Issues in notebookapicontroller.php - Failed Issues - Inspection of "Backend update" - brantje/nextnote - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#72)

by Sander

created 2018-04-10 20:30 UTC

controller/notebookapicontroller.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Nextcloud - NextNote
 *
 * @copyright Copyright (c) 2015, Ben Curtis <[email protected]>
 * @copyright Copyright (c) 2017, Sander Brand ([email protected])
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\NextNote\Controller;

use OCA\NextNote\Db\Notebook;
use OCA\NextNote\Fixtures\ShareFix;
use OCA\NextNote\Service\NotebookService;
use OCA\NextNote\Service\NoteService;
use OCA\NextNote\ShareBackend\NextNoteShareBackend;
use OCA\NextNote\Utility\NotFoundJSONResponse;
use OCA\NextNote\Utility\UnauthorizedJSONResponse;
use OCA\NextNote\Utility\Utils;
use \OCP\AppFramework\ApiController;
use OCP\AppFramework\Http\JSONResponse;
use OCP\Constants;
use OCP\IConfig;
use OCP\ILogger;
use \OCP\IRequest;
use OCP\IUserManager;
use OCP\Share;


class NotebookApiController extends ApiController {

	private $config;
	private $groupService;
	private $shareBackend;
	private $userManager;

	public function __construct($appName, IRequest $request,
								ILogger $logger, IConfig $config, NotebookService $noteService, NextNoteShareBackend $shareBackend, IUserManager $userManager) {
		parent::__construct($appName, $request);
		$this->config = $config;
		$this->groupService = $noteService;
		$this->shareBackend = $shareBackend;
		$this->userManager = $userManager;
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @TODO Add etag / lastmodified
	 * @param int|bool $deleted
	 * @param int|bool $notebook_id
	 * @return JSONResponse
	 * @internal param bool|string $group
	 */
	public function index($deleted = false, $notebook_id = false) {
		$uid = \OC::$server->getUserSession()->getUser()->getUID();
		$results = $this->groupService->find($notebook_id, $uid, $deleted);


		return new JSONResponse($results);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @TODO Add etag / lastmodified
	 * @param $id
	 * @return NotFoundJSONResponse|JSONResponse
	 */
	public function get($id) {
		$result = $this->groupService->find($id);
		if (!$result) {
			return new NotFoundJSONResponse();
		}
		//@todo Check access
		$result = $result->jsonSerialize();
		return new JSONResponse($result);
	}


	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @param $name
	 * @param $color
	 * @param $parent_id
	 * @return JSONResponse
	 */
	public function create($name, $color, $parent_id) {
		if ($name == "" || !$name) {
			return new JSONResponse(['error' => 'name is missing']);
		}
		$group = [
			'parent_id' => $parent_id,
			'name' => $name,
			'color' => $color,
			'guid' => Utils::GUID()
		];

		if($this->groupService->findByName($name)){
			return new JSONResponse(['error' => 'Group already exists']);
		}

		$uid = \OC::$server->getUserSession()->getUser()->getUID();
		$result = $this->groupService->create($group, $uid)->jsonSerialize();
		\OC_Hook::emit('OCA\NextNote', 'post_create_group', ['group' => $group]);
		return new JSONResponse($result);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @param $id
	 * @param $name
	 * @param $color
	 * @param $parent_id
	 * @return NotFoundJSONResponse|UnauthorizedJSONResponse|JSONResponse
	 */
	public function update($id, $name, $color, $parent_id) {
		if ($name == "" || !$name) {
			return new JSONResponse(['error' => 'title is missing']);
		}


		$group = [
			'parent_id' => $parent_id,
			'name' => $name,
			'color' => $color,
		];
		//@TODO for sharing add access check
		$entity = $this->groupService->find($id);
		if (!$entity) {
			return new NotFoundJSONResponse();
		}


		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_UPDATE, $entity)) {
			return new UnauthorizedJSONResponse();
		}

		$results = $this->groupService->update($group)->jsonSerialize();
		\OC_Hook::emit('OCA\NextNote', 'post_update_group', ['group' => $group]);
		return new JSONResponse($results);
	}

	/**
	 * @NoAdminRequired
	 * @NoCSRFRequired
	 * @param $id
	 * @return NotFoundJSONResponse|UnauthorizedJSONResponse|JSONResponse
	 */
	public function delete($id) {
		$entity = $this->groupService->find($id);
		if (!$entity) {
			return new NotFoundJSONResponse();
		}

		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_DELETE, $entity)) {
			return new UnauthorizedJSONResponse();
		}

		$this->groupService->delete($id);
		$result = (object)['success' => true];
		\OC_Hook::emit('OCA\NextNote', 'post_delete_group', ['group_id' => $id]);
		return new JSONResponse($result);
	}
}


1		<?php
2		/**
3		* Nextcloud - NextNote
4		*
5		* @copyright Copyright (c) 2015, Ben Curtis <[email protected]>
6		* @copyright Copyright (c) 2017, Sander Brand ([email protected])
7		* @license GNU AGPL version 3 or any later version
8		*
9		* This program is free software: you can redistribute it and/or modify
10		* it under the terms of the GNU Affero General Public License as
11		* published by the Free Software Foundation, either version 3 of the
12		* License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU Affero General Public License for more details.
18		*
19		* You should have received a copy of the GNU Affero General Public License
20		* along with this program. If not, see <http://www.gnu.org/licenses/>.
21		*
22		*/
23
24		namespace OCA\NextNote\Controller;
25
26		use OCA\NextNote\Db\Notebook;
27		use OCA\NextNote\Fixtures\ShareFix;
28		use OCA\NextNote\Service\NotebookService;
29		use OCA\NextNote\Service\NoteService;
30		use OCA\NextNote\ShareBackend\NextNoteShareBackend;
31		use OCA\NextNote\Utility\NotFoundJSONResponse;
32		use OCA\NextNote\Utility\UnauthorizedJSONResponse;
33		use OCA\NextNote\Utility\Utils;
34		use \OCP\AppFramework\ApiController;
35		use OCP\AppFramework\Http\JSONResponse;
36		use OCP\Constants;
37		use OCP\IConfig;
38		use OCP\ILogger;
39		use \OCP\IRequest;
40		use OCP\IUserManager;
41		use OCP\Share;
42
43
44		class NotebookApiController extends ApiController {
45
46		private $config;
47		private $groupService;
48		private $shareBackend;
49		private $userManager;
50
51		public function __construct($appName, IRequest $request,
52		ILogger $logger, IConfig $config, NotebookService $noteService, NextNoteShareBackend $shareBackend, IUserManager $userManager) {
53		parent::__construct($appName, $request);
54		$this->config = $config;
55		$this->groupService = $noteService;
56		$this->shareBackend = $shareBackend;
57		$this->userManager = $userManager;
58		}
59
60		/**
61		* @NoAdminRequired
62		* @NoCSRFRequired
63		* @TODO Add etag / lastmodified
64		* @param int\|bool $deleted
65		* @param int\|bool $notebook_id
66		* @return JSONResponse
67		* @internal param bool\|string $group
68		*/
69		public function index($deleted = false, $notebook_id = false) {
70		$uid = \OC::$server->getUserSession()->getUser()->getUID();
71		$results = $this->groupService->find($notebook_id, $uid, $deleted);
		0 ignored issues – show Bug introduced 2018-04-10 20:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$deleted` defined by parameter `$deleted` on line 69 can also be of type `integer`; however, `OCA\NextNote\Service\NotebookService::find()` does only seem to accept `boolean`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
72
73		return new JSONResponse($results);
74		}
75
76		/**
77		* @NoAdminRequired
78		* @NoCSRFRequired
79		* @TODO Add etag / lastmodified
80		* @param $id
81		* @return NotFoundJSONResponse\|JSONResponse
82		*/
83		public function get($id) {
84		$result = $this->groupService->find($id);
85		if (!$result) {
86		return new NotFoundJSONResponse();
87		}
88		//@todo Check access
89		$result = $result->jsonSerialize();
90		return new JSONResponse($result);
91		}
92
93
94		/**
95		* @NoAdminRequired
96		* @NoCSRFRequired
97		* @param $name
98		* @param $color
99		* @param $parent_id
100		* @return JSONResponse
101		*/
102		public function create($name, $color, $parent_id) {
103		if ($name == "" \|\| !$name) {
104		return new JSONResponse(['error' => 'name is missing']);
105		}
106		$group = [
107		'parent_id' => $parent_id,
108		'name' => $name,
109		'color' => $color,
110		'guid' => Utils::GUID()
111		];
112
113		if($this->groupService->findByName($name)){
114		return new JSONResponse(['error' => 'Group already exists']);
115		}
116
117		$uid = \OC::$server->getUserSession()->getUser()->getUID();
118		$result = $this->groupService->create($group, $uid)->jsonSerialize();
119		\OC_Hook::emit('OCA\NextNote', 'post_create_group', ['group' => $group]);
120		return new JSONResponse($result);
121		}
122
123		/**
124		* @NoAdminRequired
125		* @NoCSRFRequired
126		* @param $id
127		* @param $name
128		* @param $color
129		* @param $parent_id
130		* @return NotFoundJSONResponse\|UnauthorizedJSONResponse\|JSONResponse
131		*/
132		public function update($id, $name, $color, $parent_id) {
133		if ($name == "" \|\| !$name) {
134		return new JSONResponse(['error' => 'title is missing']);
135		}
136
137
138		$group = [
139		'parent_id' => $parent_id,
140		'name' => $name,
141		'color' => $color,
142		];
143		//@TODO for sharing add access check
144		$entity = $this->groupService->find($id);
145		if (!$entity) {
146		return new NotFoundJSONResponse();
147		}
148
149
150		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_UPDATE, $entity)) {
151		return new UnauthorizedJSONResponse();
152		}
153
154		$results = $this->groupService->update($group)->jsonSerialize();
155		\OC_Hook::emit('OCA\NextNote', 'post_update_group', ['group' => $group]);
156		return new JSONResponse($results);
157		}
158
159		/**
160		* @NoAdminRequired
161		* @NoCSRFRequired
162		* @param $id
163		* @return NotFoundJSONResponse\|UnauthorizedJSONResponse\|JSONResponse
164		*/
165	View Code Duplication	public function delete($id) {
166		$entity = $this->groupService->find($id);
167		if (!$entity) {
168		return new NotFoundJSONResponse();
169		}
170
171		if (!$this->shareBackend->checkPermissions(Constants::PERMISSION_DELETE, $entity)) {
172		return new UnauthorizedJSONResponse();
173		}
174
175		$this->groupService->delete($id);
176		$result = (object)['success' => true];
177		\OC_Hook::emit('OCA\NextNote', 'post_delete_group', ['group_id' => $id]);
178		return new JSONResponse($result);
179		}
180		}
181

brantje / nextnote

Pull Request — master (#72)

controller/notebookapicontroller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like