SecurityManager - Code Metrics - Inspection of "Some minor bugfixes for newinternal" - enwikipedia-acc/waca - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — newinternal (#285)

by Simon

created 2017-03-11 17:09 UTC

SecurityManager A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	83
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	4

Test Coverage

Coverage

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
dl	0
loc	83
ccs	0
cts	38
cp	0
rs	10
c	1
b	0
f	0
wmc	16
lcom	1
cbo	4

4 Methods

Rating	Name	Size	Complexity
A	__construct()	6	1
A	configure()	4	1
A	test()	13	3
C	allows()	22	11

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 *                                                                            *
 * All code in this file is released into the public domain by the ACC        *
 * Development Team. Please see team.json for a list of contributors.         *
 ******************************************************************************/

namespace Waca\Security;

use Waca\DataObjects\User;
use Waca\Exceptions\AccessDeniedException;
use Waca\IdentificationVerifier;

final class SecurityManager
{
    /** @var IdentificationVerifier */
    private $identificationVerifier;
    /** @var SecurityConfigurationFactory */
    private $securityConfigurationFactory;

    /**
     * SecurityManager constructor.
     *
     * @param IdentificationVerifier $identificationVerifier
     * @param bool                   $forceIdentification
     */
    public function __construct(IdentificationVerifier $identificationVerifier, $forceIdentification)
    {
        $this->identificationVerifier = $identificationVerifier;

        $this->securityConfigurationFactory = new SecurityConfigurationFactory($forceIdentification);
    }

    public function configure()
    {
        return $this->securityConfigurationFactory;
    }

    /**
     * @param $value
     * @param $filter
     *
     * @return bool
     * @throws AccessDeniedException
     * @category Security-Critical
     */
    private function test($value, $filter)
    {
        if (!$filter) {
            return false;
        }

        if ($value == SecurityConfiguration::DENY) {
            // FILE_NOT_FOUND...?
            throw new AccessDeniedException();
        }

        return $value === SecurityConfiguration::ALLOW;
    }

    /**
     * Tests if a user is allowed to perform an action.
     *
     * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
     * that a user should have access to something.
     *
     * @param SecurityConfiguration $config
     * @param User                  $user
     *
     * @return bool
     *
     * @category Security-Critical
     */
    public function allows(SecurityConfiguration $config, User $user)
    {
        if ($config->requiresIdentifiedUser() && !$user->isCommunityUser() && !$user->isIdentified($this->identificationVerifier)) {

            return false;
        }

        try {
            $allowed = $this->test($config->getAdmin(), $user->isAdmin())
                || $this->test($config->getUser(), $user->isUser())
                || $this->test($config->getCommunity(), $user->isCommunityUser())
                || $this->test($config->getSuspended(), $user->isSuspended())
                || $this->test($config->getDeclined(), $user->isDeclined())
                || $this->test($config->getNew(), $user->isNewUser())
                || $this->test($config->getCheckuser(), $user->isCheckuser());

            return $allowed;
        }
        catch (AccessDeniedException $ex) {
            // something is set to deny.
            return false;
        }
    }
}

1			<?php
2			/******************************************************************************
3			* Wikipedia Account Creation Assistance tool *
4			* *
5			* All code in this file is released into the public domain by the ACC *
6			* Development Team. Please see team.json for a list of contributors. *
7			******************************************************************************/
8
9			namespace Waca\Security;
10
11			use Waca\DataObjects\User;
12			use Waca\Exceptions\AccessDeniedException;
13			use Waca\IdentificationVerifier;
14
15			final class SecurityManager
16			{
17			/** @var IdentificationVerifier */
18			private $identificationVerifier;
19			/** @var SecurityConfigurationFactory */
20			private $securityConfigurationFactory;
21
22			/**
23			* SecurityManager constructor.
24			*
25			* @param IdentificationVerifier $identificationVerifier
26			* @param bool $forceIdentification
27			*/
28			public function __construct(IdentificationVerifier $identificationVerifier, $forceIdentification)
29			{
30			$this->identificationVerifier = $identificationVerifier;
31
32			$this->securityConfigurationFactory = new SecurityConfigurationFactory($forceIdentification);
33			}
34
35			public function configure()
36			{
37			return $this->securityConfigurationFactory;
38			}
39
40			/**
41			* @param $value
42			* @param $filter
43			*
44			* @return bool
45			* @throws AccessDeniedException
46			* @category Security-Critical
47			*/
48			private function test($value, $filter)
49			{
50			if (!$filter) {
51			return false;
52			}
53
54			if ($value == SecurityConfiguration::DENY) {
55			// FILE_NOT_FOUND...?
56			throw new AccessDeniedException();
57			}
58
59			return $value === SecurityConfiguration::ALLOW;
60			}
61
62			/**
63			* Tests if a user is allowed to perform an action.
64			*
65			* This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
66			* that a user should have access to something.
67			*
68			* @param SecurityConfiguration $config
69			* @param User $user
70			*
71			* @return bool
72			*
73			* @category Security-Critical
74			*/
75			public function allows(SecurityConfiguration $config, User $user)
76			{
77			if ($config->requiresIdentifiedUser() && !$user->isCommunityUser() && !$user->isIdentified($this->identificationVerifier)) {
			0 ignored issues – show Coding Style introduced 2016-03-25 00:17 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 132 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
78			return false;
79			}
80
81			try {
82			$allowed = $this->test($config->getAdmin(), $user->isAdmin())
83			\|\| $this->test($config->getUser(), $user->isUser())
84			\|\| $this->test($config->getCommunity(), $user->isCommunityUser())
85			\|\| $this->test($config->getSuspended(), $user->isSuspended())
86			\|\| $this->test($config->getDeclined(), $user->isDeclined())
87			\|\| $this->test($config->getNew(), $user->isNewUser())
88			\|\| $this->test($config->getCheckuser(), $user->isCheckuser());
89
90			return $allowed;
91			}
92			catch (AccessDeniedException $ex) {
93			// something is set to deny.
94			return false;
95			}
96			}
97			}

enwikipedia-acc / waca

Pull Request — newinternal (#285)

SecurityManager A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

4 Methods

Duplication Side-by-Side

Filter issues like