Access   A
last analyzed

Complexity

Total Complexity 22

Size/Duplication

Total Lines 124
Duplicated Lines 0 %

Coupling/Cohesion

Components 1
Dependencies 7

Test Coverage

Coverage 100%

Importance

Changes 0
Metric Value
dl 0
loc 124
ccs 43
cts 43
cp 1
rs 10
c 0
b 0
f 0
wmc 22
lcom 1
cbo 7

5 Methods

Rating   Name   Duplication   Size   Complexity  
A getAccessControlFilter() 0 40 1
B checkAccess() 0 17 7
A checkAccessUsers() 0 10 3
B checkAccessRoles() 0 19 8
A checkAccessIps() 0 10 3
1
<?php
2
3
namespace bedezign\yii2\audit\components;
4
5
use bedezign\yii2\audit\Audit;
6
use Yii;
7
use yii\base\Component;
8
use yii\di\Instance;
9
use yii\filters\AccessControl;
10
use yii\helpers\ArrayHelper;
11
use yii\web\User;
12
13
class Access extends Component
14
{
15
16
    /**
17
     * @return array
18
     */
19 42
    public static function getAccessControlFilter()
20
    {
21
        return [
22 42
            'class' => AccessControl::className(),
23 42
            'rules' => [['allow' => self::checkAccess()]]
24 42
        ];
25
26
        /*
27
        $audit = Audit::getInstance();
28
        if ($audit->accessUsers === null && $audit->accessRoles === null && $audit->accessIps === null) {
29
            // No user authentication active, skip adding the filter
30
            return [
31
                'class' => \yii\filters\AccessControl::className(),
32
                'rules' => [['allow' => true]]
33
            ];
34
        }
35
36
        $rule = ['allow' => 'allow'];
37
38
        if (!empty($audit->accessIps)) {
39
            // Add allowed ips
40
            $rule['ips'] = $audit->accessIps;
41
        }
42
43
        if (!empty($audit->accessRoles)) {
44
            // Add allowed roles
45
            $rule['roles'] = $audit->accessRoles;
46
        }
47
48
        if (!empty($audit->accessUsers)) {
49
            $users = $audit->accessUsers;
50
            // Specific users only? Use callback
51
            $rule['matchCallback'] = function () use ($users) {
52
                return in_array(Yii::$app->user->id, $users);
53
            };
54
        }
55
56
        return ['class' => \yii\filters\AccessControl::className(), 'rules' => [$rule]];
57
        */
58
    }
59
60
    /**
61
     * Check if the current user has access to the audit functionality
62
     * @return bool
63
     */
64 75
    public static function checkAccess()
65
    {
66 75
        $audit = Audit::getInstance();
67 75
        if ($audit->accessIps === null && $audit->accessRoles === null && $audit->accessUsers === null) {
68 45
            return true;
69
        }
70 30
        if (self::checkAccessIps($audit->accessIps)) {
71 3
            return true;
72
        }
73 27
        if (self::checkAccessRoles($audit->accessRoles)) {
74 9
            return true;
75
        }
76 18
        if (self::checkAccessUsers($audit->accessUsers)) {
77 3
            return true;
78
        }
79 15
        return false;
80
    }
81
82
    /**
83
     * @param array $users
84
     * @return bool
85
     */
86 18
    private static function checkAccessUsers($users)
87
    {
88 18
        if (!empty($users)) {
89 6
            $users = ArrayHelper::toArray($users);
90 6
            if (in_array(Yii::$app->user->id, $users)) {
91 3
                return true;
92
            }
93 3
        }
94 15
        return false;
95
    }
96
97
    /**
98
     * @param array $roles
99
     * @return bool
100
     */
101 27
    private static function checkAccessRoles($roles)
102
    {
103 27
        if (empty($roles)) {
104 9
            return false;
105
        }
106
        /** @var User $user */
107 18
        $user = Instance::ensure('user', User::className());
108 18
        $roles = ArrayHelper::toArray($roles);
109 18
        foreach ($roles as $role) {
110 18
            if ($role === '?' && $user->getIsGuest()) {
111 3
                return true;
112 15
            } elseif ($role === '@' && !$user->getIsGuest()) {
113 3
                return true;
114 12
            } elseif ($user->can($role)) {
115 3
                return true;
116
            }
117 9
        }
118 9
        return false;
119
    }
120
121
    /**
122
     * @param array $ips
123
     * @return bool
124
     */
125 30
    private static function checkAccessIps($ips)
126
    {
127 30
        if (!empty($ips)) {
128 6
            $ips = ArrayHelper::toArray($ips);
129 6
            if (in_array(Yii::$app->request->getUserIP(), $ips)) {
130 3
                return true;
131
            }
132 3
        }
133 27
        return false;
134
    }
135
136
}