bakaphp / phalcon-api

library/Traits/PermissionsTrait.php

<?php

End of line character is invalid; expected "\n" but found "\r\n"

declare(strict_types=1);


namespace Gewaer\Traits;


use Gewaer\Models\Roles;

use Gewaer\Models\UserRoles;

use Gewaer\Exception\ServerErrorHttpException;

use Gewaer\Exception\ModelException;


/**

 * Trait FractalTrait

 *

 * @package Gewaer\Traits

 */

trait PermissionsTrait

{

    /**

     * Assigne a user this role

     * Example: App.Role

     *

     * @param string $role

     * @return boolean

     */

    public function assignRole(string $role): bool

    {

        $role = Roles::getByAppName($role, $this->defaultCompany);

The method Gewaer\Models\Roles::getByAppName() is not static, but was called statically.

        if (!$role) {

$role is of type Gewaer\Models\Roles, thus it always evaluated to true.

            throw new ServerErrorHttpException('Role not found in DB');

        }


        $userRole = UserRoles::findFirst([

            'conditions' => 'users_id = ?0 and roles_id = ?1 and apps_id = ?2 and company_id = ?3',

            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->default_company]

It seems like getId() must be provided by classes using this trait. How about adding it as abstract method to this trait?

        ]);


        if (!$userRole) {

$userRole is of type Phalcon\Mvc\Model, thus it always evaluated to true.

            $userRole = new UserRoles();

            $userRole->users_id = $this->getid();

            $userRole->roles_id = $role->getId();

            $userRole->apps_id = $role->apps_id;

            $userRole->company_id = $this->default_company;

            if (!$userRole->save()) {

                throw new ModelException((string) current($userRole->getMessages()));

            }

        }


        return true;

    }


    /**

     * Remove a role for the current user

     * Example: App.Role

     *

     * @param string $role

     * @return boolean

     */

    public function removeRole(string $role): bool

    {

        $role = Roles::getByAppName($role, $this->defaultCompany);

The method Gewaer\Models\Roles::getByAppName() is not static, but was called statically.

        if (!$role) {

$role is of type Gewaer\Models\Roles, thus it always evaluated to true.

            throw new ServerErrorHttpException('Role not found in DB');

        }


        $userRole = UserRoles::findFirst([

            'conditions' => 'users_id = ?0 and roles_id = ?1 and apps_id = ?2 and company_id = ?3',

            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->default_company]

        ]);


        if ($userRole) {

$userRole is of type Phalcon\Mvc\Model, thus it always evaluated to true.

            return $userRole->delete();

        }


        return false;

    }


    /**

     * Check if the user has this role

     *

     * @param string $role

     * @return boolean

     */

    public function hasRole(string $role): bool

    {

        $role = Roles::getByAppName($role, $this->defaultCompany);

The method Gewaer\Models\Roles::getByAppName() is not static, but was called statically.

        if (!$role) {

$role is of type Gewaer\Models\Roles, thus it always evaluated to true.

            throw new ServerErrorHttpException('Role not found in DB');

        }


        $userRole = UserRoles::findFirst([

            'conditions' => 'users_id = ?0 and roles_id = ?1 and apps_id = ?2 and company_id = ?3',

            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->default_company]

        ]);


        if ($userRole) {

$userRole is of type Phalcon\Mvc\Model, thus it always evaluated to true.

            return true;

        }


        return false;

    }


    /**

     * At this current system / app can you do this?

     *

     * Example: resource.action

     *  Leads.add || leads.updates || lead.delete

     *

     * @param string $action

     * @return boolean

     */

    public function can(string $action): bool

    {

        //get current role for this company App.Role

        // Section.Action

        //action is going to be resource.action so we need to explode it


        $userRole = UserRoles::findFirst([

            'conditions' => 'users_id = ?0 and apps_id in ( ?1, ?2) and company_id = ?3',

            'bind' => [$this->getId(), $this->di->getConfig()->app->id, Roles::DEFAULT_ACL_APP_ID, $this->default_company]

        ]);


        if (!$userRole) {

$userRole is of type Phalcon\Mvc\Model, thus it always evaluated to true.

            throw new ServerErrorHttpException('ACL - You dont have acces to this role for this app ');

        }


        //if we find the . then les

        if (strpos($action, '.') == false) {

It seems like you are loosely comparing strpos($action, '.') of type integer to the boolean false. If you are specifically checking for 0, consider using something more explicit like === 0 instead.

            throw new ServerErrorHttpException('ACL - We are expecting the resource for this action');

        }


        $action = explode('.', $action);

        $resource = $action[0];

        $action = $action[1];

        $app = $userRole->app->name;

The property name does not seem to exist on Phalcon\Mvc\Model\Resultset.

        return $this->di->getAcl()->isAllowed($userRole->roles->name, ucfirst($app) . '.' . $resource, $action);

    }

}