Issues in AclMiddleware.php - New Issues - Inspection of "update jwt for swoole" - bakaphp/phalcon-api - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#82)

by Maximo

created 2019-04-19 23:29 UTC

library/Middleware/AclMiddleware.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

declare(strict_types=1);

namespace Gewaer\Middleware;

use Phalcon\Mvc\Micro;
use Phalcon\Mvc\Micro\MiddlewareInterface;
use Gewaer\Exception\ServerErrorHttpException;
use Gewaer\Exception\PermissionException;
use Gewaer\Models\Subscription;

/**
 * Class AclMiddleware.
 *
 * @package Gewaer\Middleware
 */
class AclMiddleware extends TokenBase
{
    /**
     * Call me.
     *
     * @param Micro $api
     * @todo need to check section for auth here
     * @return bool
     */
    public function call(Micro $api)
    {
        $router = $api->getService('router');
        $request = $api->getService('request');

        if ($this->isValidCheck($request, $api)) {
            // explode() by / , postiion #1 is always the controller , so its the resource ^.^
            $matchRouter = explode('/', $router->getMatchedRoute()->getCompiledPattern());

            $resource = ucfirst(isset($matchRouter[2]) ? $matchRouter[2] : $matchRouter[1]); //2 is alwasy the controller of the router
            $userData = $api->getService('userData');

            $action = null;
            // GET -> read
            // PUT -> update
            // DELETE -> delete
            // POST -> create

            if (!Subscription::getPaymentStatus()) {
                throw new ServerErrorHttpException('Subscription is not active.Please contact your admin');
            }

            switch (strtolower($request->getMethod())) {
                case 'get':
                    $action = 'list';
                    if (preg_match("/\/([0-9]+)(?=[^\/]*$)/", $request->getURI())) {
                    if (preg_match("/\/([0-9]+)(?=[^\/]*$)/", $request->/** @scrutinizer ignore-call */ getURI())) {
                        $action = 'read';
                    }
                    break;
                case 'post':
                    $action = 'create';
                    break;
                case 'delete':
                    $action = 'delete';
                    break;
                case 'put':
                case 'patch':
                    $action = 'update';
                    break;
                default:
                    throw new ServerErrorHttpException('No Permission define for this action');
                break;
            }
            //do you have permision
            if (!$userData->can($resource . '.' . $action)) {
                throw new PermissionException('You dont have permission to run this action ' . $action . ' at ' . $resource);
            }
        }

        return true;
    }
}


bakaphp / phalcon-api

Pull Request — master (#82)

library/Middleware/AclMiddleware.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like