Issues in notebookapicontroller.php - Failed Issues - Inspection of "Backend update" - brantje/nextnote - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#72)

by Sander

created 2018-04-10 20:02 UTC

controller/notebookapicontroller.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Nextcloud - NextNote
 *
 * @copyright Copyright (c) 2015, Ben Curtis <[email protected]>
 * @copyright Copyright (c) 2017, Sander Brand ([email protected])
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\NextNote\Controller;

use OCA\NextNote\Db\Notebook;
use OCA\NextNote\Fixtures\ShareFix;
use OCA\NextNote\Service\NotebookService;
use OCA\NextNote\Service\NoteService;
use OCA\NextNote\ShareBackend\NextNoteShareBackend;
use OCA\NextNote\Utility\NotFoundJSONResponse;
use OCA\NextNote\Utility\UnauthorizedJSONResponse;
use OCA\NextNote\Utility\Utils;
use \OCP\AppFramework\ApiController;
use OCP\AppFramework\Http\JSONResponse;
use OCP\Constants;
use OCP\IConfig;
use OCP\ILogger;
use \OCP\IRequest;
use OCP\IUserManager;
use OCP\Share;


class NotebookApiController extends ApiController {

	private $config;
	private $groupService;
	private $shareBackend;
	private $userManager;

	public function __construct($appName, IRequest $request,
								ILogger $logger, IConfig $config, NotebookService $noteService, NextNoteShareBackend $shareBackend, IUserManager $userManager) {
		parent::__construct($appName, $request);
		$this->config = $config;
		$this->groupService = $noteService;
		$this->shareBackend = $shareBackend;
		$this->userManager = $userManager;
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @TODO Add etag / lastmodified
	 * @param int|bool $deleted
	 * @param string|bool $group
	 * @return JSONResponse
	 */
	public function index($deleted = false, $notebook_id = false) {
		$uid = \OC::$server->getUserSession()->getUser()->getUID();
		$results = $this->groupService->find($notebook_id, $uid, $deleted);


		return new JSONResponse($results);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @TODO Add etag / lastmodified
	 */
	public function get($id) {
		$result = $this->groupService->find($id);
		if (!$result) {
			return new NotFoundJSONResponse();
		}
		//@todo Check access
		$result = $result->jsonSerialize();
		return new JSONResponse($result);
	}


	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 */
	public function create($name, $color, $parent_id) {
		if ($name == "" || !$name) {
			return new JSONResponse(['error' => 'name is missing']);
		}
		$group = [
			'parent_id' => $parent_id,
			'name' => $name,
			'color' => $color,
			'guid' => Utils::GUID()
		];

		if($this->groupService->findByName($name)){
			return new JSONResponse(['error' => 'Group already exists']);
		}

		$uid = \OC::$server->getUserSession()->getUser()->getUID();
		$result = $this->groupService->create($group, $uid)->jsonSerialize();
		\OC_Hook::emit('OCA\NextNote', 'post_create_group', ['group' => $group]);
		return new JSONResponse($result);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 */
	public function update($id, $name, $color, $parent_id) {
		if ($name == "" || !$name) {
			return new JSONResponse(['error' => 'title is missing']);
		}


		$group = [
			'parent_id' => $parent_id,
			'name' => $name,
			'color' => $color,
		];
		//@TODO for sharing add access check
		$entity = $this->groupService->find($id);
		if (!$entity) {
			return new NotFoundJSONResponse();
		}


		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_UPDATE, $entity)) {
			return new UnauthorizedJSONResponse();
		}

		$results = $this->groupService->update($group)->jsonSerialize();
		\OC_Hook::emit('OCA\NextNote', 'post_update_group', ['group' => $group]);
		return new JSONResponse($results);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 */
	public function delete($id) {
		$entity = $this->groupService->find($id);
		if (!$entity) {
			return new NotFoundJSONResponse();
		}

		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_DELETE, $entity)) {
			return new UnauthorizedJSONResponse();
		}

		$this->groupService->delete($id);
		$result = (object)['success' => true];
		\OC_Hook::emit('OCA\NextNote', 'post_delete_group', ['group_id' => $id]);
		return new JSONResponse($result);
	}
}


1		<?php
2		/**
3		* Nextcloud - NextNote
4		*
5		* @copyright Copyright (c) 2015, Ben Curtis <[email protected]>
6		* @copyright Copyright (c) 2017, Sander Brand ([email protected])
7		* @license GNU AGPL version 3 or any later version
8		*
9		* This program is free software: you can redistribute it and/or modify
10		* it under the terms of the GNU Affero General Public License as
11		* published by the Free Software Foundation, either version 3 of the
12		* License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU Affero General Public License for more details.
18		*
19		* You should have received a copy of the GNU Affero General Public License
20		* along with this program. If not, see <http://www.gnu.org/licenses/>.
21		*
22		*/
23
24		namespace OCA\NextNote\Controller;
25
26		use OCA\NextNote\Db\Notebook;
27		use OCA\NextNote\Fixtures\ShareFix;
28		use OCA\NextNote\Service\NotebookService;
29		use OCA\NextNote\Service\NoteService;
30		use OCA\NextNote\ShareBackend\NextNoteShareBackend;
31		use OCA\NextNote\Utility\NotFoundJSONResponse;
32		use OCA\NextNote\Utility\UnauthorizedJSONResponse;
33		use OCA\NextNote\Utility\Utils;
34		use \OCP\AppFramework\ApiController;
35		use OCP\AppFramework\Http\JSONResponse;
36		use OCP\Constants;
37		use OCP\IConfig;
38		use OCP\ILogger;
39		use \OCP\IRequest;
40		use OCP\IUserManager;
41		use OCP\Share;
42
43
44		class NotebookApiController extends ApiController {
45
46		private $config;
47		private $groupService;
48		private $shareBackend;
49		private $userManager;
50
51		public function __construct($appName, IRequest $request,
52		ILogger $logger, IConfig $config, NotebookService $noteService, NextNoteShareBackend $shareBackend, IUserManager $userManager) {
53		parent::__construct($appName, $request);
54		$this->config = $config;
55		$this->groupService = $noteService;
56		$this->shareBackend = $shareBackend;
57		$this->userManager = $userManager;
58		}
59
60		/**
61		* @NoAdminRequired
62		* @NoCSRFRequired
63		* @TODO Add etag / lastmodified
64		* @param int\|bool $deleted
65		* @param string\|bool $group
66		* @return JSONResponse
67		*/
68		public function index($deleted = false, $notebook_id = false) {
69		$uid = \OC::$server->getUserSession()->getUser()->getUID();
70		$results = $this->groupService->find($notebook_id, $uid, $deleted);
		0 ignored issues – show Bug introduced 2018-04-10 20:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$deleted` defined by parameter `$deleted` on line 68 can also be of type `integer`; however, `OCA\NextNote\Service\NotebookService::find()` does only seem to accept `boolean`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
71
72		return new JSONResponse($results);
73		}
74
75		/**
76		* @NoAdminRequired
77		* @NoCSRFRequired
78		* @TODO Add etag / lastmodified
79		*/
80		public function get($id) {
81		$result = $this->groupService->find($id);
82		if (!$result) {
83		return new NotFoundJSONResponse();
84		}
85		//@todo Check access
86		$result = $result->jsonSerialize();
87		return new JSONResponse($result);
88		}
89
90
91		/**
92		* @NoAdminRequired
93		* @NoCSRFRequired
94		*/
95		public function create($name, $color, $parent_id) {
96		if ($name == "" \|\| !$name) {
97		return new JSONResponse(['error' => 'name is missing']);
98		}
99		$group = [
100		'parent_id' => $parent_id,
101		'name' => $name,
102		'color' => $color,
103		'guid' => Utils::GUID()
104		];
105
106		if($this->groupService->findByName($name)){
107		return new JSONResponse(['error' => 'Group already exists']);
108		}
109
110		$uid = \OC::$server->getUserSession()->getUser()->getUID();
111		$result = $this->groupService->create($group, $uid)->jsonSerialize();
112		\OC_Hook::emit('OCA\NextNote', 'post_create_group', ['group' => $group]);
113		return new JSONResponse($result);
114		}
115
116		/**
117		* @NoAdminRequired
118		* @NoCSRFRequired
119		*/
120		public function update($id, $name, $color, $parent_id) {
121		if ($name == "" \|\| !$name) {
122		return new JSONResponse(['error' => 'title is missing']);
123		}
124
125
126		$group = [
127		'parent_id' => $parent_id,
128		'name' => $name,
129		'color' => $color,
130		];
131		//@TODO for sharing add access check
132		$entity = $this->groupService->find($id);
133		if (!$entity) {
134		return new NotFoundJSONResponse();
135		}
136
137
138		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_UPDATE, $entity)) {
139		return new UnauthorizedJSONResponse();
140		}
141
142		$results = $this->groupService->update($group)->jsonSerialize();
143		\OC_Hook::emit('OCA\NextNote', 'post_update_group', ['group' => $group]);
144		return new JSONResponse($results);
145		}
146
147		/**
148		* @NoAdminRequired
149		* @NoCSRFRequired
150		*/
151	View Code Duplication	public function delete($id) {
152		$entity = $this->groupService->find($id);
153		if (!$entity) {
154		return new NotFoundJSONResponse();
155		}
156
157		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_DELETE, $entity)) {
158		return new UnauthorizedJSONResponse();
159		}
160
161		$this->groupService->delete($id);
162		$result = (object)['success' => true];
163		\OC_Hook::emit('OCA\NextNote', 'post_delete_group', ['group_id' => $id]);
164		return new JSONResponse($result);
165		}
166		}
167

brantje / nextnote

Pull Request — master (#72)

controller/notebookapicontroller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like