Api\WebservicePremium\Privilege::isPermitted()

Complexity

Conditions	37
Paths	150

Size

Total Lines	107
Code Lines	79

Duplication

Lines	0
Ratio	0 %

Importance

Changes

0

<?php
	public static function isPermitted(string $moduleName, $actionName = null, $record = false, $userId = false)
	{
		if (!$userId) {
			$user = \App\User::getCurrentUserModel();
		} else {
			$user = \App\User::getUserModel($userId);
		}
		$userId = $user->getId();
		if (empty($record) || !$user->has('permission_type')) {
			return \App\Privilege::checkPermission($moduleName, $actionName, $record, $userId);
		}
		switch ($user->get('permission_type')) {
			case self::USER_PERMISSIONS:
				return \App\Privilege::checkPermission($moduleName, $actionName, $record, $userId);
			case self::ACCOUNTS_RELATED_RECORDS:
				$parentRecordId = \App\Record::getParentRecord($user->get('permission_crmid'));
				break;
			case self::ACCOUNTS_RELATED_RECORDS_AND_LOWER_IN_HIERARCHY:
			case self::ACCOUNTS_RELATED_RECORDS_IN_HIERARCHY:
				$parentRecordId = static::getParentCrmId($user);
				break;
			default:
				throw new \Api\Core\Exception('Invalid permissions ', 400);
		}
		if ('ModComments' !== $moduleName && !($permissionFieldInfo = \Api\Core\Module::getApiFieldPermission($moduleName, $user->get('permission_app')))) {
			\App\Privilege::$isPermittedLevel = 'FIELD_PERMISSION_NOT_EXISTS';
			return false;
		}
		if (!\App\Privilege::checkPermission($moduleName, $actionName, $record, $userId)) {
			return false;
		}
		if (0 === \App\ModuleHierarchy::getModuleLevel($moduleName)) {
			$permission = $parentRecordId === $record;
			\App\Privilege::$isPermittedLevel = 'RECORD_HIERARCHY_LEVEL_' . ($permission ? 'YES' : 'NO');
			return $permission;
		}
		$recordModel = \Vtiger_Record_Model::getInstanceById($record, $moduleName);
		if ('ModComments' !== $moduleName && !$recordModel->get($permissionFieldInfo['fieldname'])) {

The variable $permissionFieldInfo does not seem to be defined for all execution paths leading up to this point.

			\App\Privilege::$isPermittedLevel = "FIELD_PERMISSION_NO {$permissionFieldInfo['fieldname']}: {$recordModel->get($permissionFieldInfo['fieldname'])}";
			return false;
		}

		$parentModule = \App\Record::getType($parentRecordId) ?? '';
		$moduleModel = $recordModel->getModule();
		if (\in_array($moduleName, ['Products', 'Services'])) {
			\App\Privilege::$isPermittedLevel = $moduleName . '_SPECIAL_PERMISSION_YES';
			return true;
		}
		$fieldsForParent = $moduleModel->getReferenceFieldsForModule($parentModule);
		if ($fieldsForParent) {

The expression $fieldsForParent of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

			foreach ($fieldsForParent as $referenceField) {
				if ($recordModel->get($referenceField->getName()) === $parentRecordId) {
					\App\Privilege::$isPermittedLevel = 'RECORD_RELATED_YES';
					return true;
				}
			}
			\App\Privilege::$isPermittedLevel = 'RECORD_RELATED_NO';
			return false;
		}
		foreach (array_keys(\App\Relation::getByModule($parentModule, true, $moduleName)) as $relationId) {
			$relationModel = \Vtiger_Relation_Model::getInstanceById($relationId);
			$relationModel->set('parentRecord', \Vtiger_Record_Model::getInstanceById($parentRecordId, $parentModule));
			$queryGenerator = $relationModel->getQuery();
			$queryGenerator->permissions = false;
			$queryGenerator->clearFields()->setFields(['id'])->addCondition('id', $record, 'e');
			if ($queryGenerator->createQuery()->exists()) {
				\App\Privilege::$isPermittedLevel = $moduleName . '_RELATED_YES';
				return true;
			}
		}
		if ($fields = $moduleModel->getFieldsByReference()) {
			foreach ($fields as $fieldModel) {
				if (!$fieldModel->isActiveField() || $recordModel->isEmpty($fieldModel->getName())) {
					continue;
				}
				$relRecordId = $recordModel->get($fieldModel->getName());
				foreach ($fieldModel->getReferenceList() as $relModuleName) {
					if ('Users' === $relModuleName || $relModuleName === $parentModule || $relModuleName === $moduleName) {
						continue;
					}
					$relModuleModel = \Vtiger_Module_Model::getInstance($relModuleName);
					foreach ($relModuleModel->getReferenceFieldsForModule($parentModule) as $referenceField) {
						if (\App\Record::isExists($relRecordId, $relModuleName) && \App\Record::getType($relRecordId) === $relModuleName && \Vtiger_Record_Model::getInstanceById($relRecordId, $relModuleName)->get($referenceField->getName()) === $parentRecordId) {
							\App\Privilege::$isPermittedLevel = $moduleName . '_RELATED_SL_YES';
							return true;
						}
					}
				}
			}
		}
		if ('Documents' === $moduleName) {
			foreach (\Documents_Record_Model::getReferenceModuleByDocId($record) as $parentModuleName) {
				$relationListView = \Vtiger_RelationListView_Model::getInstance($recordModel, $parentModuleName);
				$relationListView->setFields([]);
				$relationListView->getQueryGenerator()->setFields(['id'])->setLimit(10)->permissions = false;
				$dataReader = $relationListView->getRelationQuery()->createCommand()->query();

The method createCommand() does not exist on App\QueryGenerator.

				while ($id = $dataReader->readColumn(0)) {
					if (\App\Privilege::isPermitted($parentModuleName, 'DetailView', $id, $user->getId())) {
						\App\Privilege::$isPermittedLevel = "PERMISSION_{$parentModuleName}_YES-{$id}";
						return true;
					}
				}
			}
		}

		\App\Privilege::$isPermittedLevel = 'ALL_PERMISSION_NO';
		return false;
	}