add(ObjectInterface ...$objects) |
||
249 | { |
||
250 | foreach ($objects as $object) |
||
251 | { |
||
252 | if ($object instanceof RoleInterface) |
||
253 | { |
||
254 | $this->addRole((string)$object); |
||
255 | } |
||
256 | else if ($object instanceof ResourceInterface) |
||
257 | { |
||
258 | $this->addResource((string)$object); |
||
259 | } |
||
260 | else if ($object instanceof PermissionInterface) |
||
261 | { |
||
262 | $this->addPermission((string)$object); |
||
263 | } |
||
264 | else { |
||
265 | throw new \Exception( |
||
266 | sprintf( |
||
267 | "%s must implement one of RoleInterface, '. |
||
268 | 'ResourceInterface and PermissionInterface", |
||
269 | $object |
||
270 | ) |
||
271 | ); |
||
272 | } |
||
273 | } |
||
274 | } |
||
275 | |||
276 | /** |
||
277 | * Change the status option of an assigned permission to true |
||
278 | * |
||
279 | * @param string $role; |
||
0 ignored issues
–
show
|
|||
280 | * @param string $permission |
||
281 | * @param string $resource |
||
282 | * @param boolean $status Optional |
||
283 | * @throws \Exception |
||
284 | * @return void |
||
285 | */ |
||
286 | public function allow(string $role, string $permission, string $resource, bool $status=null) |
||
287 | { |
||
288 | $status = $status ?? true; |
||
289 | if (!$this->roleRegistry->exists($role)) { |
||
290 | throw new \Exception( |
||
291 | sprintf( |
||
292 | "The role: %s doesnt exist", |
||
293 | (string)$role |
||
294 | ) |
||
295 | ); |
||
296 | } |
||
297 | |||
298 | if (!$this->permissionRegistry->exists($permission)) { |
||
299 | throw new \Exception( |
||
300 | sprintf( |
||
301 | "The permission: %s doesnt exist", |
||
302 | (string)$permission |
||
303 | ) |
||
304 | ); |
||
305 | } |
||
306 | |||
307 | if (!$this->resourceRegistry->exists($resource)) { |
||
308 | throw new \Exception( |
||
309 | sprintf( |
||
310 | "The resource: %s doesnt exist", |
||
311 | (string)$resource |
||
312 | ) |
||
313 | ); |
||
314 | } |
||
315 | |||
316 | $this->globalRegistry->save($role, $resource, $permission, $status); |
||
317 | } |
||
318 | |||
319 | /** |
||
320 | * Change the status option of an assigned permission to false |
||
321 | * |
||
322 | * @param string $role; |
||
323 | * @param string $permission |
||
324 | * @param string $resource |
||
325 | * @return void |
||
326 | */ |
||
327 | public function deny(string $role, string $permission, string $resource) |
||
328 | { |
||
329 | $this->allow($role, $permission, $resource, false); |
||
330 | } |
||
331 | |||
332 | /** |
||
333 | * Retrieve the status of a permission assigned to a role |
||
334 | * |
||
335 | * @param string $role; |
||
336 | * @param string $permission |
||
337 | * @param string $resource |
||
338 | * @return boolean |
||
339 | */ |
||
340 | public function getPermissionStatus(string $role, string $permission, string $resource) : bool |
||
341 | { |
||
342 | if (!$this->roleRegistry->exists($role)) { |
||
343 | throw new \Exception( |
||
344 | sprintf( |
||
345 | "The role: %s doesnt exist", |
||
346 | (string)$role |
||
347 | ) |
||
348 | ); |
||
349 | } |
||
350 | |||
351 | if (!$this->permissionRegistry->exists($permission)) { |
||
352 | throw new \Exception( |
||
353 | sprintf( |
||
354 | "The permission: %s doesnt exist", |
||
355 | (string)$permission |
||
356 | ) |
||
357 | ); |
||
358 | } |
||
359 | |||
360 | if (!$this->resourceRegistry->exists($resource)) { |
||
361 | throw new \Exception( |
||
362 | sprintf( |
||
363 | "The resource: %s doesnt exist", |
||
364 | (string)$resource |
||
365 | ) |
||
366 | ); |
||
367 | } |
||
368 | |||
369 | |||
370 | $role = $this->globalRegistry->get($role); |
||
371 | |||
372 | return $role[$resource][$permission]["status"] ?? false; |
||
373 | } |
||
374 | } |
||
375 |
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.
Consider the following example. The parameter
$italy
is not defined by the methodfinale(...)
.The most likely cause is that the parameter was removed, but the annotation was not.