Issues in UsersController.php - Failed Issues - Inspection of "Feature plan acl" - bakaphp/phalcon-api - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Pull Request — master (#21)

by Maximo

created 2018-12-24 19:00 UTC

api/controllers/UsersController.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

<?php

declare (strict_types = 1);

namespace Gewaer\Api\Controllers;

use Gewaer\Models\Users;
use Gewaer\Models\UserLinkedSources;
use Baka\Auth\Models\Sources;
use Gewaer\Models\Companies;
use Phalcon\Http\Response;
use Phalcon\Validation;
use Phalcon\Validation\Validator\PresenceOf;
use Gewaer\Exception\BadRequestHttpException;
use Gewaer\Exception\UnprocessableEntityHttpException;
use Baka\Http\QueryParser;
use Gewaer\Exception\ModelException;
use Gewaer\Exception\NotFoundHttpException;
use Gewaer\Models\AccessList;

/**
 * Class UsersController
 *
 * @package Gewaer\Api\Controllers
 *
 * @property Users $userData
 * @property Request $request
 * @property Config $config
 */
class UsersController extends \Baka\Auth\UsersController
{
    /*
     * fields we accept to create
     *
     * @var array
     */
    protected $createFields = ['name', 'firstname', 'lastname', 'displayname', 'email', 'password', 'created_at', 'updated_at', 'default_company', 'family'];

    /*
     * fields we accept to create
     *
     * @var array
     */
    protected $updateFields = ['name', 'firstname', 'lastname', 'displayname', 'email', 'password', 'created_at', 'updated_at', 'default_company'];

    /**
     * set objects
     *
     * @return void
     */
    public function onConstruct()
    {
        $this->model = new Users();

        //if you are not a admin you cant see all the users
        if (!$this->userData->hasRole('Defaults.Admins')) {
            $this->additionalSearchFields = [
                ['id', ':', $this->userData->getId()],
            ];
        } else {
            //admin get all the users for this company
            $this->additionalSearchFields = [
                ['default_company', ':', $this->userData->default_company],
            ];
        }
    }

    /**
     * Get Uer
     *
     * @param mixed $id
     *
     * @method GET
     * @url /v1/users/{id}
     *
     * @return Response
     */
    public function getById($id) : Response
    {
        //find the info
        $user = $this->model->findFirst([
            'id = ?0 AND is_deleted = 0',
            'bind' => [$this->userData->getId()],
        ]);

        $user->password = null;

        //get relationship
        if ($this->request->hasQuery('relationships')) {
            $relationships = $this->request->getQuery('relationships', 'string');

            $user = QueryParser::parseRelationShips($relationships, $user);
        }

        //if you search for roles we give you the access for this app
        if (array_key_exists('roles', $user)) {
            $accesList = AccessList::find([
                'conditions' => 'roles_name = ?0 and apps_id = ?1 and allowed = 0',
                'bind' => [$user['roles'][0]->name, $this->config->app->id]
            ]);

            if (count($accesList) > 0) {
                foreach ($accesList as $access) {
                    $user['access_list'][strtolower($access->resources_name)][$access->access_name] = 0;
                }
            }
        }

        if ($user) {
            return $this->response($user);
        } else {
            throw new ModelException('Record not found');
        }
    }

    /**
     * Update a User Info
     *
     * @method PUT
     * @url /v1/users/{id}
     *
     * @return Response
     */
    public function edit($id) : Response
    {
        //none admin users can only edit themselves
        if (!$this->userData->hasRole('Default.Admins')) {
            $id = $this->userData->getId();
        }

        if ($user = $this->model->findFirst($id)) {
            $request = $this->request->getPut();

            if (empty($request)) {
                $request = $this->request->getJsonRawBody(true);
            }

            //update password
            if (array_key_exists('new_password', $request) && !empty($request['new_password'])) {


                  //Ok let validate user password
                $validation = new Validation();
                $validation->add('new_password', new PresenceOf(['message' => 'The new_password is required.']));
                $validation->add('current_password', new PresenceOf(['message' => 'The current_password is required.']));
                $validation->add('confirm_new_password', new PresenceOf(['message' => 'The confirm_new_password is required.']));
                $messages = $validation->validate($request);

                if (count($messages)) {
                    foreach ($messages as $message) {
                        throw new BadRequestHttpException((string)$message);
                    }
                }

                $user->updatePassword($request['current_password'], $request['new_password'], $request['confirm_new_password']);
                unset($request['password']);
            }

            //clean default company
            if (array_key_exists('default_company', $request)) {
                //@todo check if I belong to this company
                if ($company = Companies::findFirst($request['default_company'])) {
                    $user->default_company = $company->getId();
                    unset($request['default_company']);
                }
            }

            //update
            if ($user->update($request, $this->updateFields)) {
                $user->password = null;
                return $this->response($user);
            } else {
                //didnt work
                throw new ModelException((string)current($user->getMessages()));
            }
        } else {
            throw new NotFoundHttpException('Record not found');
        }
    }

    /**
     * Add users notifications
     *
     * @param int $id
     * @method PUT
     * @return Response
     */
    public function updateNotifications($id) : Response
    {
        //get the notification array
        //delete the current ones
        //iterate and save into users

        return $this->response(['OK']);
    }

    /**
     * Associate a Device with the corrent loggedin user
     *
     * @url /users/{id}/device
     * @method POST
     * @return Response
     */
    public function devices() : Response
    {
        //Ok let validate user password
        $validation = new Validation();
        $validation->add('app', new PresenceOf(['message' => _('App name is required.')]));
        $validation->add('deviceId', new PresenceOf(['message' => _('device ID is required.')]));

        //validate this form for password
        $messages = $validation->validate($this->request->getPost());
        if (count($messages)) {
            foreach ($messages as $message) {
                throw new BadRequestHttpException((string)$message);
            }
        }

        $app = $this->request->getPost('app', 'string');
        $deviceId = $this->request->getPost('deviceId', 'string');

        //get the app source
        if ($source = Sources::getByTitle($app)) {
            if (!$userSource = UserLinkedSources::findFirst(['conditions' => 'users_id = ?0 and source_users_id_text =?1', 'bind' => [$this->userData->getId(), $deviceId]])) {
                $userSource = new UserLinkedSources();
                $userSource->users_id = $this->userData->getId();
                $userSource->source_id = $source->getId();
                $userSource->source_users_id = $this->userData->getId();
                $userSource->source_users_id_text = $deviceId;
                $userSource->source_username = $this->userData->displayname . ' ' . $app;

                if (!$userSource->save()) {
                    throw new UnprocessableEntityHttpException((string)current($userSource->getMessages()));
                }

                $msg = 'User Device Associated';
            } else {
                $msg = 'User Device Already Associated';
            }
        }

        //clean password @todo move this to a better place
        $this->userData->password = null;

        return $this->response([
            'msg' => $msg,
            'user' => $this->userData
        ]);
    }
}


1			<?php
2
3			declare (strict_types = 1);
4
5			namespace Gewaer\Api\Controllers;
6
7			use Gewaer\Models\Users;
8			use Gewaer\Models\UserLinkedSources;
9			use Baka\Auth\Models\Sources;
10			use Gewaer\Models\Companies;
11			use Phalcon\Http\Response;
12			use Phalcon\Validation;
13			use Phalcon\Validation\Validator\PresenceOf;
14			use Gewaer\Exception\BadRequestHttpException;
15			use Gewaer\Exception\UnprocessableEntityHttpException;
16			use Baka\Http\QueryParser;
17			use Gewaer\Exception\ModelException;
18			use Gewaer\Exception\NotFoundHttpException;
19			use Gewaer\Models\AccessList;
20
21			/**
22			* Class UsersController
23			*
24			* @package Gewaer\Api\Controllers
25			*
26			* @property Users $userData
27			* @property Request $request
28			* @property Config $config
29			*/
30			class UsersController extends \Baka\Auth\UsersController
31			{
32			/*
33			* fields we accept to create
34			*
35			* @var array
36			*/
37			protected $createFields = ['name', 'firstname', 'lastname', 'displayname', 'email', 'password', 'created_at', 'updated_at', 'default_company', 'family'];
38
39			/*
40			* fields we accept to create
41			*
42			* @var array
43			*/
44			protected $updateFields = ['name', 'firstname', 'lastname', 'displayname', 'email', 'password', 'created_at', 'updated_at', 'default_company'];
45
46			/**
47			* set objects
48			*
49			* @return void
50			*/
51			public function onConstruct()
52			{
53			$this->model = new Users();
54
55			//if you are not a admin you cant see all the users
56			if (!$this->userData->hasRole('Defaults.Admins')) {
57			$this->additionalSearchFields = [
58			['id', ':', $this->userData->getId()],
59			];
60			} else {
61			//admin get all the users for this company
62			$this->additionalSearchFields = [
63			['default_company', ':', $this->userData->default_company],
64			];
65			}
66			}
67
68			/**
69			* Get Uer
70			*
71			* @param mixed $id
72			*
73			* @method GET
74			* @url /v1/users/{id}
75			*
76			* @return Response
77			*/
78			public function getById($id) : Response
79			{
80			//find the info
81			$user = $this->model->findFirst([
82			'id = ?0 AND is_deleted = 0',
83			'bind' => [$this->userData->getId()],
84			]);
85
86			$user->password = null;
87
88			//get relationship
89			if ($this->request->hasQuery('relationships')) {
90			$relationships = $this->request->getQuery('relationships', 'string');
91
92			$user = QueryParser::parseRelationShips($relationships, $user);
93			}
94
95			//if you search for roles we give you the access for this app
96			if (array_key_exists('roles', $user)) {
97			$accesList = AccessList::find([
98			'conditions' => 'roles_name = ?0 and apps_id = ?1 and allowed = 0',
99			'bind' => [$user['roles'][0]->name, $this->config->app->id]
100			]);
101
102			if (count($accesList) > 0) {
103			foreach ($accesList as $access) {
104			$user['access_list'][strtolower($access->resources_name)][$access->access_name] = 0;
105			}
106			}
107			}
108
109			if ($user) {
110			return $this->response($user);
111			} else {
112			throw new ModelException('Record not found');
113			}
114			}
115
116			/**
117			* Update a User Info
118			*
119			* @method PUT
120			* @url /v1/users/{id}
121			*
122			* @return Response
123			*/
124			public function edit($id) : Response
125			{
126			//none admin users can only edit themselves
127			if (!$this->userData->hasRole('Default.Admins')) {
128			$id = $this->userData->getId();
129			}
130
131			if ($user = $this->model->findFirst($id)) {
132			$request = $this->request->getPut();
133
134			if (empty($request)) {
135			$request = $this->request->getJsonRawBody(true);
136			}
137
138			//update password
139			if (array_key_exists('new_password', $request) && !empty($request['new_password'])) {
			0 ignored issues – show Coding Style introduced 2018-12-24 01:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at start of control structure Loading history...
140
141			//Ok let validate user password
142			$validation = new Validation();
143			$validation->add('new_password', new PresenceOf(['message' => 'The new_password is required.']));
144			$validation->add('current_password', new PresenceOf(['message' => 'The current_password is required.']));
145			$validation->add('confirm_new_password', new PresenceOf(['message' => 'The confirm_new_password is required.']));
146			$messages = $validation->validate($request);
147
148			if (count($messages)) {
149			foreach ($messages as $message) {
150			throw new BadRequestHttpException((string)$message);
151			}
152			}
153
154			$user->updatePassword($request['current_password'], $request['new_password'], $request['confirm_new_password']);
155			unset($request['password']);
156			}
157
158			//clean default company
159			if (array_key_exists('default_company', $request)) {
160			//@todo check if I belong to this company
161			if ($company = Companies::findFirst($request['default_company'])) {
162			$user->default_company = $company->getId();
163			unset($request['default_company']);
164			}
165			}
166
167			//update
168			if ($user->update($request, $this->updateFields)) {
169			$user->password = null;
170			return $this->response($user);
171			} else {
172			//didnt work
173			throw new ModelException((string)current($user->getMessages()));
174			}
175			} else {
176			throw new NotFoundHttpException('Record not found');
177			}
178			}
179
180			/**
181			* Add users notifications
182			*
183			* @param int $id
184			* @method PUT
185			* @return Response
186			*/
187			public function updateNotifications($id) : Response
188			{
189			//get the notification array
190			//delete the current ones
191			//iterate and save into users
192
193			return $this->response(['OK']);
194			}
195
196			/**
197			* Associate a Device with the corrent loggedin user
198			*
199			* @url /users/{id}/device
200			* @method POST
201			* @return Response
202			*/
203			public function devices() : Response
204			{
205			//Ok let validate user password
206			$validation = new Validation();
207			$validation->add('app', new PresenceOf(['message' => _('App name is required.')]));
208			$validation->add('deviceId', new PresenceOf(['message' => _('device ID is required.')]));
209
210			//validate this form for password
211			$messages = $validation->validate($this->request->getPost());
212			if (count($messages)) {
213			foreach ($messages as $message) {
214			throw new BadRequestHttpException((string)$message);
215			}
216			}
217
218			$app = $this->request->getPost('app', 'string');
219			$deviceId = $this->request->getPost('deviceId', 'string');
220
221			//get the app source
222			if ($source = Sources::getByTitle($app)) {
223			if (!$userSource = UserLinkedSources::findFirst(['conditions' => 'users_id = ?0 and source_users_id_text =?1', 'bind' => [$this->userData->getId(), $deviceId]])) {
224			$userSource = new UserLinkedSources();
225			$userSource->users_id = $this->userData->getId();
226			$userSource->source_id = $source->getId();
227			$userSource->source_users_id = $this->userData->getId();
228			$userSource->source_users_id_text = $deviceId;
229			$userSource->source_username = $this->userData->displayname . ' ' . $app;
230
231			if (!$userSource->save()) {
232			throw new UnprocessableEntityHttpException((string)current($userSource->getMessages()));
233			}
234
235			$msg = 'User Device Associated';
236			} else {
237			$msg = 'User Device Already Associated';
238			}
239			}
240
241			//clean password @todo move this to a better place
242			$this->userData->password = null;
243
244			return $this->response([
245			'msg' => $msg,
246			'user' => $this->userData
247			]);
248			}
249			}
250

bakaphp / phalcon-api

Pull Request — master (#21)

api/controllers/UsersController.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like